# Computer Really Slow



## Sboutte (Jul 2, 2012)

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Intel Celeron processor, x86 Family 6 Model 22 Stepping 1
Processor Count: 1
RAM: 2039 Mb
Graphics Card: Intel(R) 82945G Express Chipset Family, 128 Mb
Hard Drives: C: Total - 71939 MB, Free - 35378 MB; D: Total - 4368 MB, Free - 1752 MB;
Motherboard: ELITEGROUP, 945GCT-M3
Antivirus: Microsoft Security Essentials, Updated: Yes, On-Demand Scanner: Enabled

Since I'm running xp I have been messing around trying to get LinuxMint DVD burnt and had to download IMGBurn, linuxMint, iso recorder and been doing searches a lot to try to figure out what I'm doing. I got a lot of programs installed to my computer that I don't remember. Maybe they were part of a package, I don't know. But computer is running really slow, has trouble opening the desktop, takes forever! When I try to opn a folder the detail part is blank or may go blank when I try to scroll.

HJT

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:56:54 PM, on 3/31/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CSHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AVG SafeGuard toolbar\vprot.exe
C:\Program Files\Yahoo!\Search Protection\YspService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DriverUpdate\DriverUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\18.0.5\ScriptHelper.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&...GyB0AtC0DtD0BzzyC0EtCyByE2Q&cr=1296096663&ir=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&...GyB0AtC0DtD0BzzyC0EtCyByE2Q&cr=1296096663&ir=
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG SafeGuard toolbar\vprot.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\YspService.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe"
O4 - HKCU\..\Run: [DriverUpdate] "C:\Program Files\DriverUpdate\DriverUpdate.exe" -boot
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll
O20 - AppInit_DLLs: 
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Update Mega Browse - Unknown owner - C:\Program Files\Mega Browse\updateMegaBrowse.exe (file missing)
O23 - Service: Util Laflurla - Unknown owner - C:\Program Files\Laflurla\bin\utilLaflurla.exe (file missing)
O23 - Service: vToolbarUpdater18.0.5 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9049 bytes

Attach.txct

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/7/2009 1:29:30 PM
System Uptime: 3/31/2014 12:15:27 PM (1 hours ago)
.
Motherboard: ELITEGROUP | | 945GCT-M3
Processor: Intel Celeron processor | Socket 775 | 1599/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 34.545 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 1.711 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP735: 3/28/2014 6:24:28 PM - Software Distribution Service 3.0
RP736: 3/29/2014 8:34:57 AM - Removed HiJackThis
RP737: 3/29/2014 11:12:46 AM - Installed Windows 7 Upgrade Advisor
RP738: 3/30/2014 9:51:09 AM - Software Distribution Service 3.0
RP739: 3/30/2014 12:20:35 PM - Installed ISO Recorder
RP740: 3/30/2014 4:05:50 PM - Removed Windows 7 Upgrade Advisor
RP741: 3/31/2014 10:31:49 AM - Software Distribution Service 3.0
RP742: 3/31/2014 11:16:22 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Reader XI (11.0.06)
Adobe SVG Viewer 3.0
AIO_Scan
Amazon Kindle
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Software Update
AVG SafeGuard toolbar
Bejeweled 2 Deluxe
Big Fish: Game Manager
Boatload of Crosswords
Bonjour
BufferChm
CCScore
Copy
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DJ_AIO_Software
DJ_AIO_Software_min
DriverUpdate
DVD Suite
eMachines Connect
eMachines Games
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
eSupportQFolder
F2100_doccd
fflink
File Type Assistant
Free File Viewer 2014
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.0.0
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 9.0
HP Deskjet All-In-One Software 9.0
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Product Assistant
HP Solution Center 9.0
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
ImgBurn
Intel(R) Graphics Media Accelerator Driver
Internet Explorer (Enable DEP)
ISO Recorder
Itibiti RTC
Java Auto Updater
Java(TM) 6 Update 29
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KSU
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Automated Troubleshooting Services Shim
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Fix it Center
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money Plus
Microsoft Money Shared Libraries
Microsoft National Language Support Downlevel APIs
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft UI Engine
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Works
Microsoft WSE 2.0 SP3 Runtime
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
netbrdg
Notifier
OfotoXMI
Passport to Paradise
PSSWCORE
Realtek High Definition Audio Driver
Recovery Software Suite eMachines
Risk
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2909921)
Security Update for Windows Internet Explorer 8 (KB2925418)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SFR
SHASTA
skin0001
SKINXSDK
Soft Data Fax Modem with SmartCP
Solar Fire Gold
Solar Spark v2.2
SolutionCenter
Speccy
staticcr
Status
Three Cards to Midnight
Toolbox
tooltips
TrayApp
TurboTax 2009 wrapper
Unity Web Player
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB2934207)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoToolkit01
VLC media player 2.1.3
VPRINTOL
WebFldrs XP
WebReg
Windows Backup Utility
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows Search 4.0
Windows XP Service Pack 3
WIRELESS
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Mail Advisor
Yahoo! Search Protection
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
3/31/2014 10:20:11 AM, error: Service Control Manager [7000] - The Update Mega Browse service failed to start due to the following error: The system cannot find the file specified.
3/29/2014 8:35:08 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
3/29/2014 8:09:44 AM, error: Service Control Manager [7000] - The Util Laflurla service failed to start due to the following error: The system cannot find the path specified.
3/27/2014 7:23:52 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 960 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
3/26/2014 7:23:51 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 240 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
3/26/2014 5:23:51 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
3/26/2014 4:23:50 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
3/26/2014 3:53:50 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
3/26/2014 3:38:50 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
3/26/2014 3:38:44 PM, error: Dhcp [1002] - The IP address lease 192.168.0.10 for the Network Card with network address 0019212EE670 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
3/26/2014 11:23:51 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 480 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
3/25/2014 5:04:57 PM, error: Service Control Manager [7034] - The Computer Backup (MyPC Backup) service terminated unexpectedly. It has done this 1 time(s).
3/25/2014 10:19:33 PM, error: Service Control Manager [7034] - The Imapi Helper service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Owner at 13:27:18 on 2014-03-31
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1158 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AVG SafeGuard toolbar\vprot.exe
C:\Program Files\Yahoo!\Search Protection\YspService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DriverUpdate\DriverUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\18.0.5\ScriptHelper.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.mysearchdial.com/?f=1&a=ir_14_14_ch&cd=2XzuyEtN2Y1L1QzutDtDtCzytBtCtB0E0EyCyBtD0FyDtCtCtN0D0Tzu0SzztBtCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyCzztC0F0CyCyBtGyBtA0D0EtG0ByCyD0BtGyD0B0EzytGtCyC0CtA0EyCtAyD0A0CyC0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEyC0CtB0DyEzztG0D0FyB0CtGtCyC0E0AtG0DtA0AyBtGyB0AtC0DtD0BzzyC0EtCyByE2Q&cr=1296096663&ir=
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=ir_14_14_ch&cd=2XzuyEtN2Y1L1QzutDtDtCzytBtCtB0E0EyCyBtD0FyDtCtCtN0D0Tzu0SzztBtCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyCzztC0F0CyCyBtGyBtA0D0EtG0ByCyD0BtGyD0B0EzytGtCyC0CtA0EyCtAyD0A0CyC0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEyC0CtB0DyEzztG0D0FyB0CtGtCyC0E0AtG0DtA0AyBtGyB0AtC0DtD0BzzyC0EtCyByE2Q&cr=1296096663&ir=
uProxyOverride = <local>;*.local
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Yahooo Search Protection: {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [cdloader] "c:\documents and settings\owner\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\YspService.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DW7] "c:\program files\the weather channel\the weather channel app\TWCApp.exe"
uRun: [DriverUpdate] "c:\program files\driverupdate\DriverUpdate.exe" -boot
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [vProt] "c:\program files\avg safeguard toolbar\vprot.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{817FA071-AD53-4AA6-B7C6-BCFE83FF386C} : DHCPNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\18.0.5\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= 
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.154\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 231960]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2014-2-24 42272]
R1 tStLibG;tStLibG;c:\windows\system32\drivers\tStLibG.sys [2014-3-31 55232]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2010-11-12 266240]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-12 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-20 701512]
R2 vToolbarUpdater18.0.5;vToolbarUpdater18.0.5;c:\program files\common files\avg secure search\vtoolbarupdater\18.0.5\ToolbarUpdater.exe [2014-3-21 1771032]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-20 22856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Update Mega Browse;Update Mega Browse;"c:\program files\mega browse\updatemegabrowse.exe" --> c:\program files\mega browse\updateMegaBrowse.exe [?]
S2 Util Laflurla;Util Laflurla;"c:\program files\laflurla\bin\utillaflurla.exe" --> c:\program files\laflurla\bin\utilLaflurla.exe [?]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2006-6-30 69692]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2013-8-12 13464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2014-03-31 17:53:25	62576	----a-w-	c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{220c3aef-e84c-4cb7-aa10-4f101d396e77}\offreg.dll
2014-03-31 15:32:10	7969936	----a-w-	c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{220c3aef-e84c-4cb7-aa10-4f101d396e77}\mpengine.dll
2014-03-31 15:05:23	55232	----a-w-	c:\windows\system32\drivers\tStLibG.sys
2014-03-31 14:21:33	--------	d-----w-	c:\documents and settings\owner\application data\FreeFileViewer
2014-03-31 13:46:27	--------	d-----w-	c:\documents and settings\owner\local settings\application data\FreeFileViewer
2014-03-31 13:44:36	--------	d-----w-	c:\documents and settings\owner\local settings\application data\FileTypeAssistant
2014-03-31 13:44:24	--------	d-----w-	c:\program files\File Type Assistant
2014-03-31 13:43:15	--------	d-----w-	c:\program files\FreeFileViewer
2014-03-31 13:30:54	--------	d-----w-	c:\program files\Mega Browse
2014-03-31 13:18:54	711776	----a-w-	C:\FreeFileViewerSetup.exe
2014-03-30 20:15:39	--------	d-----w-	c:\documents and settings\owner\application data\rmi
2014-03-30 17:20:38	--------	d-----w-	c:\program files\Alex Feinman
2014-03-30 14:51:26	7969936	------w-	c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-03-25 10:01:49	--------	d-----w-	c:\documents and settings\owner\.swt
2014-03-25 10:01:00	--------	d-----w-	c:\program files\MyPC Backup
2014-03-25 10:00:00	--------	d-----w-	c:\documents and settings\owner\local settings\application data\Slick Savings
2014-03-25 09:59:19	--------	d-----w-	c:\program files\common files\Spigot
2014-03-25 09:57:46	--------	d-----w-	c:\documents and settings\owner\application data\Azureus
2014-03-22 18:33:00	--------	d-----w-	C:\DECCHECK
2014-03-21 16:46:09	--------	d-----w-	c:\windows\system32\cache
2014-03-20 18:02:54	--------	d-----w-	c:\windows\Performance
2014-03-20 18:02:41	--------	d-----w-	c:\documents and settings\owner\local settings\application data\Microsoft Corporation
2014-03-20 15:24:37	--------	d-----w-	c:\program files\VideoLAN
2014-03-10 15:28:15	13312	-c----w-	c:\windows\system32\dllcache\xp_eos.exe
2014-03-10 15:28:15	13312	------w-	c:\windows\system32\xp_eos.exe
.
==================== Find3M ====================
.
2014-03-31 17:20:27	13464	----a-w-	c:\windows\system32\drivers\SWDUMon.sys
2014-03-21 16:45:25	42272	----a-w-	c:\windows\system32\drivers\avgtpx86.sys
2014-03-12 17:18:58	692616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-03-12 17:18:57	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-24 11:46:36	920064	----a-w-	c:\windows\system32\wininet.dll
2014-02-24 11:45:58	43520	------w-	c:\windows\system32\licmgr10.dll
2014-02-24 11:45:57	1469440	------w-	c:\windows\system32\inetcpl.cpl
2014-02-24 11:45:42	18944	----a-w-	c:\windows\system32\corpol.dll
2014-02-24 10:54:21	385024	------w-	c:\windows\system32\html.iec
2014-02-07 02:01:37	1879040	----a-w-	c:\windows\system32\win32k.sys
2014-02-05 08:55:04	562688	----a-w-	c:\windows\system32\qedit.dll
2014-01-25 06:19:42	231960	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2014-01-19 07:32:23	231584	------w-	c:\windows\system32\MpSigStub.exe
2014-01-04 03:13:05	420864	----a-w-	c:\windows\system32\vbscript.dll
2011-01-17 17:35:38	1008936	-c--a-w-	c:\program files\AmazonMP3Installer.exe
2010-12-17 21:04:02	38147376	-c--a-w-	c:\program files\QuickTimeInstaller.exe
.
============= FINISH: 13:29:05.90 ===============
GMER

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-03-31 14:21:43
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 ->

\Device\Ide\IdeDeviceP1T0L0-e ST380815AS rev.4.AAA 74.53GB
Running: 0dlp5ge3.exe; Driver:

C:\DOCUME~1\Owner\LOCALS~1\Temp\awrcyfod.sys

---- System - GMER 2.1 ----

SSDT \??\C:\WINDOWS\system32\drivers\avgtpx86.sys

ZwEnumerateKey [0xA4C98342]
SSDT \??\C:\WINDOWS\system32\drivers\avgtpx86.sys

ZwEnumerateValueKey [0xA4C983F2]
SSDT \??\C:\WINDOWS\system32\drivers\avgtpx86.sys

ZwQueryValueKey [0xA4C9822A]

---- Kernel code sections - GMER 2.1 ----

? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys

The filename, directory name, or volume label syntax is incorrect. !

---- User code sections - GMER 2.1 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[1524] kernel32.dll!WriteFile

7C8112FF 7 Bytes JMP 00585C0C

C:\WINDOWS\system32\MSSRCH.DLL
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1676]

ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, A4, A6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1676]

ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1676]

ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, A7, A6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1676]

ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1676]

ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, A4, A6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1676]

ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1676]

ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, A5, A6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1676]

ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1676]

ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B917CBE 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1676]

ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1676]

ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, A6, A6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1676]

ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1676]

ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, A5, A6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1676]

ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1676]

ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, A6, A6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1676]

ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1676]

ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B917D2F 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1676]

ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1676]

ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, A4, A6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1676]

ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1676]

ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B917E5D 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1676]

ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1676]

ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, A5, A6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1676]

ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1676]

ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, A6, A6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1676]

ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1676]

ntdll.dll!NtTerminateProcess 7C90DE6E 5 Bytes JMP 0042EAD6 C:\Program

Files\Google\Chrome\Application\chrome.exe
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1676]

ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, A7, A6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1676]

ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1860]

ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, A4, 83, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1860]

ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1860]

ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, A7, 83, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1860]

ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1860]

ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, A4, 83, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1860]

ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1860]

ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, A5, 83, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1860]

ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1860]

ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9159BE 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1860]

ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1860]

ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, A6, 83, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1860]

ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1860]

ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, A5, 83, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1860]

ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1860]

ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, A6, 83, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1860]

ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1860]

ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B915A2F 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1860]

ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1860]

ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, A4, 83, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1860]

ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1860]

ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B915B5D 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1860]

ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1860]

ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, A5, 83, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1860]

ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1860]

ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, A6, 83, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1860]

ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1860]

ntdll.dll!NtTerminateProcess 7C90DE6E 5 Bytes JMP 0042EAD6 C:\Program

Files\Google\Chrome\Application\chrome.exe
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1860]

ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, A7, 83, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1860]

ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2936]

ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 6C, B9, 00] {SUB

[ECX+EDI*4+0x0], CH}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2936]

ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2936]

ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 6F, B9, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2936]

ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2936]

ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 6C, B9, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2936]

ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2936]

ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 6D, B9, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2936]

ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2936]

ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B918F86 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2936]

ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2936]

ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 6E, B9, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2936]

ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2936]

ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 6D, B9, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2936]

ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2936]

ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 6E, B9, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2936]

ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2936]

ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B918FF7 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2936]

ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2936]

ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 6C, B9, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2936]

ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2936]

ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B919125 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2936]

ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2936]

ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 6D, B9, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2936]

ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2936]

ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 6E, B9, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2936]

ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2936]

ntdll.dll!NtTerminateProcess 7C90DE6E 5 Bytes JMP 0042EAD6 C:\Program

Files\Google\Chrome\Application\chrome.exe
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2936]

ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 6F, B9, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2936]

ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2964]

ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, C0, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2964]

ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2964]

ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, C3, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2964]

ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2964]

ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, C0, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2964]

ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2964]

ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, C1, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2964]

ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2964]

ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EDDA 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2964]

ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2964]

ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, C2, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2964]

ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2964]

ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, C1, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2964]

ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2964]

ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, C2, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2964]

ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2964]

ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EE4B 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2964]

ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2964]

ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, C0, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2964]

ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2964]

ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EF79 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2964]

ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2964]

ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, C1, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2964]

ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2964]

ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, C2, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2964]

ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2964]

ntdll.dll!NtTerminateProcess 7C90DE6E 5 Bytes JMP 0042EAD6 C:\Program

Files\Google\Chrome\Application\chrome.exe
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2964]

ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, C3, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2964]

ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\Tcpip \Device\Ip

tStLibG.sys
AttachedDevice \Driver\Tcpip \Device\Tcp

tStLibG.sys
AttachedDevice \Driver\Tcpip \Device\Udp

tStLibG.sys
AttachedDevice \Driver\Tcpip \Device\RawIp

tStLibG.sys
AttachedDevice \FileSystem\Fastfat \Fat

fltmgr.sys

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0

unknown MBR code

---- EOF - GMER 2.1 ----


----------



## Sboutte (Jul 2, 2012)

# AdwCleaner v3.023 - Report created 03/04/2014 at 10:32:35
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Owner - YOUR-3DC5C40E2A
# Running from : C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Update Mega Browse

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\WinMaximizer
Folder Deleted : C:\Program Files\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files\File Type Assistant
Folder Deleted : C:\Program Files\Mega Browse
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\WinMaximizer
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\Spigot
Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\FileTypeAssistant
Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\SearchProtect
[!] Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\FileTypeAssistant
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Slick Savings
Folder Deleted : C:\DOCUME~1\Owner\LOCALS~1\Temp\Mega Browse
Folder Deleted : C:\DOCUME~1\Owner\LOCALS~1\Temp\Spigot
Folder Deleted : C:\Documents and Settings\Owner\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\Owner\My Documents\Optimizer Pro
[!] Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm
[!] Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
[!] Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
[!] Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
[!] Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
[!] Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
File Deleted : C:\END
File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A86782D8-7B41-452F-A217-1854F72DBA54}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\File Type Assistant\tsassist.exe]
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\mysearchdial
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\WinMaximizer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

*************************

AdwCleaner[R0].txt - [9267 octets] - [03/04/2014 10:27:13]
AdwCleaner[S0].txt - [8472 octets] - [03/04/2014 10:32:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8532 octets] ##########
I ran MBAM a few dys ago and it got out a ton of .pup files.

Thanks


----------



## kevinf80 (Mar 21, 2006)

Hello and welcome,

Run the following and post the produced logs:

Run Malwarebytes, Open > Settings Tab > Scanner Settings > Under action for *PUP* > Select: Show in Results List and Check for removal.

Please *Update* and run a *Quick* scan

Make sure that everything is checked, and click Remove Selected on any found items.

Post the produced log

Next,








Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

*Note*: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click *Yes* to disclaimer.
Press *Scan* button.
It will make a log (*FRST.txt*) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (*Addition.txt*). Please attach it to your reply.

Kevin...


----------



## Sboutte (Jul 2, 2012)

Have cleaned...

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.04.04.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: YOUR-3DC5C40E2A [administrator]

Protection: Enabled

4/4/2014 11:16:00 AM
mbam-log-2014-04-04 (11-16-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229629
Time elapsed: 20 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41} (PUP.Optional.CouponBar.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.Crimsolite.A) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Documents and Settings\Owner\Local Settings\temp\ct2504091 (PUP.Optional.Conduit.A) -> No action taken.

Files Detected: 4
C:\Documents and Settings\Owner\Local Settings\temp\is1914646434\35157201_stp\HomePageDLL.dll (PUP.Optional.Installcore) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\is1914646434\35157629_stp\setup.exe (PUP.Optional.Crimsolite.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\is35545781\mysearchdial.dll (PUP.Optional.MySearchDial.A) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\ct2504091\ism.exe (PUP.Optional.Conduit.A) -> No action taken.

(end)

Thank you for your assistance!


----------



## Sboutte (Jul 2, 2012)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Microsoft Windows XP x86
Ran by Owner on Fri 04/04/2014 at 12:08:02.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dw7

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2F4A34E0-1D17-4050-B49B-46263DEAE6B1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F940E383-E6B6-4E7E-A28A-1BD34F8C18C1}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2F4A34E0-1D17-4050-B49B-46263DEAE6B1}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\big fish"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\big fish games"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\pc1data"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Application Data\pc cleaners"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\big fish"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 04/04/2014 at 12:14:31.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


----------



## Sboutte (Jul 2, 2012)

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by Owner (administrator) on YOUR-3DC5C40E2A on 04-04-2014 12:38:25
Running from C:\Documents and Settings\Owner\My Documents\Downloads
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\WINDOWS\system32\CSHelper.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Search Protection\YspService.exe
(SlimWare Utilities, Inc.) C:\Program Files\DriverUpdate\DriverUpdate.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Documents and Settings\Owner\My Documents\Downloads\FRST (1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Recguard] - C:\WINDOWS\SMINST\RECGUARD.EXE [212992 2002-09-14] ()
HKLM\...\Run: [YMailAdvisor] - C:\Program Files\Yahoo!\Common\YMailAdvisor.exe [174424 2009-05-08] (Yahoo! Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\S-1-5-21-2951212231-3065092772-446880446-1003\...\Run: [cdloader] - C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe [50520 2010-02-26] (magicJack L.P.)
HKU\S-1-5-21-2951212231-3065092772-446880446-1003\...\Run: [YSearchProtection] - C:\Program Files\Yahoo!\Search Protection\YspService.exe [296248 2010-06-13] (Yahoo! Inc.)
HKU\S-1-5-21-2951212231-3065092772-446880446-1003\...\Run: [DriverUpdate] - C:\Program Files\DriverUpdate\DriverUpdate.exe [35256640 2014-01-15] (SlimWare Utilities, Inc.)
HKU\S-1-5-21-2951212231-3065092772-446880446-1003\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-07-05] (Google Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC21FE5EFFF45CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {2F4A34E0-1D17-4050-B49B-46263DEAE6B1} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADFA_en
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3324759&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SPDD4F23F6-1FA6-4218-A19F-EF4C558062A4&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {2F4A34E0-1D17-4050-B49B-46263DEAE6B1} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADFA_en
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8
BHO: Yahooo Search Protection - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-03]
CHR Extension: (Google Drive) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-03]
CHR Extension: (YouTube) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-19]
CHR Extension: (Google Search) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-03]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-19]

========================== Services (Whitelisted) =================

R2 CSHelper; C:\WINDOWS\system32\CSHelper.exe [266240 2010-11-12] ()
S3 GameConsoleService; C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe [246520 2010-07-28] (WildTangent, Inc.)
S3 Imapi Helper; C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe [163840 2006-01-05] (Alex Feinman)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2012-06-07] (Sun Microsystems, Inc.)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [172032 2009-12-07] (New Boundary Technologies, Inc.)
S2 Util Laflurla; "C:\Program Files\Laflurla\bin\utilLaflurla.exe" [X]
S2 vToolbarUpdater18.0.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42272 2014-03-21] (AVG Technologies)
S3 el575nd5; C:\WINDOWS\System32\DRIVERS\el575nd5.sys [69692 2001-08-17] (3Com Corporation)
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [57672 2009-02-17] (FTDI Ltd.)
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-03-07] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-03-07] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-03-07] (HP)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [990592 2006-07-18] (Conexant Systems, Inc.)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation)
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13464 2014-04-03] ()
R1 tStLibG; C:\WINDOWS\System32\drivers\tStLibG.sys [55232 2014-03-31] (StdLib)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-04 12:14 - 2014-04-04 12:14 - 00001635 _____ () C:\Documents and Settings\Owner\Desktop\JRT.txt
2014-04-04 12:07 - 2014-04-04 12:07 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-04-03 11:16 - 2014-04-03 11:16 - 00000000 ____D () C:\WINDOWS\LastGood
2014-04-03 10:27 - 2014-04-03 11:10 - 00000000 ____D () C:\AdwCleaner
2014-04-03 10:22 - 2014-04-03 10:22 - 01426178 _____ () C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe
2014-03-31 11:29 - 2014-04-03 11:23 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-03-31 10:05 - 2014-03-31 10:05 - 00055232 _____ (StdLib) C:\WINDOWS\system32\Drivers\tStLibG.sys
2014-03-31 09:21 - 2014-03-31 09:25 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\FreeFileViewer
2014-03-31 08:46 - 2014-03-31 08:46 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\FreeFileViewer
2014-03-31 08:44 - 2014-04-04 08:54 - 00000394 _____ () C:\WINDOWS\Tasks\ProgramUpdateCheck.job
2014-03-31 08:44 - 2014-04-04 08:46 - 00000450 _____ () C:\WINDOWS\Tasks\ProgramRefresh-ATFST.job
2014-03-31 08:44 - 2014-04-04 08:44 - 00000378 _____ () C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job
2014-03-31 08:43 - 2014-03-31 08:43 - 00000000 ____D () C:\Program Files\FreeFileViewer
2014-03-31 08:43 - 2014-03-31 08:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\FreeFileViewer
2014-03-31 08:29 - 2014-03-31 08:29 - 00000043 _____ () C:\Documents and Settings\Owner\Application Data\WB.CFG
2014-03-31 08:18 - 2014-03-31 08:18 - 00711776 _____ ( ) C:\FreeFileViewerSetup.exe
2014-03-30 15:15 - 2014-03-30 15:15 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\rmi
2014-03-30 14:09 - 2014-03-30 14:09 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
2014-03-30 14:05 - 2014-03-30 15:21 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\ImgBurn
2014-03-30 13:57 - 2014-03-30 13:57 - 00000000 ____D () C:\Program Files\ImgBurn
2014-03-30 12:37 - 2014-03-30 12:37 - 00000766 _____ () C:\Documents and Settings\Owner\Desktop\Shortcut to wmplayer.exe.lnk
2014-03-30 12:35 - 2014-03-30 12:35 - 00000510 ____N () C:\Documents and Settings\Owner\Desktop\Microsoft Windows XP Video Decoder Checkup Utility.lnk
2014-03-30 12:20 - 2014-03-30 22:15 - 00000000 ____D () C:\Program Files\Alex Feinman
2014-03-29 09:40 - 2014-03-29 09:40 - 00003884 _____ () C:\Documents and Settings\Owner\My Documents\defrag 032914.txt
2014-03-28 14:54 - 2014-03-28 16:45 - 3131996160 _____ () C:\Backup 01232014.bkf
2014-03-25 07:50 - 2014-03-25 07:50 - 00007680 ___SH () C:\WINDOWS\Thumbs.db
2014-03-25 05:22 - 2014-03-25 05:23 - 00033688 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-03-25 05:01 - 2014-03-25 05:01 - 00000000 ____D () C:\Documents and Settings\Owner\.swt
2014-03-25 04:57 - 2014-03-25 06:27 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Azureus
2014-03-25 03:57 - 2014-03-25 03:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
2014-03-22 13:33 - 2014-03-22 13:33 - 00000000 ____D () C:\Documents and Settings\Owner\Start Menu\Programs\Windows Media
2014-03-22 13:33 - 2014-03-22 13:33 - 00000000 ____D () C:\DECCHECK
2014-03-21 11:46 - 2014-03-21 11:46 - 00000000 ____D () C:\WINDOWS\system32\cache
2014-03-20 13:02 - 2014-03-20 13:02 - 00000000 ____D () C:\WINDOWS\Performance
2014-03-20 13:02 - 2014-03-20 13:02 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft Corporation
2014-03-20 13:00 - 2014-03-20 13:13 - 00001748 _____ () C:\WINDOWS\KB932823-v3.log
2014-03-20 11:37 - 2014-03-20 11:37 - 00000421 _____ () C:\WINDOWS\nsw.log
2014-03-20 10:35 - 2014-03-20 10:39 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\dvdcss
2014-03-20 10:33 - 2014-03-25 04:01 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\vlc
2014-03-20 10:24 - 2014-03-20 10:24 - 00000000 ____D () C:\Program Files\VideoLAN
2014-03-20 08:46 - 2014-03-20 08:46 - 00118784 ____N () C:\Documents and Settings\Owner\My Documents\baby Shiwer Booties.wps
2014-03-13 02:43 - 2014-04-03 11:13 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-03-13 02:43 - 2014-03-13 17:46 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-12 15:52 - 2014-03-12 15:54 - 00131383 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-12 15:52 - 2014-03-12 15:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-12 15:52 - 2014-03-12 15:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-12 14:29 - 2014-03-12 15:52 - 00131140 _____ () C:\WINDOWS\KB2930275.log
2014-03-12 14:29 - 2014-03-12 15:52 - 00129232 _____ () C:\WINDOWS\KB2929961.log
2014-03-11 03:02 - 2014-03-11 03:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-11 03:00 - 2014-03-11 03:02 - 00004766 _____ () C:\WINDOWS\KB2934207.log
2014-03-10 10:28 - 2014-02-25 20:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-03-10 10:28 - 2014-02-25 20:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2014-03-08 18:35 - 2014-03-08 18:35 - 00017920 ____N () C:\Documents and Settings\Owner\My Documents\RefillRequest Template.wps

==================== One Month Modified Files and Folders =======

2014-04-04 12:38 - 2014-01-25 08:59 - 00000000 ____D () C:\FRST
2014-04-04 12:18 - 2012-03-30 08:32 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-04 12:14 - 2014-04-04 12:14 - 00001635 _____ () C:\Documents and Settings\Owner\Desktop\JRT.txt
2014-04-04 12:14 - 2012-07-05 21:14 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-04 12:07 - 2014-04-04 12:07 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-04-04 12:00 - 2006-05-06 19:37 - 01844373 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-04 11:05 - 2011-11-10 00:05 - 00000580 ____H () C:\WINDOWS\Tasks\DataUpload.job
2014-04-04 10:14 - 2012-07-05 21:14 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-04 08:54 - 2014-03-31 08:44 - 00000394 _____ () C:\WINDOWS\Tasks\ProgramUpdateCheck.job
2014-04-04 08:46 - 2014-03-31 08:44 - 00000450 _____ () C:\WINDOWS\Tasks\ProgramRefresh-ATFST.job
2014-04-04 08:44 - 2014-03-31 08:44 - 00000378 _____ () C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job
2014-04-04 08:23 - 2010-09-08 18:16 - 00000422 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{E8CF57D3-0A42-4F7C-A14A-8B742D99AA68}.job
2014-04-04 05:49 - 2006-05-06 19:41 - 00032430 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-03 11:23 - 2014-03-31 11:29 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-04-03 11:16 - 2014-04-03 11:16 - 00000000 ____D () C:\WINDOWS\LastGood
2014-04-03 11:16 - 2013-08-12 09:30 - 00013464 _____ () C:\WINDOWS\system32\Drivers\SWDUMon.sys
2014-04-03 11:16 - 2012-07-06 22:06 - 00516608 _____ () C:\WINDOWS\setupapi.log
2014-04-03 11:14 - 2011-11-10 00:05 - 00000616 ____H () C:\WINDOWS\Tasks\ConfigExec.job
2014-04-03 11:13 - 2014-03-13 02:43 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-04-03 11:13 - 2013-08-12 09:30 - 00000314 _____ () C:\WINDOWS\Tasks\Install Toolbar.job
2014-04-03 11:13 - 2006-05-06 19:41 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-03 11:13 - 2006-05-06 12:33 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-03 11:13 - 2006-05-06 12:33 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-04-03 11:10 - 2014-04-03 10:27 - 00000000 ____D () C:\AdwCleaner
2014-04-03 11:10 - 2006-05-06 19:41 - 00000178 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2014-04-03 10:35 - 2006-05-06 19:41 - 00000000 ____D () C:\Documents and Settings\Owner
2014-04-03 10:22 - 2014-04-03 10:22 - 01426178 _____ () C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe
2014-03-31 14:26 - 2013-05-25 00:53 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Unused Desktop Shortcuts
2014-03-31 13:21 - 2009-12-08 12:24 - 00024794 _____ () C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2014-03-31 11:20 - 2011-01-26 16:38 - 00001945 ____C () C:\WINDOWS\epplauncher.mif
2014-03-31 11:19 - 2012-05-03 18:21 - 00001698 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-03-31 11:17 - 2011-10-17 09:30 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-31 11:14 - 2006-05-06 19:24 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-31 10:05 - 2014-03-31 10:05 - 00055232 _____ (StdLib) C:\WINDOWS\system32\Drivers\tStLibG.sys
2014-03-31 10:05 - 2006-05-06 19:41 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-03-31 10:05 - 2006-05-06 19:24 - 00000703 _____ () C:\WINDOWS\win.ini
2014-03-31 09:25 - 2014-03-31 09:21 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\FreeFileViewer
2014-03-31 09:00 - 2011-11-09 23:53 - 00720896 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-03-31 08:46 - 2014-03-31 08:46 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\FreeFileViewer
2014-03-31 08:46 - 2006-05-06 19:41 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-03-31 08:43 - 2014-03-31 08:43 - 00000000 ____D () C:\Program Files\FreeFileViewer
2014-03-31 08:43 - 2014-03-31 08:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\FreeFileViewer
2014-03-31 08:29 - 2014-03-31 08:29 - 00000043 _____ () C:\Documents and Settings\Owner\Application Data\WB.CFG
2014-03-31 08:18 - 2014-03-31 08:18 - 00711776 _____ ( ) C:\FreeFileViewerSetup.exe
2014-03-30 22:15 - 2014-03-30 12:20 - 00000000 ____D () C:\Program Files\Alex Feinman
2014-03-30 19:52 - 2006-05-06 19:35 - 00083596 ____C () C:\WINDOWS\wmsetup.log
2014-03-30 17:14 - 2010-05-02 01:27 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-03-30 15:21 - 2014-03-30 14:05 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\ImgBurn
2014-03-30 15:15 - 2014-03-30 15:15 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\rmi
2014-03-30 14:09 - 2014-03-30 14:09 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
2014-03-30 13:57 - 2014-03-30 13:57 - 00000000 ____D () C:\Program Files\ImgBurn
2014-03-30 12:37 - 2014-03-30 12:37 - 00000766 _____ () C:\Documents and Settings\Owner\Desktop\Shortcut to wmplayer.exe.lnk
2014-03-30 12:35 - 2014-03-30 12:35 - 00000510 ____N () C:\Documents and Settings\Owner\Desktop\Microsoft Windows XP Video Decoder Checkup Utility.lnk
2014-03-29 10:47 - 2014-01-05 08:58 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Crochet
2014-03-29 10:28 - 2009-12-07 14:13 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Google
2014-03-29 09:40 - 2014-03-29 09:40 - 00003884 _____ () C:\Documents and Settings\Owner\My Documents\defrag 032914.txt
2014-03-29 08:32 - 2006-05-06 12:31 - 02985118 _____ () C:\WINDOWS\FaxSetup.log
2014-03-29 08:32 - 2006-05-06 12:31 - 01464390 _____ () C:\WINDOWS\ocgen.log
2014-03-29 08:32 - 2006-05-06 12:31 - 01158808 _____ () C:\WINDOWS\tsoc.log
2014-03-29 08:32 - 2006-05-06 12:31 - 00909055 _____ () C:\WINDOWS\comsetup.log
2014-03-29 08:32 - 2006-05-06 12:31 - 00555148 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-29 08:32 - 2006-05-06 12:31 - 00469521 _____ () C:\WINDOWS\iis6.log
2014-03-29 08:32 - 2006-05-06 12:31 - 00151523 _____ () C:\WINDOWS\ocmsn.log
2014-03-29 08:32 - 2006-05-06 12:31 - 00151141 _____ () C:\WINDOWS\msgsocm.log
2014-03-29 08:32 - 2006-05-06 12:31 - 00004566 _____ () C:\WINDOWS\imsins.log
2014-03-29 08:31 - 2006-05-06 12:31 - 00768544 ____C () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-29 08:24 - 2006-05-06 12:30 - 00220345 _____ () C:\WINDOWS\setupact.log
2014-03-28 16:45 - 2014-03-28 14:54 - 3131996160 _____ () C:\Backup 01232014.bkf
2014-03-28 14:54 - 2006-05-06 19:35 - 00000000 ____D () C:\WINDOWS\Registration
2014-03-28 14:28 - 2012-05-31 23:13 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-03-28 11:57 - 2006-05-06 19:38 - 00000000 __RSH () C:\CONFIG.SYS
2014-03-28 11:57 - 2006-05-06 19:24 - 00000328 __RSH () C:\boot.ini
2014-03-28 11:10 - 2010-03-02 06:21 - 00000000 ____D () C:\Sharron
2014-03-27 06:35 - 2012-02-06 00:45 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\medical expenses
2014-03-26 17:02 - 2011-03-28 22:29 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Planet Waves
2014-03-25 07:50 - 2014-03-25 07:50 - 00007680 ___SH () C:\WINDOWS\Thumbs.db
2014-03-25 07:50 - 2012-07-16 12:08 - 00008704 ____N () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-25 07:50 - 2009-12-08 02:53 - 00000000 ____D () C:\305d1cae2383e511b2
2014-03-25 06:27 - 2014-03-25 04:57 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Azureus
2014-03-25 05:23 - 2014-03-25 05:22 - 00033688 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-03-25 05:01 - 2014-03-25 05:01 - 00000000 ____D () C:\Documents and Settings\Owner\.swt
2014-03-25 04:01 - 2014-03-20 10:33 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\vlc
2014-03-25 03:57 - 2014-03-25 03:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
2014-03-24 15:01 - 2009-12-07 13:53 - 00000000 ____D () C:\Program Files\Microsoft Works
2014-03-22 17:13 - 2010-01-08 00:30 - 00000000 ____D () C:\Program Files\SolarFire7
2014-03-22 14:10 - 2006-05-06 12:25 - 00000000 ____D () C:\WINDOWS\Help
2014-03-22 13:33 - 2014-03-22 13:33 - 00000000 ____D () C:\Documents and Settings\Owner\Start Menu\Programs\Windows Media
2014-03-22 13:33 - 2014-03-22 13:33 - 00000000 ____D () C:\DECCHECK
2014-03-22 12:52 - 2006-07-01 00:30 - 00000000 ____D () C:\WINDOWS\OPTIONS
2014-03-21 23:33 - 2010-12-07 14:15 - 00000803 ____N () C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk
2014-03-21 23:33 - 2006-05-06 19:42 - 00000738 ____N () C:\Documents and Settings\Owner\Start Menu\Programs\Outlook Express.lnk
2014-03-21 23:33 - 2006-05-06 19:35 - 00000785 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
2014-03-21 11:46 - 2014-03-21 11:46 - 00000000 ____D () C:\WINDOWS\system32\cache
2014-03-21 11:45 - 2014-02-24 18:57 - 00042272 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2014-03-20 13:14 - 2011-12-15 04:13 - 00017881 _____ () C:\WINDOWS\KB2618444-IE8.log
2014-03-20 13:13 - 2014-03-20 13:00 - 00001748 _____ () C:\WINDOWS\KB932823-v3.log
2014-03-20 13:02 - 2014-03-20 13:02 - 00000000 ____D () C:\WINDOWS\Performance
2014-03-20 13:02 - 2014-03-20 13:02 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft Corporation
2014-03-20 11:37 - 2014-03-20 11:37 - 00000421 _____ () C:\WINDOWS\nsw.log
2014-03-20 11:36 - 2009-12-07 13:47 - 00000000 ____D () C:\WINDOWS\system32\LogFiles
2014-03-20 10:39 - 2014-03-20 10:35 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\dvdcss
2014-03-20 10:24 - 2014-03-20 10:24 - 00000000 ____D () C:\Program Files\VideoLAN
2014-03-20 10:13 - 2006-05-06 12:25 - 00000000 ____D () C:\WINDOWS\Resources
2014-03-20 08:46 - 2014-03-20 08:46 - 00118784 ____N () C:\Documents and Settings\Owner\My Documents\baby Shiwer Booties.wps
2014-03-20 03:17 - 2013-07-19 03:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-20 03:01 - 2009-12-07 21:12 - 87350280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-19 18:45 - 2010-01-16 03:17 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Letters
2014-03-19 16:13 - 2010-01-17 00:59 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\HpUpdate
2014-03-19 09:14 - 2012-07-17 16:49 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-03-13 17:46 - 2014-03-13 02:43 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-13 02:43 - 2012-08-19 15:50 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 02:43 - 2006-05-06 12:30 - 00159544 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-12 15:54 - 2014-03-12 15:52 - 00131383 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-12 15:54 - 2006-06-30 21:26 - 00600305 _____ () C:\WINDOWS\updspapi.log
2014-03-12 15:54 - 2006-05-06 12:31 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-03-12 15:53 - 2010-02-27 10:38 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-03-12 15:52 - 2014-03-12 15:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-12 15:52 - 2014-03-12 15:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-12 15:52 - 2014-03-12 14:29 - 00131140 _____ () C:\WINDOWS\KB2930275.log
2014-03-12 15:52 - 2014-03-12 14:29 - 00129232 _____ () C:\WINDOWS\KB2929961.log
2014-03-12 15:50 - 2012-08-19 15:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2014-03-12 12:18 - 2012-03-30 08:32 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-03-12 12:18 - 2011-05-14 22:36 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-03-11 03:02 - 2014-03-11 03:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-11 03:02 - 2014-03-11 03:00 - 00004766 _____ () C:\WINDOWS\KB2934207.log
2014-03-08 22:00 - 2009-12-21 07:50 - 00000035 ____C () C:\WINDOWS\popcinfo.dat
2014-03-08 18:35 - 2014-03-08 18:35 - 00017920 ____N () C:\Documents and Settings\Owner\My Documents\RefillRequest Template.wps

Some content of TEMP:
====================
C:\Documents and Settings\Owner\Local Settings\temp\BackupSetup.exe
C:\Documents and Settings\Owner\Local Settings\temp\pyl10D.tmp.exe
C:\Documents and Settings\Owner\Local Settings\temp\pyl13A.tmp.exe
C:\Documents and Settings\Owner\Local Settings\temp\pyl157.tmp.exe
C:\Documents and Settings\Owner\Local Settings\temp\pyl15A.tmp.exe
C:\Documents and Settings\Owner\Local Settings\temp\pyl15B.tmp.exe
C:\Documents and Settings\Owner\Local Settings\temp\pyl249.tmp.exe
C:\Documents and Settings\Owner\Local Settings\temp\pylE0.tmp.exe
C:\Documents and Settings\Owner\Local Settings\temp\pylEF.tmp.exe
C:\Documents and Settings\Owner\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\Owner\Local Settings\temp\vcredist_x86.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

There was no addition. Ithink I ran it with my last problem. sorry...


----------



## Sboutte (Jul 2, 2012)

Attached is a copy of Addition. I found a button to create this.


----------



## kevinf80 (Mar 21, 2006)

Download attached *fixlist.txt* file and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.


 *Turn off the real time scanner of any existing antivirus program while performing the online scan*
 click on the Run ESET Online Scanner button
 Tick the box next to YES, I accept the Terms of Use.
*Click Start*
 When asked, allow the add/on to be installed
*Click Start*
 Make sure that the option Remove found threats is unticked
 Click on Advanced Settings, ensure the options
 Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
*Click Scan*
 wait for the virus definitions to be downloaded
 Wait for the scan to finish

*When the scan is complete*


 If no threats were found
 put a checkmark in "Uninstall application on close"
 close program
 report to me that nothing was found

*If threats were found*


 click on "list of threats found"
 click on "export to text file" and save it as ESET SCAN and save to the desktop
 Click on back
 put a checkmark in "Uninstall application on close"
 click on finish

*close program*

Copy and paste the report in next reply. Let me know if any remaining issues or concerns....

Kevin...


----------



## Sboutte (Jul 2, 2012)

C:\Documents and Settings\Owner\Local Settings\temp\is1914646434\35157008_stp.EXE » INNO » {app}\tsasetup.exe » INNO » {app}\tsassist.exe - a variant of Win32/FileTypeAssistant.A potentially unwanted application
C:\Documents and Settings\Owner\Local Settings\temp\is1914646434\35157008_stp.EXE » INNO » {app}\tsasetup.exe » INNO » {app}\ftacfg.exe - Win32/FileTypeAssistant.A potentially unwanted application
C:\Documents and Settings\Owner\Local Settings\temp\is1914646434\35157114_stp\wajam_validate.exe - Win32/Wajam.F potentially unwanted application - action selection postponed until scan completion
C:\Documents and Settings\Owner\Local Settings\temp\is35545781\mysearchdial.dll - a variant of Win32/Toolbar.Escort.A potentially unwanted application - action selection postponed until scan completion
C:\Documents and Settings\Owner\Local Settings\temp\{0A5E6056-9224-4C2F-8AC4-B48B9A4F9EE4}\setup.exe » INNO » {app}\OptimizerPro.exe » Armadillo - a variant of Win32/SpeedingUpMyPC application
C:\Documents and Settings\Owner\Local Settings\temp\{0A5E6056-9224-4C2F-8AC4-B48B9A4F9EE4}\setup.exe » INNO » {app}\OptProSmartScan.exe - a variant of Win32/Adware.SpeedingUpMyPC.C application
C:\Documents and Settings\Owner\Local Settings\temp\{0A5E6056-9224-4C2F-8AC4-B48B9A4F9EE4}\setup.exe » INNO » {app}\OptProLauncher.exe - a variant of Win32/AdWare.SpeedingUpMyPC.D application
C:\Documents and Settings\Owner\Local Settings\temp\{0A5E6056-9224-4C2F-8AC4-B48B9A4F9EE4}\setup.exe » INNO » {app}\OptProCrash.dll - a variant of Win32/SProtector.E potentially unwanted application
C:\Documents and Settings\Owner\My Documents\Downloads\chromeinstall-7u5.exe » CAB » aucheck - archive damaged - the file could not be extracted.
C:\Documents and Settings\Owner\My Documents\Downloads\chromeinstall-7u5.exe » CAB » jaureg - archive damaged - the file could not be extracted.
C:\Documents and Settings\Owner\My Documents\Downloads\chromeinstall-7u5.exe » CAB » jucheck - archive damaged - the file could not be extracted.
C:\Documents and Settings\Owner\My Documents\Downloads\chromeinstall-7u5.exe » CAB » jusched - archive damaged - the file could not be extracted.
C:\Documents and Settings\Owner\My Documents\Downloads\chromeinstall-7u5.exe » CAB » task.xml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Owner\My Documents\Downloads\chromeinstall-7u5.exe » CAB » task64.xml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Owner\My Documents\Downloads\DownloadManagerSetup.exe - a variant of Win32/InstallCore.LM potentially unwanted application - action selection postponed until scan completion
C:\Documents and Settings\Owner\My Documents\Downloads\FreeFileViewerSetup [1].exe » INNO » {app}\tsasetup.exe » INNO » {app}\tsassist.exe - a variant of Win32/FileTypeAssistant.A potentially unwanted application
C:\Documents and Settings\Owner\My Documents\Downloads\FreeFileViewerSetup [1].exe » INNO » {app}\tsasetup.exe » INNO » {app}\ftacfg.exe - Win32/FileTypeAssistant.A potentially unwanted application
C:\Documents and Settings\Owner\My Documents\Downloads\jre-7u5-windows-i586-iftw.exe » CAB » aucheck - archive damaged - the file could not be extracted.
C:\Documents and Settings\Owner\My Documents\Downloads\jre-7u5-windows-i586-iftw.exe » CAB » jaureg - archive damaged - the file could not be extracted.
C:\Documents and Settings\Owner\My Documents\Downloads\jre-7u5-windows-i586-iftw.exe » CAB » jucheck - archive damaged - the file could not be extracted.
C:\Documents and Settings\Owner\My Documents\Downloads\jre-7u5-windows-i586-iftw.exe » CAB » jusched - archive damaged - the file could not be extracted.
C:\Documents and Settings\Owner\My Documents\Downloads\jre-7u5-windows-i586-iftw.exe » CAB » task.xml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Owner\My Documents\Downloads\jre-7u5-windows-i586-iftw.exe » CAB » task64.xml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Owner\My Documents\Downloads\Productivity_3_1.exe » NSIS » Script.nsi - Win32/Toolbar.Conduit potentially unwanted application
C:\Documents and Settings\Owner\My Documents\Downloads\Linux\imgburn-2.5.8.0.exe » NSIS » Script.nsi - Win32/JoyDownloader.A potentially unwanted application
C:\My Backup -- 07-12-09 1213\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WX0W5Y6G\YearEndEvent_160x600_fla_bnr_111809_r02[2].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\My Backup -- 07-12-09 1213\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL - a variant of Win32/Toolbar.MyWebSearch potentially unwanted application - action selection postponed until scan completion
C:\Program Files\AOL 9.0\AOL90\COMPS\VWPT\VWPT.EXE » NSIS - unpack error
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP740\A0051309.exe - a variant of MSIL/BrowseFox.D potentially unwanted application - action selection postponed until scan completion
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP740\A0051416.dll - a variant of Win32/BrowseFox.F potentially unwanted application - action selection postponed until scan completion
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP740\A0051418.exe » NSIS » Script.nsi - Win32/BrowseFox.C potentially unwanted application
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP740\A0051420.exe - a variant of Win32/DealPly.O potentially unwanted application - action selection postponed until scan completion
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP740\A0051422.dll - a variant of Win32/Toolbar.Escort.A potentially unwanted application - action selection postponed until scan completion
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP740\A0051424.dll - a variant of Win32/Toolbar.Montiera.A potentially unwanted application - action selection postponed until scan completion
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP740\A0051425.dll - probably a variant of Win32/Toolbar.Montiera.A potentially unwanted application - action selection postponed until scan completion
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP740\A0051426.exe - a variant of Win32/Toolbar.Montiera.A potentially unwanted application - action selection postponed until scan completion
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP740\A0051427.dll - a variant of Win32/Toolbar.Montiera.F potentially unwanted application - action selection postponed until scan completion
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP740\A0051431.dll - a variant of Win32/SProtector.F potentially unwanted application - action selection postponed until scan completion
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP740\A0051432.dll - a variant of Win32/SProtector.E potentially unwanted application - action selection postponed until scan completion
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP740\A0051452.exe - a variant of Win32/BrowseFox.H potentially unwanted application - action selection postponed until scan completion
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP740\A0051453.exe - a variant of Win32/BrowseFox.H potentially unwanted application - action selection postponed until scan completion
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP740\A0051454.dll - a variant of Win32/BrowseFox.K potentially unwanted application - action selection postponed until scan completion
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP740\A0051455.exe - Win32/BrowseFox.I potentially unwanted application - action selection postponed until scan completion
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP741\A0051497.exe » INDIGOROSE - unsupported option
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP745\A0051675.exe - Win32/FileTypeAssistant.A potentially unwanted application - action selection postponed until scan completion
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP745\A0051677.exe » INNO » {app}\tsassist.exe - a variant of Win32/FileTypeAssistant.A potentially unwanted application
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP745\A0051677.exe » INNO » {app}\ftacfg.exe - Win32/FileTypeAssistant.A potentially unwanted application
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP745\A0051678.exe - a variant of Win32/FileTypeAssistant.A potentially unwanted application - action selection postponed until scan completion
C:\Documents and Settings\Owner\Local Settings\temp\is1914646434\35157008_stp.EXE - error opening [4]
C:\Documents and Settings\Owner\Local Settings\temp\is1914646434\35157114_stp\wajam_validate.exe - error opening [4]
C:\Documents and Settings\Owner\Local Settings\temp\is35545781\mysearchdial.dll - error opening [4]
C:\Documents and Settings\Owner\My Documents\Downloads\DownloadManagerSetup.exe - error opening [4]
C:\Documents and Settings\Owner\My Documents\Downloads\FreeFileViewerSetup [1].exe - error opening [4]
C:\Documents and Settings\Owner\My Documents\Downloads\Productivity_3_1.exe - error opening [4]
C:\Documents and Settings\Owner\My Documents\Downloads\Linux\imgburn-2.5.8.0.exe - error opening [4]
C:\My Backup -- 07-12-09 1213\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL - error opening [4]
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP740\A0051309.exe - error opening [4]
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP740\A0051416.dll - error opening [4]
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP740\A0051418.exe - error opening [4]
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP740\A0051420.exe - error opening [4]
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP740\A0051422.dll - error opening [4]
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP740\A0051424.dll - error opening [4]
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP740\A0051425.dll - error opening [4]
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP740\A0051426.exe - error opening [4]
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP740\A0051427.dll - error opening [4]
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP740\A0051431.dll - error opening [4]
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP740\A0051432.dll - error opening [4]
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP740\A0051452.exe - error opening [4]
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP740\A0051453.exe - error opening [4]
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP740\A0051454.dll - error opening [4]
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP740\A0051455.exe - error opening [4]
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP745\A0051675.exe - error opening [4]
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP745\A0051677.exe - error opening [4]
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP745\A0051678.exe - error opening [4]
Number of scanned objects: 236340
Number of threats found: 33
Number of cleaned objects: 4
Time of completion: 6:40:48 PM Total scanning time: 43319 sec (12:01:59)

Notes:
[1] Object has been deleted as it only contained the virus body.
[4] Object cannot be opened. It may be in use by another application or operating system.


----------



## Sboutte (Jul 2, 2012)

The instructions were different than those you suggested. Just had "filter"


----------



## kevinf80 (Mar 21, 2006)

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe

Double click *OTM.exe* to start the tool. Vista or Windows 7 users accepy UAC alert. *Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion....* If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

*Copy* the text from the code box belowbelow to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*). Ensure to start with and include the colon before Files *:Files*


```
:Files
C:\Documents and Settings\Owner\My Documents\Downloads\chromeinstall-7u5.exe
C:\Documents and Settings\Owner\My Documents\Downloads\DownloadManagerSetup.exe
C:\Documents and Settings\Owner\My Documents\Downloads\FreeFileViewerSetup [1].exe
C:\Documents and Settings\Owner\My Documents\Downloads\jre-7u5-windows-i586-iftw.exe
C:\Documents and Settings\Owner\My Documents\Downloads\Productivity_3_1.exe
C:\Documents and Settings\Owner\My Documents\Downloads\Linux\imgburn-2.5.8.0.exe
C:\My Backup -- 07-12-09 1213\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WX0W5Y6G\YearEndEvent_160x600_fla_bnr_111809_r02[2].swf
C:\My Backup -- 07-12-09 1213\Program Files\AskSBar
C:\Documents and Settings\Owner\My Documents\Downloads\DownloadManagerSetup.exe
C:\Documents and Settings\Owner\My Documents\Downloads\FreeFileViewerSetup [1].exe
C:\Documents and Settings\Owner\My Documents\Downloads\Productivity_3_1.exe
C:\Documents and Settings\Owner\My Documents\Downloads\Linux\imgburn-2.5.8.0.exe
ipconfig /flushdns /c
:Commands
[ClearAllRestorePoints]
[EmptyTemp]
```

 Return to OTMoveIt3, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*.
Click the red







button.
*Copy* everything in the Results window (under the green bar) to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close *OTM*
*Note:* If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.*

If the machine reboots, the Results log can be found here:

*c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log*

Where mmddyyyy_hhmmss is the date of the tool run.

Post that log, let me know if any remaining issues or concerns...


----------



## Sboutte (Jul 2, 2012)

Hi Kevin

Sorry but I have tried 3 times and nothing ever gets pasted to results window. I even went to the link you gave me and the folders were empty. I even deleted OTM and reloaded it to no avail.


----------



## kevinf80 (Mar 21, 2006)

OK leave OTM for now, run the following:

Download*  Dr.Web CureIt *to the desktop. 
The download is nearly 104.6 MB in size


Turn OFF your antivirus program.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Turn off any other add-on security app {if you have them} like MBAM File System Protection.

If this system is Windows 8/7 or VISTA, then Right-click on







*drweb-cureit.exe* and select Run as Administrator.
Otherwise, on Windows XP, doubleclick on







*drweb-cureit.exe* file to start the tool.

You will see a screen similar to this:








Click the checkbox to participate, and then click on *Continue* button.

Next









Click on *Select onjects for scanning*

Next









Put a checkmark by clicking on the boxes as shown.
Do not select Temporary files or System Restore points.

Then click on *Start scanning* button

The scan in progress will be shown like this









IF something is detected, you will see a screen similar to this









For each item "detected", click on the Action column down arrow, like this








Your options will be Cure or Ignore

IF you see an item that you are very sure is ok, then un-check the checkbox for that item.
Typically, you will keep the Cure default.

Then click on the Neutralize button.

When the actions are completed, you will see this









Click on the *green Open Report line.* It will pop-up the report in NOTEPAD.
Save the report to your desktop. The report will be called *Cureit.log*

While in NOTEPAD, do a CTRL+A to Copy all to clipboard.
You should be able to get back to your forum topic, start a new reply,
click 1 time in the box
and do a CTRL+V (Paste}
into reply.

*Close Dr.Web Cureit*. 
*Reboot your computer* to allow files that were in use to be moved/deleted during reboot. 
After reboot, post the contents of the log from *Cureit.log* you saved previously in your next reply. 
ONLY if the log is too large, then you may "attach" it.

Re-Enable your antivirus program when all done. Let me see that log, also tell me if there are any remaining issues or concerns...

Kevin


----------



## Sboutte (Jul 2, 2012)

I scrolled through the report and there are an awful lot f files that can't be found.


----------



## Sboutte (Jul 2, 2012)

didn't see the attachment...says upload of file failed. Iwill try in 2 replies...

=============================================================================
Dr.Web Scanner SE for Windows v9.0.5.01160
(c) Doctor Web, Ltd., 1992-2013
Scan session started 2014/04/06 10:50:18 
Module location : c:\documents and settings\owner\local settings\temp\E9F1FF48-6E7E7200-39FA6A28-8016A060\
=============================================================================
Available instances: 2
Instances used: 2
Platform: Windows XP Home x86 (Build 2600), Service Pack 3
API Version: 2.2
Scanning Engine version: 9.0.8.2070
Virus Finding Engine version: 7.0.8.2260
Total 169 virus bases are loaded from c:\documents and settings\owner\local settings\temp\E9F1FF48-6E7E7200-39FA6A28-8016A060
uf50uevr 7.0 c6de78499ba02e60354213f14e2f27901601b4e1 2014/04/06 07:20:20 2726 records - OK
gx5ov2w8 7.0 98d8f983feec8436db1bc275c5bc9f42c68cef83 2011/07/25 09:20:03 2 records - OK
zqaymkze 7.0 3a4c6986c3916650d3d9cc65689d18f927d1312d 2014/04/05 14:02:29 4326 records - OK
g6j35ywq 7.0 90db53cf0aecc54e29fe45481c8701e172495654 2014/03/30 22:05:55 9893 records - OK
6h0mnsw5 7.0 8beb8eb97aa5accaf0f36f7a322b761a1dc77dcf 2014/03/23 22:06:14 20363 records - OK
76q8izvj 7.0 b6c848e848970a30ff4eb4756cb6f4e7f14f4532 2014/03/16 22:06:15 17106 records - OK
socn6eid 7.0 c8b50201f91d633fd7a72aa7b32847785ff68598 2014/03/09 22:07:19 29679 records - OK
1kef01ds 7.0 ced18b5f940d318561bad384904b85c49cfe1d75 2014/03/03 03:14:22 26983 records - OK
mbff9o7j 7.0 ec1a9ea7dcfd8a5fbac623a06df46c8b9b404008 2014/02/23 21:06:08 20659 records - OK
492uc7gq 7.0 d9af357680a3a8e4972488588daa2093ad4e925b 2014/02/16 21:07:02 12119 records - OK
0126mjg7 7.0 8096cc58eae678b74939277d4d6e3b1f7a498c54 2014/02/09 21:06:00 21955 records - OK
tbgkn6e4 7.0 d2759d80da4df855cc56a1c3e14dc29721af2eb5 2014/02/02 21:11:13 21349 records - OK
7miffo6t 7.0 3d19003910067f044af4e5fee3ca6ba49b1e0dff 2014/01/26 21:08:07 11704 records - OK
kapmdge2 7.0 9ec552f68211aadc7667cb8fbdeedee84e2ccaf4 2014/01/19 21:10:10 19301 records - OK
7dswgwk5 7.0 141e9b07b61877285ee8d35a4ca0a552be38d299 2014/01/12 21:07:28 15935 records - OK
dbj1hhi0 7.0 e4963e7b03c06feda00ae36a7942659c0737c1bd 2014/01/05 21:07:22 12941 records - OK
8f6v082a 7.0 c3164a886736d726e2441cad3a4de6f0b0e3219b 2013/12/29 21:07:50 18147 records - OK
bkx1rlfd 7.0 1b3a9eb9e843e310051345db539364f71dcdce26 2013/12/22 21:07:36 24291 records - OK
yphnny9v 7.0 3c6be998bcbacb19a30e4fd27fe02bb8d9401191 2013/12/15 21:08:17 22670 records - OK
fyy7xruj 7.0 17c7a62a967080ce25e28d47e4cf1035e145ddc1 2013/12/08 21:09:54 21015 records - OK
t5uj7pl8 7.0 6dbc5b701b6ffb1a8bc80c52f3454314e6d82273 2013/12/01 21:09:01 20471 records - OK
mbwo3nek 7.0 95e77d6bd2c5f5feabdd074d49272f3988737aac 2013/11/24 21:06:55 18641 records - OK
m9auuxxl 7.0 8e677cc8b19dc0ad82c4b71202c0acd9e2e25827 2013/11/17 21:08:42 32245 records - OK
dlmhtkiw 7.0 bc2662842e39ed5dc010a39140fd82d7ad1b6006 2013/11/10 21:09:43 33084 records - OK
2e6c7r9j 7.0 8900859cec3affe1e5bbb086bdb2299d125acf7c 2013/11/03 21:09:28 30356 records - OK
lqfgqunv 7.0 0e9ca4f15f289ae826d213e6a1d672470a127b51 2013/10/27 22:09:43 18457 records - OK
v5q2of8b 7.0 eba0efa3e9d70063908fb5e41a704579c255ea33 2013/10/20 22:09:49 19594 records - OK
o5m5l0fx 7.0 0f5e49d3e5b4c931d1f2de5e7b3551b3290cae26 2013/10/13 22:07:20 22924 records - OK
b4wyvh18 7.0 11c09a3ae7c80058711dd699aeb1ca4f5ba0f5a5 2013/10/06 22:07:56 24694 records - OK
w8fqumh8 7.0 27f46d939a14e1a0605b9762db1de5a2aca20a58 2013/09/29 22:08:23 24253 records - OK
hx75pd6l 7.0 e679853ff1af1082b1982cf226785128a26e1099 2013/09/22 22:07:56 18453 records - OK
a5ia2txu 7.0 690d8b937e4edb8176c3d466585662a6014e3d0e 2013/09/15 22:08:41 19662 records - OK
zzjzjas8 7.0 cf5d32d1091e0c33523e8c6f9697c32ef2bf4f29 2013/09/08 22:07:53 11289 records - OK
zwbzk59y 7.0 8f8258337f82d1dd4434e9b71f2e481f06baf7c2 2013/09/01 22:08:50 16486 records - OK
e08tx0qz 7.0 f806ed4628669b46da54d1f2eb12aa9bcef603a6 2013/08/25 22:08:46 18051 records - OK
6159sxx0 7.0 b453f2d6f8659d9dd5b9aa92f2a4cfa16cbfa1db 2013/08/18 22:07:38 30970 records - OK
2g5oassa 7.0 99da1df207839fb44ae24c23590c827a78b79624 2013/08/11 22:07:21 36983 records - OK
m71nm1kt 7.0 f00c8b50a0012e8c42c6739e1326d23df1894610 2013/08/04 22:06:47 34115 records - OK
e406825k 7.0 896fcf8d5d0cd958da3891b65648d2dc1592338b 2013/07/28 22:07:44 19463 records - OK
h1dlhvj7 7.0 d690513befab3ea86af2fe671a7f24cc05c9feaa 2013/07/21 22:08:15 35067 records - OK
9expqpby 7.0 5d7d11b0edc97be077b0771339ba3dc0c75de9e0 2013/07/14 22:08:05 29822 records - OK
7c8hoa5s 7.0 67683402b8212ef4da87f649878865c52e5dc113 2013/07/07 22:08:35 39172 records - OK
sefh0tu4 7.0 613a3e4bae38b4e00a7432c24a9cd916fb1c654f 2013/06/30 22:06:34 24654 records - OK
yjgl4qga 7.0 b81132c4abffd4d2949531a1219b6bb1c3bad6f7 2013/06/23 22:06:30 14062 records - OK
l2yhpvxm 7.0 9aab251475626c658b193cfa2b5f91da471bf8f2 2013/06/16 22:05:57 13350 records - OK
tjn7ihv2 7.0 e1f8aca88745fcdd49dc7ae75e142c41e1faf178 2013/06/09 22:08:13 26371 records - OK
nvgknruk 7.0 4e8627555a073f6bad5218bad3e69ebc4b93069f 2013/06/02 22:07:47 25525 records - OK
571vvtwa 7.0 f562371c5115143824efde38c9567c34ccbe5d1a 2013/05/26 22:16:19 33200 records - OK
kox5ujm8 7.0 eccb30ec8ed44456f9b88fe96d9fe0de40e4fa51 2013/05/19 22:11:05 46384 records - OK
y2546afd 7.0 9b481fbfbe1f564a84f21552da1d30d24e7b01db 2013/05/12 22:07:01 34270 records - OK
02y1u2qx 7.0 1bf754dd720727b5d6803e081c16ff7f4ba7b40b 2013/05/05 22:08:46 41611 records - OK
rf5a84dm 7.0 4e883c92513c2d991968fb3e4f27910a63d9a2df 2013/04/28 22:06:36 36105 records - OK
64o9nhq4 7.0 b047d178295ecde53c3cf1c34e4361004569fa33 2013/04/21 22:07:26 31319 records - OK
vu8pkyxr 7.0 9207e55a924e4aa989dfde4d8d219cf5cc200ce2 2013/04/14 22:07:56 28216 records - OK
esmap617 7.0 78855cfb9fbc063889c5405a577fe73188f08789 2013/04/07 22:05:35 23589 records - OK
5e8tlnuu 7.0 cec6d34c79d50608520e81b90a23d91f39df0b27 2013/03/31 22:07:37 26946 records - OK
r2es9jab 7.0 fd3c78d78ea4dae4e252a7f7d76db22e1a679be9 2013/03/24 22:05:37 34778 records - OK
nzy0qrzu 7.0 268e71b1123ab5e60fd2f38d269fe5f3d22b3697 2013/03/17 22:06:19 11271 records - OK
zt4ifjdq 7.0 d196879775b0dc0ee8286f2e4def9adedb5b88df 2013/03/10 22:05:36 12046 records - OK
coyxu16s 7.0 0db61d4e3235481da8493523538ced712db362c2 2013/03/03 21:05:18 21747 records - OK
p3rdx5ux 7.0 65f99faf227b51883c9f1c854a3f76806b60affb 2013/02/24 21:06:28 11540 records - OK
lls5p418 7.0 17bd7383b9c4b214c5c9029171db8ae1455984a0 2013/02/17 21:06:38 15568 records - OK


----------



## Sboutte (Jul 2, 2012)

8vwjv6xa 7.0 cbe8774953ae403e49370d552b522a5839aa9fdb 2013/02/10 21:06:00 18805 records - OK
fjcedz6p 7.0 fb6865c02a3680338e4ee0603579107227313b2b 2013/02/03 21:06:01 32488 records - OK
urdvww6s 7.0 95fcd2e24cd9b2ec2610656ffa70b8bf46e86a8b 2013/01/27 21:04:52 15470 records - OK
25oquvks 7.0 3d710b3dd4580a7eca8c74d2c886d48f5b8b5172 2013/01/20 21:06:27 30093 records - OK
tbn7dhob 7.0 bddde0b5426b7e5bebd61e1239ca529c87ae6e36 2013/01/13 21:04:41 16158 records - OK
o0anjg9k 7.0 bc40bd9330301e8d7796f489d03357fb711b3121 2013/01/06 21:04:45 19597 records - OK
2la8o1gr 7.0 805b6089c867549c75f843eac96b759c3f8d101f 2012/12/30 21:05:41 18184 records - OK
0h19tn01 7.0 c680da06ac6ec011d130e7ac765e33da89e2820a 2012/12/23 21:05:33 29945 records - OK
u09zgabx 7.0 33def496782eb5b7b1cc93fdb036a1b62fa6a2fd 2012/12/16 21:06:21 25519 records - OK
sr16q8xc 7.0 422abae03c588822f412aa9aae50578a1d61737e 2012/12/09 21:05:04 20358 records - OK
3ietionn 7.0 a4f0d0ecad4fb6e0afdb1925f4e0b7863b9d03fa 2012/12/02 21:06:19 20133 records - OK
3yo8bi9p 7.0 86daa918ee3de1e4c1e5dea6f9b5f63544cf8814 2012/11/25 21:05:22 27311 records - OK
dkr0v258 7.0 6556881c748e1f894eb9c7943ebae67017e1aec2 2012/11/18 21:06:09 29434 records - OK
10vihaqk 7.0 559141ef34f9e6226bb58560e9b52e4cc5165150 2012/11/11 21:06:22 26900 records - OK
ks2lhb6f 7.0 cc55013e63ff89319ec772e34d77056c7108cd3b 2012/11/04 21:05:22 25164 records - OK
gwp5m6zg 7.0 f477dc247d9b562bb64fd4f46a7dcbdf7124eb60 2012/10/28 22:06:37 30226 records - OK
n2n2z7t4 7.0 abaf5f7fda7308fcf7573b193bbf2116723e9802 2012/10/21 22:04:37 16441 records - OK
1sw72pb5 7.0 5adc85528fb49e201d4bc61eca580d6839cc4a4c 2012/10/14 22:05:04 26289 records - OK
ytgz95sg 7.0 da8cf3fbd81206bb3d8103347a439f920a74bbe2 2012/10/07 22:05:51 27278 records - OK
pl1bhyub 7.0 5988744d3cb357f1a013427d466e2d79ab5f8907 2012/09/30 22:05:11 17444 records - OK
gq33jt8s 7.0 d4a0dabf4a4df0f79805c6ccdc025f796765e786 2012/09/23 22:06:30 21205 records - OK
g5cxoe9i 7.0 82ed005784d9e258213070a0cd8bfceff345018d 2012/09/16 22:05:43 11686 records - OK
a54qivna 7.0 a95ae63004b8d857c2db055f4e47c15bfc97f626 2012/09/09 22:04:34 12677 records - OK
tnaqk215 7.0 c39bf233d25242ae9ed8cf204b9b788c8f45ab79 2012/09/02 22:05:28 10118 records - OK
j2mqqhba 7.0 d37b5484b009947b7cdd3837dafe8148615401c2 2012/08/26 22:05:26 12602 records - OK
3063nx8h 7.0 41bf1347794ab7060dec7aaecc1d1d95cf6fecb5 2012/08/19 22:04:05 18298 records - OK
gh7krhz6 7.0 1a997511e5892aaeb69b3db70e06676af36382e3 2012/08/12 22:05:19 17126 records - OK
dx7fgzpj 7.0 f7226c59914e3683e538e668c3b664af3232654d 2012/08/05 22:03:53 20539 records - OK
rq8ypy94 7.0 4035c8d3b617bf935a317a8c57efaa8e835a61f4 2012/07/29 22:05:26 19330 records - OK
yvw2jdc0 7.0 09b55bc000f184ed426f1d8b9665669346fe5e71 2012/07/22 22:05:34 19692 records - OK
wa5dw8o8 7.0 f746c097f298e94faa9db94e6f64ef9fd4a7b010 2012/07/15 22:05:43 14727 records - OK
cbglhsef 7.0 792a6a25a17e764390440cd4c2c6ca5a97ab162f 2012/07/08 22:04:33 19485 records - OK
24m6286o 7.0 ca9905c39e3d93428a4db65a192debe9fbd7acf7 2012/07/01 22:04:55 22898 records - OK
0du5ud0m 7.0 dc29c610b866c66ba5327e7830452b2460149a35 2012/06/24 22:05:17 20551 records - OK
5tqeb3tn 7.0 c28739bea153508d12942ac9a61abd475d0a0404 2012/06/17 22:03:35 9661 records - OK
j3udlagy 7.0 e5b5835a7c512120c5348e31483a4caa2a845d28 2012/06/10 22:04:32 23632 records - OK
emtb91dm 7.0 61853ce89026ef0ebbd80174f1b7dd5d25bbc63a 2012/06/03 22:04:41 12423 records - OK
lrohymes 7.0 4e6c9897e153b47ca97b7da48ceed23e555a7761 2012/05/27 22:04:26 15493 records - OK
03il3msi 7.0 35f4c105cecd8ec1fd01714abebf30f8f3efb96e 2012/05/20 22:03:29 13065 records - OK
vqfm5x8w 7.0 3522aa84677411aa7d67796bb05ea3ab62f02a71 2012/05/13 22:04:24 16238 records - OK
619qb987 7.0 7597333540eda537bd42c0a17d4a6526ad247a2e 2012/05/06 22:04:33 11570 records - OK
a6o24m2w 7.0 867814380363bc6ad605acf4b96e02c54dbd60f7 2012/04/29 22:03:28 15478 records - OK
ft7eetic 7.0 3c04f402d91a19039cb9c223c435dc4ea1bb3da4 2012/04/22 22:05:05 11881 records - OK
mnohonri 7.0 8d0220a2a50b367e61a51d3b29c2659cde41bb7f 2012/04/15 22:03:29 13578 records - OK
900zi3ma 7.0 b79dc6f5832ad390108d1880694ec538e8b34bb0 2012/04/08 22:05:02 14292 records - OK
e8yeu5ck 7.0 8ff7cc095c43c2154275b7a54a89bf365e8daf4a 2012/04/01 22:03:24 14084 records - OK
k6te86qx 7.0 9502a428b32be4ad08556134e271c9ba03195398 2012/03/25 22:04:43 19126 records - OK
gw3xt0i0 7.0 28c2fabbc645aff41baac12b911a8499ea163536 2012/03/18 22:03:23 14920 records - OK
rj4pywgu 7.0 86de597ff06e58206f94263f2eef33cb41b2530c 2012/03/11 22:03:25 19017 records - OK
1rvchoew 7.0 5bd1d666e7c9ca70c34e591dc6c55314ce4b11af 2012/03/04 21:04:32 19691 records - OK
z0enok95 7.0 15a9d10c451d2fcf124700f29f557d9bf338e671 2012/02/26 21:03:21 23605 records - OK
tylxep18 7.0 5647d941e5358105ca6558dce78873f06c48d5dc 2012/02/19 21:03:45 19067 records - OK
9ekmbvr3 7.0 c9b2600cb665ce34e0ccd0f19e0a88cd44437f51 2012/02/12 21:04:49 19019 records - OK
p45ev7dh 7.0 9df2e129e78a9d9ab491186da1329c1dd1190e17 2012/02/05 21:05:25 28028 records - OK
6a6jvana 7.0 b69b9504a51b8777b8e95a4680dc8ac1d8d8c25d 2012/01/29 21:08:41 29444 records - OK
eaqvq27q 7.0 3d7431bdee1a22d6329e017f348db7760f2645ac 2012/01/23 02:22:13 19353 records - OK
bt4yrewc 7.0 e04570f78fb00d758abdf77c534a460980e102c0 2012/01/15 21:12:31 20747 records - OK
8jtcpjye 7.0 2de2479b112c4416e2375343f57ca789b042aecc 2012/01/08 21:04:30 28052 records - OK
tl000lyk 7.0 c4bd9612ff1f71d8bd23b4f1bc114eed1ae2ee6b 2012/01/01 21:04:40 12183 records - OK
4f1j0fs0 7.0 28b1d218ade8f05fdc8550c7456ac3b74f705208 2011/12/25 21:03:33 19984 records - OK
gojf4qad 7.0 539e41e8f3d97a6f347600c7cef903d9f34e0518 2011/12/18 21:08:45 22627 records - OK
ng0hmox8 7.0 f8e81968965f555bce0d02fc9933fee840b97aaf 2011/12/12 14:20:22 49580 records - OK
rfvio6ws 7.0 14751e0f442bba3efc08ee12d82a2815c61cfeb6 2011/12/04 02:00:00 45195 records - OK
9akkr03b 7.0 1a1e6cb9b3096a2cbba2c31d05e11914c0357d52 2011/12/04 01:00:00 165532 records - OK
159tsvd9 7.0 0f948a7d416c556bfc8a8be2c2c39f998fee6d9e 2011/12/04 00:00:00 170820 records - OK
6bmal2a7 7.0 9357c3cc73a4a374346a678f197daa22496c7ae5 2011/12/03 23:00:00 171279 records - OK
fqho7tgd 7.0 ae56b06b3d6f1e13c5f10cce4ed68f2cccbf3298 2011/12/03 22:00:00 170253 records - OK
jx8lkmdu 7.0 fdaab5c1079d02c94f20d07c39d638cad79d8771 2011/12/03 21:00:00 170291 records - OK
ica21ti4 7.0 b59d8841e65d7670b2aae7f2b65734269f6c4fe3 2011/12/03 20:00:00 170501 records - OK
7f1s3odr 7.0 3946b1d195434cf7a70d144da71c87559475c58f 2011/12/03 19:00:00 353582 records - OK
mibfuk0e 7.0 8df4695f74ea5949551df6044720694e204b13d7 2011/12/03 18:00:00 852776 records - OK
4wphjas1 7.0 59e66cd9467b25c9858516b6d388c571601ca18d 2014/04/06 07:20:45 1970 records - OK
04sv9top 7.0 ce3100ec091fcc4cfffed117a4f62fb0bd553113 2013/11/24 21:15:53 1683 records - OK
x1eu57oq 7.0 6ede5b37423910c2f3ffff6d90fef6a16e565e5e 2013/09/01 22:14:42 1327 records - OK
hmdt5ahx 7.0 c1d53c2aef72dfab36a8045897938e7a31f279ac 2013/07/14 22:15:07 1590 records - OK
n9yfnlfj 7.0 0cb77ee7a3e6545553585eb6df267a86d4fecbe4 2013/04/21 22:14:29 1680 records - OK
hgb2e3jf 7.0 6cb68b8fab821702ef054f864ff44917414e50fa 2013/02/03 21:13:43 2078 records - OK
o4gep7hi 7.0 cfbe9cf43615f7856e4c35f0fc02e2baf12e39e7 2012/12/16 21:14:14 1725 records - OK
aa1xhvmv 7.0 047694e79b1a8d295f27ea9c6565062404f84a57 2012/11/11 21:12:52 2050 records - OK
06pkqyi3 7.0 f3413603f4ee1c88018a78c1f6faf2abeb8fa8c1 2012/09/23 22:13:14 1456 records - OK
qmkpo0ny 7.0 8871f579eeb7e5e7b70c6dd898afd27391d7daf4 2012/06/24 22:12:36 1421 records - OK
usqpnrft 7.0 3ee43130fe7fec4b367a791892a444d0a791b29b 2012/03/25 22:12:30 1385 records - OK
uho0cprz 7.0 fddc5d687537580c7166dbf117d591593bc62261 2012/01/22 22:56:09 1653 records - OK
kn5zteex 7.0 619f2711e577ea0299d46e4517ae8cf4a9ec950c 2014/04/06 07:20:37 2270 records - OK
ydghwbm3 7.0 2c7af9317ddc3df65fb41d24594a97580a7e0368 2014/02/23 21:25:04 2844 records - OK
3n96du0y 7.0 79ee97945d406605f5330158ea8367948c6377de 2013/12/22 21:25:01 2352 records - OK
ao6nwtja 7.0 4ed4e052d8cc2df4eb5f1916da50e16da9e4e3da 2013/10/20 22:25:47 2062 records - OK
kiw2i53u 7.0 cc2fc58477a41d340f63e6d3d228133c927a9810 2013/09/15 22:25:22 3440 records - OK
elivpjw0 7.0 63ff62f7b5aa956912f6c29e7ad7be26569416ff 2013/08/18 22:25:05 1485 records - OK
s5kzdj3y 7.0 d95d1ab4adf9a869001802f64960356e903dd478 2013/07/21 22:24:06 2214 records - OK
ee89u9nt 7.0 45cdfad530697916adbfea43a8763a4ab0c95beb 2013/05/19 22:24:48 1426 records - OK
564o6seq 7.0 bd9fd948b79e07c8676018e17a43ee81f5335e36 2013/04/21 22:24:10 1641 records - OK
87bcnw28 7.0 c7f70566b9bae9fd3f5a8d0b56d961f890a55508 2013/03/17 22:23:44 1742 records - OK
7knzfg4q 7.0 8893c0d254eb40c78b5c78ea17fbc3be60ea6304 2013/01/20 21:24:33 2016 records - OK
i4lkkwi2 7.0 cdf3a9d2dcab57f90c378d9eefacbfd358a42699 2012/12/09 21:23:23 1620 records - OK
j55hkn7c 7.0 c0726ba000e840272f0810b89051e6daa8799084 2012/11/04 21:23:16 1658 records - OK
x6t1ay2p 7.0 216611859de0125bf130d6324d43c9115cb05def 2012/10/07 22:23:20 1465 records - OK
0cq8c8qb 7.0 264c14ad60c4423ec292f5f8b182e4448504dfa9 2012/09/09 22:23:14 1588 records - OK
u7b59i6i 7.0 33197bfe9efefa9db33725d240757103c625b601 2012/07/22 22:22:36 1702 records - OK
mtvr6lal 7.0 74d8e114edb84b95bc09d5a2a36191d15a61e2cb 2012/06/10 22:22:36 1659 records - OK
5waildhe 7.0 79ca8239f310688d2b9c314fa3d738a34985cce3 2012/04/29 22:22:34 1670 records - OK
njhyucos 7.0 aac27e986e3731e5260cb76f5b14558e36660dec 2012/03/11 22:22:28 1729 records - OK
i8d4krb6 7.0 fa5c96b8be693a20c2a295e3545419e6f117fdc4 2012/01/29 21:23:00 1523 records - OK
kjkdz6hk 7.0 e9b21e0a3578ef2e2067f4876309671ddc78f65f 2011/12/18 21:22:29 1805 records - OK
aqg0qvpl 7.0 8f7a8f6f55130f6becc5331ab38dc2108746b8aa 2011/12/03 17:00:00 26456 records - OK
mn0io2z7 7.0 e6d52b11d2f7d405ccd31347da3b6fde69825168 2011/12/03 16:00:00 74279 records - OK
kd7ducej 7.0 e20ffde4bbc58e0585b0b3b2f324bc91272c2360 2011/12/03 15:00:00 1 record - OK
Total records count: 5080871

Anti-rootkit module version ( ver: 9.0.201402040, api: 6.10 )

Using c:\documents and settings\owner\local settings\temp\E9F1FF48-6E7E7200-39FA6A28-8016A060\28pgeoku.key as Dr.Web (R) Key file
This Dr.Web (R) Key is for 1 computer (A User)
OPTION [Automatic Apply Actions] NO
OPTION [Turn Off Computer After Scan] NO
OPTION [Use Sound Alerts] NO
OPTION [Block Network] NO
OPTION [Protect Process] NO
OPTION [Protect Raw Disk] NO
Using language: "English"
-----------------------------------------------------------------------------
Start scanning
-----------------------------------------------------------------------------
Command line used:-rpcep:\pipe\27C0C39C85 -rpcpr:np

Object(s) to scan:
- Scan processes in memory
- Scan boot sectors
- Scanning for rootkits 
- C:\0
- C:\0.bak
- C:\AUDIT_INSTALL_IN_PROGRESS
- C:\AUTOEXEC.BAT
- C:\Backup 01232014.bkf
- C:\Boot.bak
- C:\boot.ini
- C:\cmldr
- C:\CONFIG.SYS
- C:\DTLog.txt
- C:\IO.SYS
- C:\logfile
- C:\MOVE_RECOVERY
- C:\MSDOS.SYS
- C:\My Family.SFcht
- C:\NTDETECT.COM
- C:\ntldr
- C:\pagefile.sys
- C:\powerdvd.log
- C:\REQUEST_OEMRESET_ENDUSER
- C:\RHDSetup.log
- C:\USER
- C:\user.js
- C:\WINDOWS\system32\
- C:\Documents and Settings\Owner\My Documents\
- C:\WINDOWS\TEMP\
- C:\DOCUME~1\Owner\LOCALS~1\Temp\

Computer\Motherboard\SYSTEM BIOS - Ok
c:\windows\system32\ntkrnlpa.exe - Ok
c:\windows\system32\hal.dll - Ok
c:\windows\system32\kdcom.dll - Ok
c:\windows\system32\bootvid.dll - Ok
c:\windows\system32\drivers\acpi.sys - Ok
c:\windows\system32\drivers\wmilib.sys - Ok
c:\windows\system32\drivers\pci.sys - Ok
c:\windows\system32\drivers\isapnp.sys - Ok
c:\windows\system32\drivers\ohci1394.sys - Ok
c:\windows\system32\drivers\1394bus.sys - Ok
c:\windows\system32\drivers\compbatt.sys - Ok
c:\windows\system32\drivers\battc.sys - Ok
c:\windows\system32\drivers\pciide.sys - Ok
c:\windows\system32\drivers\pciidex.sys - Ok
c:\windows\system32\drivers\aliide.sys - Ok
c:\windows\system32\drivers\intelide.sys - Ok
c:\windows\system32\drivers\toside.sys - Ok
c:\windows\system32\drivers\viaide.sys - Ok
c:\windows\system32\drivers\cmdide.sys - Ok
c:\windows\system32\drivers\pcmcia.sys - Ok
c:\windows\system32\drivers\mountmgr.sys - Ok
c:\windows\system32\drivers\ftdisk.sys - Ok
c:\windows\system32\drivers\acpiec.sys - Ok
c:\windows\system32\drivers\oprghdlr.sys - Ok
c:\windows\system32\drivers\partmgr.sys - Ok
c:\windows\system32\drivers\volsnap.sys - Ok
c:\windows\system32\drivers\cpqarray.sys - Ok
c:\windows\system32\drivers\scsiport.sys - Ok
c:\windows\system32\drivers\atapi.sys - Ok
c:\windows\system32\drivers\aha154x.sys - Ok
c:\windows\system32\drivers\sparrow.sys - Ok
c:\windows\system32\drivers\symc810.sys - Ok
c:\windows\system32\drivers\aic78xx.sys - Ok
c:\windows\system32\drivers\dac960nt.sys - Ok
c:\windows\system32\drivers\ql10wnt.sys - Ok
c:\windows\system32\drivers\amsint.sys - Ok
c:\windows\system32\drivers\asc.sys - Ok
c:\windows\system32\drivers\asc3550.sys - Ok
c:\windows\system32\drivers\mraid35x.sys - Ok
c:\windows\system32\drivers\i2omp.sys - Ok
c:\windows\system32\drivers\ini910u.sys - Ok
c:\windows\system32\drivers\ql1240.sys - Ok
c:\windows\system32\drivers\aic78u2.sys - Ok
c:\windows\system32\drivers\symc8xx.sys - Ok
c:\windows\system32\drivers\sym_hi.sys - Ok
c:\windows\system32\drivers\sym_u3.sys - Ok
c:\windows\system32\drivers\abp480n5.sys - Ok
c:\windows\system32\drivers\asc3350p.sys - Ok
c:\windows\system32\drivers\cd20xrnt.sys - Ok
c:\windows\system32\drivers\ultra.sys - Ok
c:\windows\system32\drivers\adpu160m.sys - Ok
c:\windows\system32\drivers\dpti2o.sys - Ok
c:\windows\system32\drivers\ql1080.sys - Ok
c:\windows\system32\drivers\ql1280.sys - Ok
c:\windows\system32\drivers\ql12160.sys - Ok
c:\windows\system32\drivers\perc2.sys - Ok
c:\windows\system32\drivers\perc2hib.sys - Ok
c:\windows\system32\drivers\hpn.sys - Ok
c:\windows\system32\drivers\cbidf2k.sys - Ok
c:\windows\system32\drivers\dac2w2k.sys - Ok
c:\windows\system32\drivers\disk.sys - Ok
c:\windows\system32\drivers\classpnp.sys - Ok
c:\windows\system32\drivers\fltmgr.sys - Ok
c:\windows\system32\drivers\sr.sys - Ok
c:\windows\system32\drivers\pxhelp20.sys - Ok
c:\windows\system32\drivers\ksecdd.sys - Ok
c:\windows\system32\drivers\ntfs.sys - Ok
c:\windows\system32\drivers\ndis.sys - Ok
c:\windows\system32\drivers\sisagp.sys - Ok
c:\windows\system32\drivers\viaagp.sys - Ok
c:\windows\system32\drivers\mup.sys - Ok
c:\windows\system32\drivers\alim1541.sys - Ok
c:\windows\system32\drivers\amdagp.sys - Ok
c:\windows\system32\drivers\agp440.sys - Ok
c:\windows\system32\drivers\agpcpq.sys - Ok
c:\windows\system32\drivers\intelppm.sys - Ok
c:\windows\system32\drivers\igxpmp32.sys - Ok
c:\windows\system32\drivers\videoprt.sys - Ok
c:\windows\system32\drivers\hdaudbus.sys - Ok
c:\windows\system32\drivers\usbuhci.sys - Ok
c:\windows\system32\drivers\usbport.sys - Ok
c:\windows\system32\drivers\usbehci.sys - Ok
c:\windows\system32\drivers\hsfhwbs2.sys - Ok
c:\windows\system32\drivers\ks.sys - Ok
c:\windows\system32\drivers\hsf_dpv.sys - file not found
c:\windows\system32\drivers\hsf_cnxt.sys - file not found
c:\windows\system32\drivers\modem.sys - file not found
c:\windows\system32\drivers\rtl8139.sys - file not found
c:\windows\system32\drivers\serial.sys - file not found
c:\windows\system32\drivers\serenum.sys - file not found
c:\windows\system32\drivers\parport.sys - file not found
c:\windows\system32\drivers\i8042prt.sys - file not found
c:\windows\system32\drivers\kbdclass.sys - file not found
c:\windows\system32\drivers\imapi.sys - file not found
c:\windows\system32\drivers\cdrom.sys - file not found
c:\windows\system32\drivers\redbook.sys - file not found
c:\windows\system32\drivers\audstub.sys - file not found
c:\windows\system32\drivers\rasl2tp.sys - file not found
c:\windows\system32\drivers\ndistapi.sys - file not found
c:\windows\system32\drivers\ndiswan.sys - file not found
c:\windows\system32\drivers\raspppoe.sys - file not found
c:\windows\system32\drivers\raspptp.sys - file not found
c:\windows\system32\drivers\tdi.sys - file not found
c:\windows\system32\drivers\psched.sys - file not found
c:\windows\system32\drivers\msgpc.sys - file not found
c:\windows\system32\drivers\ptilink.sys - file not found
c:\windows\system32\drivers\raspti.sys - file not found
c:\windows\system32\drivers\termdd.sys - file not found
c:\windows\system32\drivers\mouclass.sys - file not found
c:\windows\system32\drivers\swenum.sys - file not found
c:\windows\system32\drivers\update.sys - file not found
c:\windows\system32\drivers\mssmbios.sys - file not found
c:\windows\system32\drivers\ndproxy.sys - file not found
c:\windows\system32\drivers\rtkhdaud.sys - file not found

Will copy the rest and try to upload as attachment


----------



## Sboutte (Jul 2, 2012)

3 logs attached.


----------



## kevinf80 (Mar 21, 2006)

The log is not complete, the end will give a description of files found, infected number etc...etc


----------



## Sboutte (Jul 2, 2012)

Shortcuts\DriverCure Installer.exe\DriverCureHelp.chm\dhtml_popup.js is JS-HTML container
>>C:\Documents and Settings\Owner\My Documents\Unused Desktop Shortcuts\DriverCure Installer.exe\ParetoLogicUpdate.chm is CHM container
>>>C:\Documents and Settings\Owner\My Documents\Unused Desktop Shortcuts\DriverCure Installer.exe\ParetoLogicUpdate.chm\191.htm is JS-HTML container
>>>C:\Documents and Settings\Owner\My Documents\Unused Desktop Shortcuts\DriverCure Installer.exe\ParetoLogicUpdate.chm\dhtml_popup.js is JS-HTML container
C:\Documents and Settings\Owner\My Documents\Unused Desktop Shortcuts\DriverCure Installer.exe - container

Total 13960932553 bytes in 10583 files scanned (50125 objects)
Total 10560 files (50095 objects) are clean
Total 3 files are infected
Total 2 files are suspicious
Total 21 files are raised error condition
Scan time is 00:58:50.203


----------



## kevinf80 (Mar 21, 2006)

Continue please:

Read the following link before we continue and run Combofix:

*ComboFix usage, Questions, Help? - Look here*

Next,

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

http://www.infospyware.net/antimalware/combofix/


 Ensure that Combofix is saved directly to the Desktop * <--- Very important*

 Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.

 Close any open browsers and any other programs you might have running

 Double click the







icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)

 Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.

 If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.

 When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

*******Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze* ******

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

*EXTRA NOTES*

 If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
 *If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal*
 If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin


----------



## Sboutte (Jul 2, 2012)

ComboFix 14-04-06.01 - Owner 04/06/2014 19:21:23.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1545 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\0.bak
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Laflurla_iels
c:\windows\system32\Cache
c:\windows\system32\Cache\075884af680ff6dc.fb
c:\windows\system32\Cache\227113dfa1ca894d.fb
c:\windows\system32\Cache\49fbbc5a8678d502.fb
c:\windows\system32\Cache\58e902dae14a6c1a.fb
c:\windows\system32\Cache\613e8ce7ab7106af.fb
c:\windows\system32\Cache\633a76311867bd11.fb
c:\windows\system32\Cache\691f14230153a9e1.fb
c:\windows\system32\Cache\6cb409d7ac73d9f1.fb
c:\windows\system32\Cache\7614bd6cfa99e546.fb
c:\windows\system32\Cache\77664b6ccc36be9f.fb
c:\windows\system32\Cache\881b3593316772f0.fb
c:\windows\system32\Cache\98657d0579ae1930.fb
c:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb
c:\windows\system32\Cache\d9ca663388d21ec0.fb
c:\windows\system32\Cache\f2cda51fd108941f.fb
c:\windows\system32\Cache\f34d8db84131d925.fb
.
.
((((((((((((((((((((((((( Files Created from 2014-03-07 to 2014-04-07 )))))))))))))))))))))))))))))))
.
.
2014-04-06 15:50 . 2014-04-06 18:49	--------	d-----w-	c:\documents and settings\Owner\Doctor Web
2014-04-06 01:32 . 2014-04-06 01:32	--------	d-----w-	C:\_OTM
2014-04-05 12:01 . 2014-04-05 12:01	--------	d-----w-	c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2014-04-05 11:35 . 2014-04-05 11:35	--------	d-----w-	c:\documents and settings\Owner\Local Settings\Application Data\ESET
2014-04-05 10:32 . 2014-04-05 10:32	--------	d-----w-	c:\program files\ESET
2014-04-05 10:32 . 2014-04-05 10:32	--------	d-----w-	c:\documents and settings\All Users\Application Data\ESET
2014-04-04 17:07 . 2014-04-04 17:07	--------	d-----w-	c:\windows\ERUNT
2014-04-03 15:27 . 2014-04-03 16:10	--------	d-----w-	C:\AdwCleaner
2014-03-31 15:05 . 2014-03-31 15:05	55232	----a-w-	c:\windows\system32\drivers\tStLibG.sys
2014-03-31 14:21 . 2014-03-31 14:25	--------	d-----w-	c:\documents and settings\Owner\Application Data\FreeFileViewer
2014-03-31 13:46 . 2014-03-31 13:46	--------	d-----w-	c:\documents and settings\Owner\Local Settings\Application Data\FreeFileViewer
2014-03-31 13:43 . 2014-03-31 13:43	--------	d-----w-	c:\program files\FreeFileViewer
2014-03-30 20:15 . 2014-03-30 20:15	--------	d-----w-	c:\documents and settings\Owner\Application Data\rmi
2014-03-30 19:05 . 2014-03-30 20:21	--------	d-----w-	c:\documents and settings\Owner\Application Data\ImgBurn
2014-03-30 18:57 . 2014-03-30 18:57	--------	d-----w-	c:\program files\ImgBurn
2014-03-30 17:20 . 2014-03-31 03:15	--------	d-----w-	c:\program files\Alex Feinman
2014-03-25 10:01 . 2014-03-25 10:01	--------	d-----w-	c:\documents and settings\Owner\.swt
2014-03-25 09:57 . 2014-03-25 11:27	--------	d-----w-	c:\documents and settings\Owner\Application Data\Azureus
2014-03-22 18:33 . 2014-03-22 18:33	--------	d-----w-	C:\DECCHECK
2014-03-20 18:02 . 2014-03-20 18:02	--------	d-----w-	c:\windows\Performance
2014-03-20 18:02 . 2014-03-20 18:02	--------	d-----w-	c:\documents and settings\Owner\Local Settings\Application Data\Microsoft Corporation
2014-03-20 15:35 . 2014-03-20 15:39	--------	d-----w-	c:\documents and settings\Owner\Application Data\dvdcss
2014-03-20 15:33 . 2014-03-25 09:01	--------	d-----w-	c:\documents and settings\Owner\Application Data\vlc
2014-03-20 15:24 . 2014-03-20 15:24	--------	d-----w-	c:\program files\VideoLAN
2014-03-10 15:28 . 2014-02-26 01:59	13312	-c----w-	c:\windows\system32\dllcache\xp_eos.exe
2014-03-10 15:28 . 2014-02-26 01:59	13312	------w-	c:\windows\system32\xp_eos.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-06 17:31 . 2013-08-12 14:30	13464	----a-w-	c:\windows\system32\drivers\SWDUMon.sys
2014-03-21 16:45 . 2014-02-24 23:57	42272	----a-w-	c:\windows\system32\drivers\avgtpx86.sys
2014-03-12 17:18 . 2012-03-30 13:32	692616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-03-12 17:18 . 2011-05-15 03:36	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-24 11:46 . 2006-05-07 00:24	920064	----a-w-	c:\windows\system32\wininet.dll
2014-02-24 11:45 . 2006-05-07 00:24	43520	------w-	c:\windows\system32\licmgr10.dll
2014-02-24 11:45 . 2006-05-07 00:24	1469440	------w-	c:\windows\system32\inetcpl.cpl
2014-02-24 11:45 . 2006-05-07 00:24	18944	----a-w-	c:\windows\system32\corpol.dll
2014-02-24 10:54 . 2006-05-07 00:24	385024	------w-	c:\windows\system32\html.iec
2014-02-07 02:01 . 2006-05-07 00:24	1879040	----a-w-	c:\windows\system32\win32k.sys
2014-02-05 08:55 . 2006-05-07 00:24	562688	----a-w-	c:\windows\system32\qedit.dll
2014-01-26 23:53 . 2014-01-26 23:52	355315	----a-w-	c:\windows\system32\Coreinfo.zip
2014-01-19 07:32 . 2010-11-08 11:42	231584	------w-	c:\windows\system32\MpSigStub.exe
2011-01-17 17:35 . 2011-01-17 17:35	1008936	-c--a-w-	c:\program files\AmazonMP3Installer.exe
2010-12-17 21:04 . 2010-12-17 21:03	38147376	-c--a-w-	c:\program files\QuickTimeInstaller.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\YspService.exe" [2010-06-14 296248]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-07-06 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5110672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57	959904	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2006-10-06 05:13	114688	----a-w-	c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 03:34	49152	----a-w-	c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-10-06 05:11	98304	----a-w-	c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-07-17 17:12	288080	----a-w-	c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2006-10-06 05:10	94208	----a-w-	c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2005-09-22 19:36	14854144	----a-w-	c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2012-07-06 02:14	39408	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe"=
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2/24/2014 6:57 PM 42272]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9/17/2013 3:17 PM 134248]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9/17/2013 3:17 PM 118768]
R1 tStLibG;tStLibG;c:\windows\system32\drivers\tStLibG.sys [3/31/2014 10:05 AM 55232]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/12/2013 12:06 PM 1337752]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/12/2012 3:29 AM 418376]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 11:09 PM 267568]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/20/2012 10:18 AM 22856]
S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [11/12/2010 10:07 PM 266240]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/20/2012 10:18 AM 701512]
S2 Util Laflurla;Util Laflurla;"c:\program files\Laflurla\bin\utilLaflurla.exe" --> c:\program files\Laflurla\bin\utilLaflurla.exe [?]
S2 vToolbarUpdater18.0.5;vToolbarUpdater18.0.5;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [?]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [6/30/2006 11:44 PM 69692]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [8/12/2013 9:30 AM 13464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-19 14:07	1150280	----a-w-	c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 10:32	128512	----a-w-	c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 17:19]
.
2014-04-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2014-04-07 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 04:09]
.
2014-04-07 c:\windows\Tasks\DataUpload.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 04:09]
.
2014-04-07 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2014-03-31 22:24]
.
2014-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-06 02:13]
.
2014-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-06 02:13]
.
2014-04-07 c:\windows\Tasks\Install Toolbar.job
- c:\program files\DriverUpdate\install_toolbar.bat [2013-08-12 14:30]
.
2013-08-12 c:\windows\Tasks\Install Toolbar2.job
- c:\program files\DriverUpdate\avgtoolbar.exe [2013-08-12 23:44]
.
2014-04-07 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-10 01:59]
.
2014-03-13 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-10 01:59]
.
2014-04-06 c:\windows\Tasks\User_Feed_Synchronization-{E8CF57D3-0A42-4F7C-A14A-8B742D99AA68}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>;*.local
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
AddRemove-Trusted Software Assistant_is1 - c:\program files\File Type Assistant\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-04-06 19:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-04-06 19:35:21
ComboFix-quarantined-files.txt 2014-04-07 00:35
.
Pre-Run: 36,710,514,688 bytes free
Post-Run: 37,332,905,984 bytes free
.
- - End Of File - - BBA3F2DB38C1EEC534840EB67C4561E5
985AD624FD084BEB528ABB11E03ABA6F


----------



## Sboutte (Jul 2, 2012)

Should I delete the Combofix Icon from desktop?


----------



## kevinf80 (Mar 21, 2006)

Leave the CF icon where it is, if you remove that we will have difficulty uninstalling Combofix later...

I can see that there are two Antivirus programs installed Nod 32 by Eset and Microsoft Security Essentials. That is counterproductive, I advise you should remove MSE at your earliest convenience.

Removal tool for MSE available here: http://www.bleepingcomputer.com/download/microsoft-security-essentials-removal-tool/

Next,

1. Close any open browsers.

2. *Close/disable all anti virus and anti malware programs* so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the Codebox below into it:


```
File::
c:\windows\system32\drivers\avgtpx86.sys
c:\windows\Tasks\Install Toolbar2.job
c:\program files\DriverUpdate\avgtoolbar.exe
Folder::
c:\program files\DriverUpdate
Driver:
avgtp
ClearJavaCache::
```
Save this as *CFScript.txt*, and as Type: *All Files* *(*.*)* in the same location as ComboFix.exe



















Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

Next,

Turn on your security program "Nod32" and run a full scan.

Let me me see the log from Combofix, also let me know the results of the AV scan...

Kevin


----------



## Sboutte (Jul 2, 2012)

ComboFix 14-04-06.01 - Owner 04/07/2014 11:20:56.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1282 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
FILE ::
"c:\program files\DriverUpdate\avgtoolbar.exe"
"c:\windows\system32\drivers\avgtpx86.sys"
"c:\windows\Tasks\Install Toolbar2.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\DriverUpdate
c:\program files\DriverUpdate\avgtoolbar.exe
c:\program files\DriverUpdate\install_toolbar.bat
.
.
((((((((((((((((((((((((( Files Created from 2014-03-07 to 2014-04-07 )))))))))))))))))))))))))))))))
.
.
2014-04-07 15:35 . 2014-04-07 15:35	1560	----a-w-	C:\FixitRegBackup.reg
2014-04-06 15:50 . 2014-04-06 18:49	--------	d-----w-	c:\documents and settings\Owner\Doctor Web
2014-04-06 01:32 . 2014-04-06 01:32	--------	d-----w-	C:\_OTM
2014-04-05 12:01 . 2014-04-05 12:01	--------	d-----w-	c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2014-04-05 11:35 . 2014-04-05 11:35	--------	d-----w-	c:\documents and settings\Owner\Local Settings\Application Data\ESET
2014-04-05 10:32 . 2014-04-05 10:32	--------	d-----w-	c:\program files\ESET
2014-04-05 10:32 . 2014-04-05 10:32	--------	d-----w-	c:\documents and settings\All Users\Application Data\ESET
2014-04-04 17:07 . 2014-04-04 17:07	--------	d-----w-	c:\windows\ERUNT
2014-04-03 15:27 . 2014-04-03 16:10	--------	d-----w-	C:\AdwCleaner
2014-03-31 15:05 . 2014-03-31 15:05	55232	----a-w-	c:\windows\system32\drivers\tStLibG.sys
2014-03-31 14:21 . 2014-03-31 14:25	--------	d-----w-	c:\documents and settings\Owner\Application Data\FreeFileViewer
2014-03-31 13:46 . 2014-03-31 13:46	--------	d-----w-	c:\documents and settings\Owner\Local Settings\Application Data\FreeFileViewer
2014-03-31 13:43 . 2014-03-31 13:43	--------	d-----w-	c:\program files\FreeFileViewer
2014-03-30 20:15 . 2014-03-30 20:15	--------	d-----w-	c:\documents and settings\Owner\Application Data\rmi
2014-03-30 19:05 . 2014-03-30 20:21	--------	d-----w-	c:\documents and settings\Owner\Application Data\ImgBurn
2014-03-30 18:57 . 2014-03-30 18:57	--------	d-----w-	c:\program files\ImgBurn
2014-03-30 17:20 . 2014-03-31 03:15	--------	d-----w-	c:\program files\Alex Feinman
2014-03-25 10:01 . 2014-03-25 10:01	--------	d-----w-	c:\documents and settings\Owner\.swt
2014-03-25 09:57 . 2014-03-25 11:27	--------	d-----w-	c:\documents and settings\Owner\Application Data\Azureus
2014-03-22 18:33 . 2014-03-22 18:33	--------	d-----w-	C:\DECCHECK
2014-03-20 18:02 . 2014-03-20 18:02	--------	d-----w-	c:\windows\Performance
2014-03-20 18:02 . 2014-03-20 18:02	--------	d-----w-	c:\documents and settings\Owner\Local Settings\Application Data\Microsoft Corporation
2014-03-20 15:35 . 2014-03-20 15:39	--------	d-----w-	c:\documents and settings\Owner\Application Data\dvdcss
2014-03-20 15:33 . 2014-03-25 09:01	--------	d-----w-	c:\documents and settings\Owner\Application Data\vlc
2014-03-20 15:24 . 2014-03-20 15:24	--------	d-----w-	c:\program files\VideoLAN
2014-03-10 15:28 . 2014-02-26 01:59	13312	-c----w-	c:\windows\system32\dllcache\xp_eos.exe
2014-03-10 15:28 . 2014-02-26 01:59	13312	------w-	c:\windows\system32\xp_eos.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-06 17:31 . 2013-08-12 14:30	13464	----a-w-	c:\windows\system32\drivers\SWDUMon.sys
2014-03-21 16:45 . 2014-02-24 23:57	42272	----a-w-	c:\windows\system32\drivers\avgtpx86.sys
2014-03-12 17:18 . 2012-03-30 13:32	692616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-03-12 17:18 . 2011-05-15 03:36	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-24 11:46 . 2006-05-07 00:24	920064	----a-w-	c:\windows\system32\wininet.dll
2014-02-24 11:45 . 2006-05-07 00:24	43520	------w-	c:\windows\system32\licmgr10.dll
2014-02-24 11:45 . 2006-05-07 00:24	1469440	------w-	c:\windows\system32\inetcpl.cpl
2014-02-24 11:45 . 2006-05-07 00:24	18944	----a-w-	c:\windows\system32\corpol.dll
2014-02-24 10:54 . 2006-05-07 00:24	385024	------w-	c:\windows\system32\html.iec
2014-02-07 02:01 . 2006-05-07 00:24	1879040	----a-w-	c:\windows\system32\win32k.sys
2014-02-05 08:55 . 2006-05-07 00:24	562688	----a-w-	c:\windows\system32\qedit.dll
2014-01-26 23:53 . 2014-01-26 23:52	355315	----a-w-	c:\windows\system32\Coreinfo.zip
2014-01-19 07:32 . 2010-11-08 11:42	231584	------w-	c:\windows\system32\MpSigStub.exe
2011-01-17 17:35 . 2011-01-17 17:35	1008936	-c--a-w-	c:\program files\AmazonMP3Installer.exe
2010-12-17 21:04 . 2010-12-17 21:03	38147376	-c--a-w-	c:\program files\QuickTimeInstaller.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\YspService.exe" [2010-06-14 296248]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-07-06 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5110672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57	959904	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2006-10-06 05:13	114688	----a-w-	c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 03:34	49152	----a-w-	c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-10-06 05:11	98304	----a-w-	c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-07-17 17:12	288080	----a-w-	c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2006-10-06 05:10	94208	----a-w-	c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2005-09-22 19:36	14854144	----a-w-	c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2012-07-06 02:14	39408	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe"=
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2/24/2014 6:57 PM 42272]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9/17/2013 3:17 PM 134248]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9/17/2013 3:17 PM 118768]
R1 tStLibG;tStLibG;c:\windows\system32\drivers\tStLibG.sys [3/31/2014 10:05 AM 55232]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/12/2013 12:06 PM 1337752]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/12/2012 3:29 AM 418376]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 11:09 PM 267568]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/20/2012 10:18 AM 22856]
S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [11/12/2010 10:07 PM 266240]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/20/2012 10:18 AM 701512]
S2 Util Laflurla;Util Laflurla;"c:\program files\Laflurla\bin\utilLaflurla.exe" --> c:\program files\Laflurla\bin\utilLaflurla.exe [?]
S2 vToolbarUpdater18.0.5;vToolbarUpdater18.0.5;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [?]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [6/30/2006 11:44 PM 69692]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [8/12/2013 9:30 AM 13464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-19 14:07	1150280	----a-w-	c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 10:32	128512	----a-w-	c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 17:19]
.
2014-04-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2014-04-07 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 04:09]
.
2014-04-07 c:\windows\Tasks\DataUpload.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 04:09]
.
2014-04-07 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2014-03-31 22:24]
.
2014-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-06 02:13]
.
2014-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-06 02:13]
.
2014-04-07 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-10 01:59]
.
2014-03-13 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-10 01:59]
.
2014-04-07 c:\windows\Tasks\User_Feed_Synchronization-{E8CF57D3-0A42-4F7C-A14A-8B742D99AA68}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>;*.local
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-04-07 11:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-04-07 11:29:21
ComboFix-quarantined-files.txt 2014-04-07 16:29
ComboFix2.txt 2014-04-07 15:55
ComboFix3.txt 2014-04-07 00:35
.
Pre-Run: 37,260,697,600 bytes free
Post-Run: 37,243,801,600 bytes free
.
- - End Of File - - F0D0A7E72A38A29E829B2136E5F75BC2
985AD624FD084BEB528ABB11E03ABA6F


----------



## kevinf80 (Mar 21, 2006)

Did you uninstall Microsoft Security Essentials? Did you run a scan with Nod32?


----------



## Sboutte (Jul 2, 2012)

I did uninstall MSE but I have been running MyPC Backup and haven't had the chance to run ESET Nodu. Will stop the backup and run that scan now.

Sharron


----------



## kevinf80 (Mar 21, 2006)

MSE still shows in the last CF log? was the uninstall before or after you ran Combofix..


----------



## Sboutte (Jul 2, 2012)

kevinf80 said:


> MSE still shows in the last CF log? was the uninstall before or after you ran Combofix..


I believe it was after Combofix. Here is the log from nodu.

4/7/2014 3:19:02 PM	Operating memory;C:\Boot sector;D:\Boot sector;C:\;D:\	347576	2	2	Completed
4/5/2014 12:01:46 PM	Operating memory;C:\Boot sector;D:\Boot sector;C:\;D:\	180289	4	2	Completed
4/5/2014 6:57:51 AM	Operating memory;C:\Boot sector;D:\Boot sector;C:\;D:\	384956	40	38	Completed
4/5/2014 6:38:49 AM	C:\	236340	33	4	Completed
4/5/2014 5:53:53 AM	C:\	6661	5	0	Interrupted by user
4/5/2014 5:38:58 AM	Operating memory;C:\Boot sector;D:\Boot sector;C:\;D:\	0	0	0	Scanning in progress

There were a couple of threats from bu in 2009 I deleted them, that was one of the choices...what is filtering?

Is it ok to just delete that old backup?


----------



## kevinf80 (Mar 21, 2006)

Yes delete old back ups after you create a new Back up. What is the current status of your system, any remaining issues or concerns..

What do you mean by filtering, are you referring to your AV program or something else?


----------



## Sboutte (Jul 2, 2012)

I've seen it several times. recently. For the life of me I cannot remember which programIf I see itr again I'll ask again. I got the feeling that it wanted to know if I wanted tofilter the list of programs I did not want to keep.My PC bu is still running. Have I sent you all the logs you requested. Ineed to restart my computer and check it out to see how it is running. It It seems to be hung u on a few thing.

T^hanks

Sharron


----------



## kevinf80 (Mar 21, 2006)

Thanks for the update, do you have any issues with your system, is it still slow?

Windows XP includes the Desktop Cleanup Wizard which keeps track of your usage of the icons on your desktop, it will periodically offers to remove the icons you may have not recently used. Is that what you refer to about "filtering"


----------



## Sboutte (Jul 2, 2012)

The filtering button came up during backup using MYPCBackup


----------



## Sboutte (Jul 2, 2012)

seems better now. Now just worried about XP and the lack of support. I tried to get Linux installed with no luck


----------



## Sboutte (Jul 2, 2012)

Is there an easy way to unload all the programs we used? Do I have to Add/Remove?


----------



## kevinf80 (Mar 21, 2006)

To clean up do the following:

Remove Combofix now that we're done with it

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")









 Please follow the prompts to uninstall Combofix.
 You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

Next,

Download *"Delfix by Xplode"* and save it to your desktop.

*"Delfix link mirror"*

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:


 Remove disinfection tools
 Reset system settings

Now click on "*Run*" and wait patiently until the tool has completed.

The tool will create a log when it has completed.

Let me know if those steps complete OK, also if any remaining issues or concerns.

Regarding XP finishing, have a read here: http://www.cnet.com/uk/news/microsoft-to-windows-xp-users-the-jig-is-up/

Kevin


----------



## Sboutte (Jul 2, 2012)

Error msg - Windows cannot find Combofix/Uninstall


----------



## Sboutte (Jul 2, 2012)

Got it uninstalled, didn't notice the space before the /.


----------



## Sboutte (Jul 2, 2012)

# DelFix v10.6 - Logfile created 09/04/2014 at 18:20:05
# Updated 11/11/2013 by Xplode
# Username : Owner - YOUR-3DC5C40E2A
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\_OTM
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Program Files\Trend Micro\Hijackthis
Deleted : C:\ComboFix.txt
Deleted : C:\Documents and Settings\Owner\Desktop\Combofix log.txt
Deleted : C:\Documents and Settings\Owner\Desktop\info on xp.txt
Deleted : C:\Documents and Settings\Owner\My Documents\Downloads\Addition.txt
Deleted : C:\Documents and Settings\Owner\My Documents\Downloads\Extras.Txt
Deleted : C:\Documents and Settings\Owner\My Documents\Downloads\Fixlog.txt
Deleted : C:\Documents and Settings\Owner\My Documents\Downloads\FRST (1).exe
Deleted : C:\Documents and Settings\Owner\My Documents\Downloads\FRST.exe
Deleted : C:\Documents and Settings\Owner\My Documents\Downloads\FRST.txt
Deleted : C:\Documents and Settings\Owner\My Documents\Downloads\JRT (1).exe
Deleted : C:\Documents and Settings\Owner\My Documents\Downloads\JRT.exe
Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\HijackThis
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Resetting system settings ... OK

########## - EOF - ##########

I hope this is the entire log. Now I suppose I run the other link? Coreinfo is still on the desktop.


----------



## kevinf80 (Mar 21, 2006)

The other link in Delfix instruction is only a second address mirror in case the first one fails...

Coreinfo is still on the desktop. Not sure what that refers to, if not needed just delete it.

What is your current status, any remaining issues or concerns?


----------



## Sboutte (Jul 2, 2012)

For some reason it is not running as fast as it first did when I downloaded Chrome. Also there is another toolbar which comes up at times. Not always but occasionally. Ask is one of them but there is another and that really slows it down. I had to go today to see my daughter in the hospital but I will check it out more tonight and let you know.

Thanks!

Sharrron


----------



## kevinf80 (Mar 21, 2006)

Hiya Sharron,

Run the following, lets see if we can identify any unwanted toolbars etc....


Download *OTL* to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the *Standard Registry* box change it to *All*.
Check the boxes beside *LOP Check* and *Purity Check*.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time, and post it with your next reply.

Kevin...


----------



## Sboutte (Jul 2, 2012)

OTL logfile created on: 4/13/2014 5:14:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 58.25% Memory free
2.58 Gb Paging File | 1.84 Gb Available in Paging File | 71.20% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.25 Gb Total Space | 46.34 Gb Free Space | 65.96% Space Free | Partition Type: NTFS
Drive D: | 4.27 Gb Total Space | 1.71 Gb Free Space | 40.12% Space Free | Partition Type: FAT32

Computer Name: YOUR-3DC5C40E2A | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/04/13 17:12:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2014/03/30 10:08:17 | 000,228,744 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
PRC - [2014/03/14 09:17:00 | 002,901,032 | ---- | M] (MyPCBackup.com) -- C:\Program Files\MyPC Backup\MyPC Backup.exe
PRC - [2014/03/14 09:17:00 | 000,036,392 | ---- | M] (Just Develop It) -- C:\Program Files\MyPC Backup\BackupStack.exe
PRC - [2013/09/12 12:06:22 | 001,337,752 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2013/09/12 12:06:06 | 005,110,672 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2010/11/12 22:07:05 | 000,266,240 | ---- | M] () -- C:\WINDOWS\system32\CSHelper.exe
PRC - [2010/06/13 23:47:48 | 000,296,248 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Search Protection\YspService.exe
PRC - [2009/05/08 05:53:34 | 000,174,424 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2014/03/14 09:06:56 | 000,012,288 | ---- | M] () -- C:\Program Files\MyPC Backup\GetText.dll
MOD - [2014/03/14 09:00:18 | 000,904,704 | ---- | M] () -- C:\Program Files\MyPC Backup\x86\System.Data.SQLite.dll
MOD - [2014/03/14 09:00:18 | 000,052,736 | ---- | M] () -- C:\Program Files\MyPC Backup\Crypto32.dll
MOD - [2014/03/14 09:00:18 | 000,048,128 | ---- | M] () -- C:\Program Files\MyPC Backup\diffstack.dll
MOD - [2014/02/12 05:13:09 | 011,906,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\f0b0625c2db624ba9c97ad1b12490d79\System.Web.ni.dll
MOD - [2014/02/12 05:12:54 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\7e310942e6e9a5d623e003130ec3d9bd\System.Transactions.ni.dll
MOD - [2014/02/12 05:12:53 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8cd995f00848816e3ec49dc326e3d49b\System.ServiceProcess.ni.dll
MOD - [2014/02/12 05:12:38 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\5c157466d360a10b2c97e94b41ddc588\System.Management.ni.dll
MOD - [2014/02/12 05:12:22 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\78e7a4c3acd1a345c4ef1f73ff48a1dd\System.EnterpriseServices.ni.dll
MOD - [2014/02/12 04:50:57 | 003,194,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2014/02/12 04:50:52 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2014/02/12 04:50:50 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2014/02/12 04:50:41 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2014/02/12 04:50:38 | 000,630,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2014/02/12 04:50:37 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2014/02/12 04:50:34 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2014/02/12 04:50:31 | 002,052,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2014/02/12 04:50:22 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2014/02/12 04:50:12 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2014/02/12 04:50:00 | 005,279,744 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2014/02/12 04:43:00 | 000,688,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\276e1fc8b4f195925982f516b26defcd\System.Security.ni.dll
MOD - [2014/02/12 04:38:38 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll
MOD - [2014/02/12 04:28:28 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\06b454361516e65eca55a743cd93cefc\Accessibility.ni.dll
MOD - [2014/02/12 04:22:42 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll
MOD - [2014/02/12 04:22:30 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1cdfe1998ad6794db3237006906c6fa2\System.Windows.Forms.ni.dll
MOD - [2014/02/12 04:22:08 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\424bff3295c6e7539cc6df62b9425bd0\System.Drawing.ni.dll
MOD - [2014/02/12 04:21:36 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\af8afdcab485e00a04b18ed487981f3d\System.Data.ni.dll
MOD - [2014/02/12 04:12:13 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
MOD - [2014/02/12 04:11:04 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
MOD - [2010/11/12 22:07:05 | 000,266,240 | ---- | M] () -- C:\WINDOWS\system32\CSHelper.exe

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe -- (vToolbarUpdater18.0.5)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Laflurla\bin\utilLaflurla.exe -- (Util Laflurla)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2014/03/14 09:17:00 | 000,036,392 | ---- | M] (Just Develop It) [Auto | Running] -- C:\Program Files\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2014/03/12 12:19:03 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/12 12:06:22 | 001,337,752 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/06/13 23:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/11/12 22:07:05 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\CSHelper.exe -- (CSHelper)
SRV - [2010/07/28 16:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/12/07 14:34:01 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2014/04/06 12:31:20 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2014/03/31 10:05:25 | 000,055,232 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tStLibG.sys -- (tStLibG)
DRV - [2014/03/21 11:45:25 | 000,042,272 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/09/17 15:17:38 | 000,184,664 | ---- | M] (ESET) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2013/09/17 15:17:38 | 000,134,248 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2013/09/17 15:17:38 | 000,118,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/02/17 07:19:00 | 000,057,672 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/02/17 07:17:00 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2006/07/18 17:16:08 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/07/18 17:15:18 | 000,256,128 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2006/07/18 17:15:10 | 000,728,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/02/27 08:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/09/23 19:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2001/08/17 21:10:58 | 000,069,692 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el575ND5.sys -- (el575nd5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C2 1F E5 EF FF 45 CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {2F4A34E0-1D17-4050-B49B-46263DEAE6B1}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2F4A34E0-1D17-4050-B49B-46263DEAE6B1}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADFA_en
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014/04/05 05:32:21 | 000,000,000 | ---D | M]

[2012/03/18 19:34:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{googleageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://start.mysearchdial.com/?f=1&...GyB0AtC0DtD0BzzyC0EtCyByE2Q&cr=1296096663&ir=
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: FromDocToPDF = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\8.22.3.43040_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\

O1 HOSTS File: ([2014/04/07 11:26:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\YspService.exe (Yahoo! Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: //@[email protected]/ ([]money in Local intranet)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{817FA071-AD53-4AA6-B7C6-BCFE83FF386C}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/06 19:38:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/04/13 17:12:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2014/04/13 12:03:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Macromed
[2014/04/13 06:59:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/04/07 12:28:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\MyPC Backup
[2014/04/07 12:28:18 | 000,000,000 | ---D | C] -- C:\Program Files\MyPC Backup
[2014/04/06 10:50:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Doctor Web
[2014/04/05 07:01:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2014/04/05 06:35:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ESET
[2014/04/05 05:32:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014/04/05 05:32:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2014/04/05 05:32:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2014/04/04 12:07:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/03/31 10:05:23 | 000,055,232 | ---- | C] (StdLib) -- C:\WINDOWS\System32\drivers\tStLibG.sys
[2014/03/31 09:21:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\FreeFileViewer
[2014/03/31 08:46:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\FreeFileViewer
[2014/03/31 08:43:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FreeFileViewer
[2014/03/31 08:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFileViewer
[2014/03/30 15:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\rmi
[2014/03/30 14:09:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2014/03/30 14:05:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ImgBurn
[2014/03/30 13:57:15 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2014/03/30 12:20:38 | 000,000,000 | ---D | C] -- C:\Program Files\Alex Feinman
[2014/03/25 05:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\.swt
[2014/03/25 04:57:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2014/03/25 03:57:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2014/03/22 13:33:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Windows Media
[2014/03/22 13:33:00 | 000,000,000 | ---D | C] -- C:\DECCHECK
[2014/03/20 13:02:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2014/03/20 13:02:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft Corporation
[2014/03/20 10:35:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\dvdcss
[2014/03/20 10:33:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\vlc
[2014/03/20 10:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/12/17 16:03:55 | 038,147,376 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe

========== Files - Modified Within 30 Days ==========

[2014/04/13 17:18:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/04/13 17:14:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/13 17:12:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2014/04/13 17:09:04 | 000,001,995 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Sharron Boutte - Chrome.lnk
[2014/04/13 16:59:31 | 005,316,608 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\My Money.mny
[2014/04/13 15:05:01 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2014/04/13 11:58:31 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E8CF57D3-0A42-4F7C-A14A-8B742D99AA68}.job
[2014/04/13 10:14:05 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/13 08:44:27 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\FreeFileViewerUpdateChecker.job
[2014/04/12 17:02:09 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2014/04/12 17:00:30 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/04/12 17:00:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/04/11 17:08:12 | 000,024,944 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2014/04/11 14:28:15 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/04/09 17:41:12 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/04/09 03:03:35 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/04/08 18:34:14 | 000,000,216 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/04/07 12:46:28 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Sync Folder.lnk
[2014/04/07 12:28:32 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MyPC Backup.lnk
[2014/04/07 12:28:32 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/04/07 12:27:50 | 010,372,136 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MyPCBackup_Setup.exe
[2014/04/07 11:26:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/04/07 10:35:21 | 000,001,560 | ---- | M] () -- C:\FixitRegBackup.reg
[2014/04/06 12:31:20 | 000,013,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2014/04/06 10:46:02 | 145,763,488 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\cureit.exe
[2014/04/05 05:26:48 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2014/03/31 11:14:22 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/03/31 10:05:25 | 000,055,232 | ---- | M] (StdLib) -- C:\WINDOWS\System32\drivers\tStLibG.sys
[2014/03/31 08:43:41 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2014/03/31 08:29:25 | 000,000,043 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\WB.CFG
[2014/03/30 14:09:50 | 000,001,805 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2014/03/30 12:37:14 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to wmplayer.exe.lnk
[2014/03/30 12:35:46 | 000,000,510 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Windows XP Video Decoder Checkup Utility.lnk
[2014/03/29 08:31:21 | 000,624,810 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/03/29 08:31:21 | 000,128,842 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/03/28 11:57:41 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2014/03/28 11:57:41 | 000,000,000 | RHS- | M] () -- C:\CONFIG.SYS
[2014/03/25 07:50:12 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/03/21 23:33:24 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/03/21 11:45:25 | 000,042,272 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2014/03/20 08:46:25 | 000,118,784 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\baby Shiwer Booties.wps

========== Files Created - No Company Name ==========

[2014/04/08 20:29:32 | 000,001,995 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Sharron Boutte - Chrome.lnk
[2014/04/07 12:46:28 | 000,001,632 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Sync Folder.lnk
[2014/04/07 12:28:32 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MyPC Backup.lnk
[2014/04/07 12:28:32 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/04/07 12:27:21 | 010,372,136 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MyPCBackup_Setup.exe
[2014/04/07 10:35:20 | 000,001,560 | ---- | C] () -- C:\FixitRegBackup.reg
[2014/04/06 10:36:22 | 145,763,488 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\cureit.exe
[2014/03/31 08:44:04 | 000,000,378 | ---- | C] () -- C:\WINDOWS\tasks\FreeFileViewerUpdateChecker.job
[2014/03/31 08:43:41 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2014/03/31 08:29:25 | 000,000,043 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\WB.CFG
[2014/03/30 13:57:32 | 000,001,805 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2014/03/30 12:37:14 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to wmplayer.exe.lnk
[2014/03/30 12:35:46 | 000,000,510 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Windows XP Video Decoder Checkup Utility.lnk
[2014/03/20 08:46:24 | 000,118,784 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\baby Shiwer Booties.wps
[2014/02/14 21:44:26 | 000,141,119 | ---- | C] () -- C:\WINDOWS\hpoins14.dat
[2014/02/14 21:44:25 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat
[2013/08/12 09:30:35 | 000,013,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2012/09/01 20:51:40 | 000,148,934 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2951212231-3065092772-446880446-1003-0.dat
[2012/09/01 13:22:25 | 000,148,934 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/08/06 17:53:06 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2012/07/16 12:08:30 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/17 12:25:49 | 000,000,021 | ---- | C] () -- C:\Documents and Settings\Owner\USB
[2011/03/26 06:37:23 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2011/01/17 12:35:33 | 001,008,936 | ---- | C] () -- C:\Program Files\AmazonMP3Installer.exe
[2009/12/08 12:24:10 | 000,024,944 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat

========== ZeroAccess Check ==========

[2006/05/06 19:44:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/02/24 18:54:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2014/04/05 05:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/10/20 00:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2012/03/18 19:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fixie
[2010/10/29 05:02:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames
[2010/01/25 03:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2012/03/17 20:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2012/03/17 20:49:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2011/11/22 09:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2012/08/15 23:47:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERSetup
[2014/01/30 23:47:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/11/19 22:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
[2012/05/31 23:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/01/17 12:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amazon
[2014/03/25 06:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2012/07/02 17:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Boomzap
[2010/03/30 09:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2013/07/24 13:18:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Elephant Games
[2011/11/09 23:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2010/01/08 00:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Esoteric Technologies
[2012/03/18 19:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Fixie
[2014/03/31 09:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FreeFileViewer
[2014/03/30 15:21:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImgBurn
[2009/12/08 16:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Individual Software
[2010/04/20 07:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mjusbsp
[2012/07/17 18:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Oracle
[2014/01/30 22:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlayFirst
[2009/12/08 00:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Playrix Entertainment
[2011/11/22 00:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RegistryKeys
[2014/03/30 15:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\rmi
[2009/12/07 14:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2010/02/01 17:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Spare Backup
[2010/03/08 12:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2009/12/07 20:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WildTangent
[2012/04/03 19:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2012/07/02 17:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search

========== Purity Check ==========

< End of report >


----------



## Sboutte (Jul 2, 2012)

OTL Extras logfile created on: 4/13/2014 5:14:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 58.25% Memory free
2.58 Gb Paging File | 1.84 Gb Available in Paging File | 71.20% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.25 Gb Total Space | 46.34 Gb Free Space | 65.96% Space Free | Partition Type: NTFS
Drive D: | 4.27 Gb Total Space | 1.71 Gb Free Space | 40.12% Space Free | Partition Type: FAT32

Computer Name: YOUR-3DC5C40E2A | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1"
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNetisabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabledxpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe:*isabled:magicJack -- (magicJack L.P.)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe" = C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe:*:Enabled:FreeFileViewerUpdateChecker -- (Bitberry Software)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BE7C1D9-06A8-466D-ADEA-B07F68BDEFB5}" = ESET NOD32 Antivirus
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 29
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{42AABEF1-60DB-44D8-9D12-D618E9F6964D}" = Solar Fire Gold
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67EF9779-AE54-443A-80D7-DACFC70CD917}" = Boatload of Crosswords
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{706BB40A-4102-4c89-8107-DC68C4EBD19B}" = HP Deskjet All-In-One Software 9.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{730E03E4-350E-48E5-9D3E-4329903D454D}" = Itibiti RTC
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F1B3341-A94E-4F5C-B587-CA0EB964221E}" = Microsoft Money Shared Libraries
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9C365A3-06C0-43b4-A2DB-EDF0A6079AA9}" = DJ_AIO_Software
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DF86A72C-4585-4D75-B592-968C8C6604A1}" = eMachines Connect
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EB48851B-96A4-489f-9F95-29F3731E9764}" = F2100_doccd
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F3F12856-3454-4E4C-BAE5-B9CC8EA33E93}" = Solar Spark v2.2
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F56D6F46-1D62-4734-BF12-6457A1ED17BD}" = DJ_AIO_Software_min
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"2DC0AA065FA83047D7ECD51C7000C1620D79A4C5" = Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)
"51A4D522DD31538335EF5736F0E7F588C70BCB12" = Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Amazon Kindle" = Amazon Kindle
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"BFG-Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe
"BFGC" = Big Fish: Game Manager
"BFG-Risk" = Risk
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F40&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"FreeFileViewer_is1" = Free File Viewer 2014
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Money2008b" = Microsoft Money Plus
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyPC Backup" = MyPC Backup 
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Speccy" = Speccy
"VLC media player" = VLC media player 2.1.3
"WIC" = Windows Imaging Component
"WildTangent emachines Master Uninstall" = eMachines Games
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WT083767" = Three Cards to Midnight
"WT085355" = Passport to Paradise
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/10/2014 12:05:04 AM | Computer Name = YOUR-3DC5C40E2A | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0x80072EFE

Error - 4/10/2014 12:05:04 AM | Computer Name = YOUR-3DC5C40E2A | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0xC004F00E .

Error - 4/10/2014 12:02:46 PM | Computer Name = YOUR-3DC5C40E2A | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0x80072EFE

Error - 4/10/2014 12:02:47 PM | Computer Name = YOUR-3DC5C40E2A | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0xC004F00E .

Error - 4/11/2014 3:27:10 PM | Computer Name = YOUR-3DC5C40E2A | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0x80072EFE

Error - 4/11/2014 3:27:11 PM | Computer Name = YOUR-3DC5C40E2A | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0xC004F00E .

Error - 4/12/2014 5:57:36 PM | Computer Name = YOUR-3DC5C40E2A | Source = Application Hang | ID = 1002
Description = Hanging application MyPC Backup.exe, version 1.0.0.0, hang module 
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/12/2014 5:57:58 PM | Computer Name = YOUR-3DC5C40E2A | Source = Application Hang | ID = 1001
Description = Fault bucket -1624095620.

Error - 4/12/2014 6:02:06 PM | Computer Name = YOUR-3DC5C40E2A | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0x80072EFE

Error - 4/12/2014 6:02:06 PM | Computer Name = YOUR-3DC5C40E2A | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0xC004F00E .

[ System Events ]
Error - 4/13/2014 8:04:08 AM | Computer Name = YOUR-3DC5C40E2A | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/13/2014 8:04:08 AM | Computer Name = YOUR-3DC5C40E2A | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/13/2014 8:04:08 AM | Computer Name = YOUR-3DC5C40E2A | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/13/2014 8:04:08 AM | Computer Name = YOUR-3DC5C40E2A | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/13/2014 8:04:08 AM | Computer Name = YOUR-3DC5C40E2A | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/13/2014 8:04:08 AM | Computer Name = YOUR-3DC5C40E2A | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/13/2014 8:04:08 AM | Computer Name = YOUR-3DC5C40E2A | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/13/2014 8:04:08 AM | Computer Name = YOUR-3DC5C40E2A | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/13/2014 8:04:08 AM | Computer Name = YOUR-3DC5C40E2A | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/13/2014 8:04:09 AM | Computer Name = YOUR-3DC5C40E2A | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

< End of report >

I went into my old backup today and cleared a little over 5 GBs, a few things wouldn't let me delete or uninstall them. I'm also having problems with popups when I first open Google. Can't find popup blocker. I didn't used to have these problems with Google, don't know what happened!


----------



## kevinf80 (Mar 21, 2006)

Hello Sharron,

I`ve just realized you have a program named "My PC Backup" running on your system. It would seem it has a dubious history and really should be removed from your system.
Read this link: http://forums.spybot.info/showthread.php?68811-Manual-Removal-Guide-for-myPCBackup and tell me what you think.
If you are of the same opinion as me UNinstall that program via "add/remove programs", when that completes re-run OTL and post fresh log...

Kevin.....


----------



## Sboutte (Jul 2, 2012)

OTL logfile created on: 4/14/2014 9:46:32 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.87% Memory free
2.58 Gb Paging File | 2.06 Gb Available in Paging File | 79.94% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.25 Gb Total Space | 46.71 Gb Free Space | 66.49% Space Free | Partition Type: NTFS
Drive D: | 4.27 Gb Total Space | 1.71 Gb Free Space | 40.12% Space Free | Partition Type: FAT32

Computer Name: YOUR-3DC5C40E2A | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- 
PRC - [2014/04/13 17:12:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2014/03/30 10:08:17 | 000,228,744 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
PRC - [2013/09/12 12:06:22 | 001,337,752 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2013/09/12 12:06:06 | 005,110,672 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2010/11/12 22:07:05 | 000,266,240 | ---- | M] () -- C:\WINDOWS\system32\CSHelper.exe
PRC - [2010/06/13 23:47:48 | 000,296,248 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Search Protection\YspService.exe
PRC - [2009/05/08 05:53:34 | 000,174,424 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2014/03/14 09:00:18 | 000,904,704 | ---- | M] () -- C:\Program Files\MyPC Backup\x86\System.Data.SQLite.dll
MOD - [2014/02/12 05:13:09 | 011,906,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\f0b0625c2db624ba9c97ad1b12490d79\System.Web.ni.dll
MOD - [2014/02/12 05:12:54 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\7e310942e6e9a5d623e003130ec3d9bd\System.Transactions.ni.dll
MOD - [2014/02/12 05:12:53 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8cd995f00848816e3ec49dc326e3d49b\System.ServiceProcess.ni.dll
MOD - [2014/02/12 05:12:38 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\5c157466d360a10b2c97e94b41ddc588\System.Management.ni.dll
MOD - [2014/02/12 05:12:22 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\78e7a4c3acd1a345c4ef1f73ff48a1dd\System.EnterpriseServices.ni.dll
MOD - [2014/02/12 04:50:52 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2014/02/12 04:50:37 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2014/02/12 04:50:34 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2014/02/12 04:38:38 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll
MOD - [2014/02/12 04:22:42 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll
MOD - [2014/02/12 04:22:30 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1cdfe1998ad6794db3237006906c6fa2\System.Windows.Forms.ni.dll
MOD - [2014/02/12 04:22:08 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\424bff3295c6e7539cc6df62b9425bd0\System.Drawing.ni.dll
MOD - [2014/02/12 04:21:36 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\af8afdcab485e00a04b18ed487981f3d\System.Data.ni.dll
MOD - [2014/02/12 04:12:13 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
MOD - [2014/02/12 04:11:04 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
MOD - [2010/11/12 22:07:05 | 000,266,240 | ---- | M] () -- C:\WINDOWS\system32\CSHelper.exe

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe -- (vToolbarUpdater18.0.5)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Laflurla\bin\utilLaflurla.exe -- (Util Laflurla)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2014/03/12 12:19:03 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/12 12:06:22 | 001,337,752 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/06/13 23:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/11/12 22:07:05 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\CSHelper.exe -- (CSHelper)
SRV - [2010/07/28 16:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/12/07 14:34:01 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2014/04/06 12:31:20 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2014/03/31 10:05:25 | 000,055,232 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tStLibG.sys -- (tStLibG)
DRV - [2014/03/21 11:45:25 | 000,042,272 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/09/17 15:17:38 | 000,184,664 | ---- | M] (ESET) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2013/09/17 15:17:38 | 000,134,248 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2013/09/17 15:17:38 | 000,118,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/02/17 07:19:00 | 000,057,672 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/02/17 07:17:00 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2006/07/18 17:16:08 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/07/18 17:15:18 | 000,256,128 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2006/07/18 17:15:10 | 000,728,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/02/27 08:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/09/23 19:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2001/08/17 21:10:58 | 000,069,692 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el575ND5.sys -- (el575nd5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C2 1F E5 EF FF 45 CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {2F4A34E0-1D17-4050-B49B-46263DEAE6B1}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2F4A34E0-1D17-4050-B49B-46263DEAE6B1}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADFA_en
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014/04/05 05:32:21 | 000,000,000 | ---D | M]

[2012/03/18 19:34:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{googleageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://start.mysearchdial.com/?f=1&...GyB0AtC0DtD0BzzyC0EtCyByE2Q&cr=1296096663&ir=
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: FromDocToPDF = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\8.22.3.43040_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\

O1 HOSTS File: ([2014/04/07 11:26:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\YspService.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: //@[email protected]/ ([]money in Local intranet)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{817FA071-AD53-4AA6-B7C6-BCFE83FF386C}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/06 19:38:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/04/13 17:12:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2014/04/13 12:03:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Macromed
[2014/04/13 06:59:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/04/07 12:28:18 | 000,000,000 | ---D | C] -- C:\Program Files\MyPC Backup
[2014/04/06 10:50:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Doctor Web
[2014/04/05 07:01:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2014/04/05 06:35:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ESET
[2014/04/05 05:32:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014/04/05 05:32:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2014/04/05 05:32:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2014/04/04 12:07:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/03/31 10:05:23 | 000,055,232 | ---- | C] (StdLib) -- C:\WINDOWS\System32\drivers\tStLibG.sys
[2014/03/31 09:21:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\FreeFileViewer
[2014/03/31 08:46:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\FreeFileViewer
[2014/03/31 08:43:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FreeFileViewer
[2014/03/31 08:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFileViewer
[2014/03/30 15:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\rmi
[2014/03/30 14:09:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2014/03/30 14:05:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ImgBurn
[2014/03/30 13:57:15 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2014/03/30 12:20:38 | 000,000,000 | ---D | C] -- C:\Program Files\Alex Feinman
[2014/03/25 05:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\.swt
[2014/03/25 04:57:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2014/03/25 03:57:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2014/03/22 13:33:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Windows Media
[2014/03/22 13:33:00 | 000,000,000 | ---D | C] -- C:\DECCHECK
[2014/03/20 13:02:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2014/03/20 13:02:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft Corporation
[2014/03/20 10:35:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\dvdcss
[2014/03/20 10:33:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\vlc
[2014/03/20 10:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/12/17 16:03:55 | 038,147,376 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe

========== Files - Modified Within 30 Days ==========

[2014/04/14 09:18:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/04/14 09:14:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/14 08:44:00 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\FreeFileViewerUpdateChecker.job
[2014/04/14 07:05:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2014/04/14 06:35:44 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E8CF57D3-0A42-4F7C-A14A-8B742D99AA68}.job
[2014/04/13 18:46:14 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2014/04/13 18:44:39 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/13 18:44:38 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/04/13 18:44:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/04/13 17:12:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2014/04/13 17:09:04 | 000,001,995 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Sharron Boutte - Chrome.lnk
[2014/04/13 16:59:31 | 005,316,608 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\My Money.mny
[2014/04/11 17:08:12 | 000,024,944 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2014/04/11 14:28:15 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/04/09 17:41:12 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/04/09 03:03:35 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/04/08 18:34:14 | 000,000,216 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/04/07 12:27:50 | 010,372,136 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MyPCBackup_Setup.exe
[2014/04/07 11:26:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/04/07 10:35:21 | 000,001,560 | ---- | M] () -- C:\FixitRegBackup.reg
[2014/04/06 12:31:20 | 000,013,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2014/04/06 10:46:02 | 145,763,488 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\cureit.exe
[2014/04/05 05:26:48 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2014/03/31 11:14:22 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/03/31 10:05:25 | 000,055,232 | ---- | M] (StdLib) -- C:\WINDOWS\System32\drivers\tStLibG.sys
[2014/03/31 08:43:41 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2014/03/31 08:29:25 | 000,000,043 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\WB.CFG
[2014/03/30 14:09:50 | 000,001,805 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2014/03/30 12:37:14 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to wmplayer.exe.lnk
[2014/03/30 12:35:46 | 000,000,510 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Windows XP Video Decoder Checkup Utility.lnk
[2014/03/29 08:31:21 | 000,624,810 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/03/29 08:31:21 | 000,128,842 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/03/28 11:57:41 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2014/03/28 11:57:41 | 000,000,000 | RHS- | M] () -- C:\CONFIG.SYS
[2014/03/25 07:50:12 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/03/21 23:33:24 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/03/21 11:45:25 | 000,042,272 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2014/03/20 08:46:25 | 000,118,784 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\baby Shiwer Booties.wps

========== Files Created - No Company Name ==========

[2014/04/08 20:29:32 | 000,001,995 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Sharron Boutte - Chrome.lnk
[2014/04/07 12:27:21 | 010,372,136 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MyPCBackup_Setup.exe
[2014/04/07 10:35:20 | 000,001,560 | ---- | C] () -- C:\FixitRegBackup.reg
[2014/04/06 10:36:22 | 145,763,488 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\cureit.exe
[2014/03/31 08:44:04 | 000,000,378 | ---- | C] () -- C:\WINDOWS\tasks\FreeFileViewerUpdateChecker.job
[2014/03/31 08:43:41 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2014/03/31 08:29:25 | 000,000,043 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\WB.CFG
[2014/03/30 13:57:32 | 000,001,805 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2014/03/30 12:37:14 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to wmplayer.exe.lnk
[2014/03/30 12:35:46 | 000,000,510 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Windows XP Video Decoder Checkup Utility.lnk
[2014/03/20 08:46:24 | 000,118,784 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\baby Shiwer Booties.wps
[2014/02/14 21:44:26 | 000,141,119 | ---- | C] () -- C:\WINDOWS\hpoins14.dat
[2014/02/14 21:44:25 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat
[2013/08/12 09:30:35 | 000,013,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2012/09/01 20:51:40 | 000,148,934 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2951212231-3065092772-446880446-1003-0.dat
[2012/09/01 13:22:25 | 000,148,934 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/08/06 17:53:06 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2012/07/16 12:08:30 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/17 12:25:49 | 000,000,021 | ---- | C] () -- C:\Documents and Settings\Owner\USB
[2011/03/26 06:37:23 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2011/01/17 12:35:33 | 001,008,936 | ---- | C] () -- C:\Program Files\AmazonMP3Installer.exe
[2009/12/08 12:24:10 | 000,024,944 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat

========== ZeroAccess Check ==========

[2006/05/06 19:44:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/02/24 18:54:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2014/04/05 05:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/10/20 00:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2012/03/18 19:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fixie
[2010/10/29 05:02:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames
[2010/01/25 03:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2012/03/17 20:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2012/03/17 20:49:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2011/11/22 09:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2012/08/15 23:47:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERSetup
[2014/01/30 23:47:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/11/19 22:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
[2012/05/31 23:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/01/17 12:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amazon
[2014/03/25 06:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2012/07/02 17:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Boomzap
[2010/03/30 09:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2013/07/24 13:18:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Elephant Games
[2011/11/09 23:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2010/01/08 00:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Esoteric Technologies
[2012/03/18 19:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Fixie
[2014/03/31 09:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FreeFileViewer
[2014/03/30 15:21:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImgBurn
[2009/12/08 16:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Individual Software
[2010/04/20 07:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mjusbsp
[2012/07/17 18:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Oracle
[2014/01/30 22:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlayFirst
[2009/12/08 00:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Playrix Entertainment
[2011/11/22 00:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RegistryKeys
[2014/03/30 15:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\rmi
[2009/12/07 14:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2010/02/01 17:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Spare Backup
[2010/03/08 12:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2009/12/07 20:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WildTangent
[2012/04/03 19:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2012/07/02 17:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search

========== Purity Check ==========

< End of report >


----------



## Sboutte (Jul 2, 2012)

OTL Extras logfile created on: 4/13/2014 5:14:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 58.25% Memory free
2.58 Gb Paging File | 1.84 Gb Available in Paging File | 71.20% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.25 Gb Total Space | 46.34 Gb Free Space | 65.96% Space Free | Partition Type: NTFS
Drive D: | 4.27 Gb Total Space | 1.71 Gb Free Space | 40.12% Space Free | Partition Type: FAT32

Computer Name: YOUR-3DC5C40E2A | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1"
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNetisabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabledxpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe:*isabled:magicJack -- (magicJack L.P.)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe" = C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe:*:Enabled:FreeFileViewerUpdateChecker -- (Bitberry Software)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BE7C1D9-06A8-466D-ADEA-B07F68BDEFB5}" = ESET NOD32 Antivirus
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 29
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{42AABEF1-60DB-44D8-9D12-D618E9F6964D}" = Solar Fire Gold
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67EF9779-AE54-443A-80D7-DACFC70CD917}" = Boatload of Crosswords
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{706BB40A-4102-4c89-8107-DC68C4EBD19B}" = HP Deskjet All-In-One Software 9.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{730E03E4-350E-48E5-9D3E-4329903D454D}" = Itibiti RTC
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F1B3341-A94E-4F5C-B587-CA0EB964221E}" = Microsoft Money Shared Libraries
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9C365A3-06C0-43b4-A2DB-EDF0A6079AA9}" = DJ_AIO_Software
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DF86A72C-4585-4D75-B592-968C8C6604A1}" = eMachines Connect
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EB48851B-96A4-489f-9F95-29F3731E9764}" = F2100_doccd
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F3F12856-3454-4E4C-BAE5-B9CC8EA33E93}" = Solar Spark v2.2
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F56D6F46-1D62-4734-BF12-6457A1ED17BD}" = DJ_AIO_Software_min
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"2DC0AA065FA83047D7ECD51C7000C1620D79A4C5" = Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)
"51A4D522DD31538335EF5736F0E7F588C70BCB12" = Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Amazon Kindle" = Amazon Kindle
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"BFG-Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe
"BFGC" = Big Fish: Game Manager
"BFG-Risk" = Risk
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F40&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"FreeFileViewer_is1" = Free File Viewer 2014
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Money2008b" = Microsoft Money Plus
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyPC Backup" = MyPC Backup 
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Speccy" = Speccy
"VLC media player" = VLC media player 2.1.3
"WIC" = Windows Imaging Component
"WildTangent emachines Master Uninstall" = eMachines Games
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WT083767" = Three Cards to Midnight
"WT085355" = Passport to Paradise
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/10/2014 12:05:04 AM | Computer Name = YOUR-3DC5C40E2A | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0x80072EFE

Error - 4/10/2014 12:05:04 AM | Computer Name = YOUR-3DC5C40E2A | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0xC004F00E .

Error - 4/10/2014 12:02:46 PM | Computer Name = YOUR-3DC5C40E2A | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0x80072EFE

Error - 4/10/2014 12:02:47 PM | Computer Name = YOUR-3DC5C40E2A | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0xC004F00E .

Error - 4/11/2014 3:27:10 PM | Computer Name = YOUR-3DC5C40E2A | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0x80072EFE

Error - 4/11/2014 3:27:11 PM | Computer Name = YOUR-3DC5C40E2A | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0xC004F00E .

Error - 4/12/2014 5:57:36 PM | Computer Name = YOUR-3DC5C40E2A | Source = Application Hang | ID = 1002
Description = Hanging application MyPC Backup.exe, version 1.0.0.0, hang module 
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/12/2014 5:57:58 PM | Computer Name = YOUR-3DC5C40E2A | Source = Application Hang | ID = 1001
Description = Fault bucket -1624095620.

Error - 4/12/2014 6:02:06 PM | Computer Name = YOUR-3DC5C40E2A | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0x80072EFE

Error - 4/12/2014 6:02:06 PM | Computer Name = YOUR-3DC5C40E2A | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0xC004F00E .

[ System Events ]
Error - 4/13/2014 8:04:08 AM | Computer Name = YOUR-3DC5C40E2A | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/13/2014 8:04:08 AM | Computer Name = YOUR-3DC5C40E2A | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/13/2014 8:04:08 AM | Computer Name = YOUR-3DC5C40E2A | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/13/2014 8:04:08 AM | Computer Name = YOUR-3DC5C40E2A | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/13/2014 8:04:08 AM | Computer Name = YOUR-3DC5C40E2A | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/13/2014 8:04:08 AM | Computer Name = YOUR-3DC5C40E2A | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/13/2014 8:04:08 AM | Computer Name = YOUR-3DC5C40E2A | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/13/2014 8:04:08 AM | Computer Name = YOUR-3DC5C40E2A | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/13/2014 8:04:08 AM | Computer Name = YOUR-3DC5C40E2A | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/13/2014 8:04:09 AM | Computer Name = YOUR-3DC5C40E2A | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

< End of report >


----------



## Sboutte (Jul 2, 2012)

Hi Kevin,

Yes I did use PCBackup so they have my pc backed up. I did as you suggested and uninstalled from Add/Remove before I ran OTL. Now looking through the logs I see there ae still fragments of MYPC in some folders. I'm not going to do anything until I hear from you. However they are charging my card $2.61 per month, how do I get rid of that charge? I guess that is up to me contacting them.

Later

Sharron


----------



## kevinf80 (Mar 21, 2006)

Re-Run







by double left click, Vista and Widows 7 users accept UAC alert. if applicable.


Under the







box at the bottom, paste in the following, start with and include the colon plus OTL . *:OTL*


```
:OTL
MOD - [2014/03/14 09:00:18 | 000,904,704 | ---- | M] () -- C:\Program Files\MyPC Backup\x86\System.Data.SQLite.dll
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe -- (vToolbarUpdater18.0.5)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Laflurla\bin\utilLaflurla.exe -- (Util Laflurla)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2014/03/21 11:45:25 | 000,042,272 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
CHR - homepage: http://start.mysearchdial.com/?f=1&a...1296096663&ir=
[2014/04/07 12:28:18 | 000,000,000 | ---D | C] -- C:\Program Files\MyPC Backup
[2014/03/21 11:45:25 | 000,042,272 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2014/04/07 12:27:21 | 010,372,136 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MyPCBackup_Setup.exe
[2012/03/17 20:49:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyPC Backup"=-
:Files
ipconfig /flushdns /c
:Commands
[emptytemp]
[CREATERESTOREPOINT]
```

Then click







button at the top
Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose *Yes*. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter **.log* and press the Enter key, navigate to the *C:\_OTL\MovedFiles folder*, and open the newest *.log* file present, and copy/paste the contents of that document back here in your next post.

Post that log, also let me know if there has been any improvement in your system...

Regarding cancellation of MyPCBackup:

This is a reply from MyPCBackup website:



> To cancel your account please email our cancellation team at *[email protected]* outlining the reasons for your cancellation and they will do their best to help you quickly and efficiently.


They also give a tel. no. list, not sure what the charge rate is so would be careful going down that road:

The telephone team is able to provide help with billing, unrecognized charges and renewal enquiries and you can call them on:

US - 1-888-851-0954
UK - 0844-445-7025
EU - 0044-844-445-7025
AU - 61-1-800-039-220
CA - 1-888-247-1610
International - 001-888-851-0954.

I would give this reason. My PC is beyond economical repair, i`m buying a new system that has its own backup facility included.I have already done personal backups of all I need to an external Hard drive so I no longer need your services....

I`d also contact your CC company and cancel that way if you have any issues.

If you prefer a reputable and very safe online back up service have a read at this link:

https://www.malwarebytes.org/securebackup/

They are not free so there will be charges, however they are very reputable and very reliable. One point of note though is the OS that you currently run (Windows XP) as the life span is more or less done, maybe time to upgrade your system.

Windows 7 or Windows 8/8.1 have there own back up systems,

I personally upgraded to Windows 8, then updated to 8.1. Regarding backups, I personally chose AX64 Time Machine, it has a lifetime license for about $35. It really is very simple to use and very reliable. http://www.ax64.com/

Kevin


----------



## Sboutte (Jul 2, 2012)

I ran it for almost 3 hrs and it quit responding so I rebooted and am going to try it once again.


----------



## Sboutte (Jul 2, 2012)

The code you entered is not complete on the right hand side, I didn't notice if that is how it shows up after pasting.


----------



## kevinf80 (Mar 21, 2006)

The code is complete, its just the forum software makes it appear as it does. Note the scroll bar along the bottom of the codebox.

If you put the cursor at the front of the colon before OTL *OTL)* hold the left hand mouse button and drag to the end of [CREATESYSTEMRESTOREPOINT] the full text wil be highlighted...

Select *Ctrl + C* to copy and then *Ctrl + V* to paste that text into the Custom Scan/Fixes box of OTL tool


----------



## Sboutte (Jul 2, 2012)

Good Morning Kevin,

I did all of that and double checked that I had the colol before OTL and CREATE RESTORE POINT AT THE END. So I know I had the entire code in the window. I thenwent to the Run/Fix button and clicked and then walked away from the computer and resumed my crocheting before I fell asleep. When I woke up this morning. there were still no logs. hmmm. Maybe I should check under OTL Just a sec.It's got 2 files but both are empty.

The second time I ran the program the desktop went black behind OTL. I know some program you had me run did that but don't recall if it was OTL

Blessings

Sharron


----------



## kevinf80 (Mar 21, 2006)

If the OTL fix was successful it would have saved the log file to this folder: *C:\_OTL\MovedFiles* Can you check if there are any logs in that folder...


----------



## Sboutte (Jul 2, 2012)

that I checked. Under that is MOVEDFILES THEN 2 FOLDERS UNDER THAT - 04142014_161610 & 04142014_194046 both of those folders are empty.

Just checked the time it was the first run. Maybe that blocked the second run. First run ended up NOT RESPONDING. Maybe I should delete those and run again?


----------



## kevinf80 (Mar 21, 2006)

Yep try again, this time disconnect from the internet and turn off security...


----------



## Sboutte (Jul 2, 2012)

okeedokee!


----------



## kevinf80 (Mar 21, 2006)

Post the log if OTL is successful this time...:up:


----------



## Sboutte (Jul 2, 2012)

For some reason it's showing this morning as completion time. I just gave up on it and had to reboot and when it came back up it was on the desktop.

OTL logfile created on: 4/14/2014 9:46:32 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.87% Memory free
2.58 Gb Paging File | 2.06 Gb Available in Paging File | 79.94% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.25 Gb Total Space | 46.71 Gb Free Space | 66.49% Space Free | Partition Type: NTFS
Drive D: | 4.27 Gb Total Space | 1.71 Gb Free Space | 40.12% Space Free | Partition Type: FAT32

Computer Name: YOUR-3DC5C40E2A | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- 
PRC - [2014/04/13 17:12:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2014/03/30 10:08:17 | 000,228,744 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
PRC - [2013/09/12 12:06:22 | 001,337,752 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2013/09/12 12:06:06 | 005,110,672 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2010/11/12 22:07:05 | 000,266,240 | ---- | M] () -- C:\WINDOWS\system32\CSHelper.exe
PRC - [2010/06/13 23:47:48 | 000,296,248 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Search Protection\YspService.exe
PRC - [2009/05/08 05:53:34 | 000,174,424 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2014/03/14 09:00:18 | 000,904,704 | ---- | M] () -- C:\Program Files\MyPC Backup\x86\System.Data.SQLite.dll
MOD - [2014/02/12 05:13:09 | 011,906,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\f0b0625c2db624ba9c97ad1b12490d79\System.Web.ni.dll
MOD - [2014/02/12 05:12:54 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\7e310942e6e9a5d623e003130ec3d9bd\System.Transactions.ni.dll
MOD - [2014/02/12 05:12:53 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8cd995f00848816e3ec49dc326e3d49b\System.ServiceProcess.ni.dll
MOD - [2014/02/12 05:12:38 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\5c157466d360a10b2c97e94b41ddc588\System.Management.ni.dll
MOD - [2014/02/12 05:12:22 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\78e7a4c3acd1a345c4ef1f73ff48a1dd\System.EnterpriseServices.ni.dll
MOD - [2014/02/12 04:50:52 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2014/02/12 04:50:37 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2014/02/12 04:50:34 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2014/02/12 04:38:38 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll
MOD - [2014/02/12 04:22:42 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll
MOD - [2014/02/12 04:22:30 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1cdfe1998ad6794db3237006906c6fa2\System.Windows.Forms.ni.dll
MOD - [2014/02/12 04:22:08 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\424bff3295c6e7539cc6df62b9425bd0\System.Drawing.ni.dll
MOD - [2014/02/12 04:21:36 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\af8afdcab485e00a04b18ed487981f3d\System.Data.ni.dll
MOD - [2014/02/12 04:12:13 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
MOD - [2014/02/12 04:11:04 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
MOD - [2010/11/12 22:07:05 | 000,266,240 | ---- | M] () -- C:\WINDOWS\system32\CSHelper.exe

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe -- (vToolbarUpdater18.0.5)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Laflurla\bin\utilLaflurla.exe -- (Util Laflurla)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2014/03/12 12:19:03 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/12 12:06:22 | 001,337,752 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/06/13 23:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/11/12 22:07:05 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\CSHelper.exe -- (CSHelper)
SRV - [2010/07/28 16:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/12/07 14:34:01 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2014/04/06 12:31:20 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2014/03/31 10:05:25 | 000,055,232 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tStLibG.sys -- (tStLibG)
DRV - [2014/03/21 11:45:25 | 000,042,272 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/09/17 15:17:38 | 000,184,664 | ---- | M] (ESET) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2013/09/17 15:17:38 | 000,134,248 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2013/09/17 15:17:38 | 000,118,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/02/17 07:19:00 | 000,057,672 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/02/17 07:17:00 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2006/07/18 17:16:08 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/07/18 17:15:18 | 000,256,128 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2006/07/18 17:15:10 | 000,728,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/02/27 08:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/09/23 19:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2001/08/17 21:10:58 | 000,069,692 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el575ND5.sys -- (el575nd5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C2 1F E5 EF FF 45 CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {2F4A34E0-1D17-4050-B49B-46263DEAE6B1}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2F4A34E0-1D17-4050-B49B-46263DEAE6B1}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADFA_en
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014/04/05 05:32:21 | 000,000,000 | ---D | M]

[2012/03/18 19:34:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{googleageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://start.mysearchdial.com/?f=1&...GyB0AtC0DtD0BzzyC0EtCyByE2Q&cr=1296096663&ir=
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: FromDocToPDF = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\8.22.3.43040_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\

O1 HOSTS File: ([2014/04/07 11:26:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\YspService.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: //@[email protected]/ ([]money in Local intranet)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{817FA071-AD53-4AA6-B7C6-BCFE83FF386C}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/06 19:38:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/04/13 17:12:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2014/04/13 12:03:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Macromed
[2014/04/13 06:59:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/04/07 12:28:18 | 000,000,000 | ---D | C] -- C:\Program Files\MyPC Backup
[2014/04/06 10:50:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Doctor Web
[2014/04/05 07:01:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2014/04/05 06:35:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ESET
[2014/04/05 05:32:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014/04/05 05:32:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2014/04/05 05:32:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2014/04/04 12:07:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/03/31 10:05:23 | 000,055,232 | ---- | C] (StdLib) -- C:\WINDOWS\System32\drivers\tStLibG.sys
[2014/03/31 09:21:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\FreeFileViewer
[2014/03/31 08:46:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\FreeFileViewer
[2014/03/31 08:43:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FreeFileViewer
[2014/03/31 08:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFileViewer
[2014/03/30 15:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\rmi
[2014/03/30 14:09:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2014/03/30 14:05:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ImgBurn
[2014/03/30 13:57:15 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2014/03/30 12:20:38 | 000,000,000 | ---D | C] -- C:\Program Files\Alex Feinman
[2014/03/25 05:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\.swt
[2014/03/25 04:57:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2014/03/25 03:57:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2014/03/22 13:33:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Windows Media
[2014/03/22 13:33:00 | 000,000,000 | ---D | C] -- C:\DECCHECK
[2014/03/20 13:02:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2014/03/20 13:02:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft Corporation
[2014/03/20 10:35:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\dvdcss
[2014/03/20 10:33:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\vlc
[2014/03/20 10:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/12/17 16:03:55 | 038,147,376 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe

========== Files - Modified Within 30 Days ==========

[2014/04/14 09:18:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/04/14 09:14:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/14 08:44:00 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\FreeFileViewerUpdateChecker.job
[2014/04/14 07:05:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2014/04/14 06:35:44 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E8CF57D3-0A42-4F7C-A14A-8B742D99AA68}.job
[2014/04/13 18:46:14 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2014/04/13 18:44:39 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/13 18:44:38 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/04/13 18:44:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/04/13 17:12:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2014/04/13 17:09:04 | 000,001,995 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Sharron Boutte - Chrome.lnk
[2014/04/13 16:59:31 | 005,316,608 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\My Money.mny
[2014/04/11 17:08:12 | 000,024,944 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2014/04/11 14:28:15 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/04/09 17:41:12 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/04/09 03:03:35 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/04/08 18:34:14 | 000,000,216 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/04/07 12:27:50 | 010,372,136 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MyPCBackup_Setup.exe
[2014/04/07 11:26:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/04/07 10:35:21 | 000,001,560 | ---- | M] () -- C:\FixitRegBackup.reg
[2014/04/06 12:31:20 | 000,013,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2014/04/06 10:46:02 | 145,763,488 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\cureit.exe
[2014/04/05 05:26:48 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2014/03/31 11:14:22 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/03/31 10:05:25 | 000,055,232 | ---- | M] (StdLib) -- C:\WINDOWS\System32\drivers\tStLibG.sys
[2014/03/31 08:43:41 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2014/03/31 08:29:25 | 000,000,043 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\WB.CFG
[2014/03/30 14:09:50 | 000,001,805 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2014/03/30 12:37:14 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to wmplayer.exe.lnk
[2014/03/30 12:35:46 | 000,000,510 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Windows XP Video Decoder Checkup Utility.lnk
[2014/03/29 08:31:21 | 000,624,810 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/03/29 08:31:21 | 000,128,842 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/03/28 11:57:41 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2014/03/28 11:57:41 | 000,000,000 | RHS- | M] () -- C:\CONFIG.SYS
[2014/03/25 07:50:12 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/03/21 23:33:24 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/03/21 11:45:25 | 000,042,272 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2014/03/20 08:46:25 | 000,118,784 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\baby Shiwer Booties.wps

========== Files Created - No Company Name ==========

[2014/04/08 20:29:32 | 000,001,995 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Sharron Boutte - Chrome.lnk
[2014/04/07 12:27:21 | 010,372,136 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MyPCBackup_Setup.exe
[2014/04/07 10:35:20 | 000,001,560 | ---- | C] () -- C:\FixitRegBackup.reg
[2014/04/06 10:36:22 | 145,763,488 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\cureit.exe
[2014/03/31 08:44:04 | 000,000,378 | ---- | C] () -- C:\WINDOWS\tasks\FreeFileViewerUpdateChecker.job
[2014/03/31 08:43:41 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2014/03/31 08:29:25 | 000,000,043 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\WB.CFG
[2014/03/30 13:57:32 | 000,001,805 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2014/03/30 12:37:14 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to wmplayer.exe.lnk
[2014/03/30 12:35:46 | 000,000,510 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Windows XP Video Decoder Checkup Utility.lnk
[2014/03/20 08:46:24 | 000,118,784 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\baby Shiwer Booties.wps
[2014/02/14 21:44:26 | 000,141,119 | ---- | C] () -- C:\WINDOWS\hpoins14.dat
[2014/02/14 21:44:25 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat
[2013/08/12 09:30:35 | 000,013,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2012/09/01 20:51:40 | 000,148,934 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2951212231-3065092772-446880446-1003-0.dat
[2012/09/01 13:22:25 | 000,148,934 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/08/06 17:53:06 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2012/07/16 12:08:30 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/17 12:25:49 | 000,000,021 | ---- | C] () -- C:\Documents and Settings\Owner\USB
[2011/03/26 06:37:23 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2011/01/17 12:35:33 | 001,008,936 | ---- | C] () -- C:\Program Files\AmazonMP3Installer.exe
[2009/12/08 12:24:10 | 000,024,944 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat

========== ZeroAccess Check ==========

[2006/05/06 19:44:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/02/24 18:54:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2014/04/05 05:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/10/20 00:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2012/03/18 19:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fixie
[2010/10/29 05:02:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames
[2010/01/25 03:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2012/03/17 20:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2012/03/17 20:49:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2011/11/22 09:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2012/08/15 23:47:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERSetup
[2014/01/30 23:47:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/11/19 22:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
[2012/05/31 23:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/01/17 12:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amazon
[2014/03/25 06:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2012/07/02 17:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Boomzap
[2010/03/30 09:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2013/07/24 13:18:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Elephant Games
[2011/11/09 23:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2010/01/08 00:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Esoteric Technologies
[2012/03/18 19:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Fixie
[2014/03/31 09:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FreeFileViewer
[2014/03/30 15:21:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImgBurn
[2009/12/08 16:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Individual Software
[2010/04/20 07:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mjusbsp
[2012/07/17 18:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Oracle
[2014/01/30 22:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlayFirst
[2009/12/08 00:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Playrix Entertainment
[2011/11/22 00:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RegistryKeys
[2014/03/30 15:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\rmi
[2009/12/07 14:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2010/02/01 17:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Spare Backup
[2010/03/08 12:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2009/12/07 20:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WildTangent
[2012/04/03 19:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2012/07/02 17:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search

========== Purity Check ==========

< End of report >


----------



## Sboutte (Jul 2, 2012)

Now this one is showing this afternoon??

OTL Extras logfile created on: 4/13/2014 5:14:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 58.25% Memory free
2.58 Gb Paging File | 1.84 Gb Available in Paging File | 71.20% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.25 Gb Total Space | 46.34 Gb Free Space | 65.96% Space Free | Partition Type: NTFS
Drive D: | 4.27 Gb Total Space | 1.71 Gb Free Space | 40.12% Space Free | Partition Type: FAT32

Computer Name: YOUR-3DC5C40E2A | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1"
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNetisabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabledxpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe:*isabled:magicJack -- (magicJack L.P.)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe" = C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe:*:Enabled:FreeFileViewerUpdateChecker -- (Bitberry Software)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BE7C1D9-06A8-466D-ADEA-B07F68BDEFB5}" = ESET NOD32 Antivirus
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 29
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{42AABEF1-60DB-44D8-9D12-D618E9F6964D}" = Solar Fire Gold
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67EF9779-AE54-443A-80D7-DACFC70CD917}" = Boatload of Crosswords
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{706BB40A-4102-4c89-8107-DC68C4EBD19B}" = HP Deskjet All-In-One Software 9.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{730E03E4-350E-48E5-9D3E-4329903D454D}" = Itibiti RTC
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F1B3341-A94E-4F5C-B587-CA0EB964221E}" = Microsoft Money Shared Libraries
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9C365A3-06C0-43b4-A2DB-EDF0A6079AA9}" = DJ_AIO_Software
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DF86A72C-4585-4D75-B592-968C8C6604A1}" = eMachines Connect
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EB48851B-96A4-489f-9F95-29F3731E9764}" = F2100_doccd
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F3F12856-3454-4E4C-BAE5-B9CC8EA33E93}" = Solar Spark v2.2
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F56D6F46-1D62-4734-BF12-6457A1ED17BD}" = DJ_AIO_Software_min
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"2DC0AA065FA83047D7ECD51C7000C1620D79A4C5" = Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)
"51A4D522DD31538335EF5736F0E7F588C70BCB12" = Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Amazon Kindle" = Amazon Kindle
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"BFG-Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe
"BFGC" = Big Fish: Game Manager
"BFG-Risk" = Risk
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F40&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"FreeFileViewer_is1" = Free File Viewer 2014
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Money2008b" = Microsoft Money Plus
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyPC Backup" = MyPC Backup 
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Speccy" = Speccy
"VLC media player" = VLC media player 2.1.3
"WIC" = Windows Imaging Component
"WildTangent emachines Master Uninstall" = eMachines Games
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WT083767" = Three Cards to Midnight
"WT085355" = Passport to Paradise
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/10/2014 12:05:04 AM | Computer Name = YOUR-3DC5C40E2A | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0x80072EFE

Error - 4/10/2014 12:05:04 AM | Computer Name = YOUR-3DC5C40E2A | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0xC004F00E .

Error - 4/10/2014 12:02:46 PM | Computer Name = YOUR-3DC5C40E2A | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0x80072EFE

Error - 4/10/2014 12:02:47 PM | Computer Name = YOUR-3DC5C40E2A | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0xC004F00E .

Error - 4/11/2014 3:27:10 PM | Computer Name = YOUR-3DC5C40E2A | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0x80072EFE

Error - 4/11/2014 3:27:11 PM | Computer Name = YOUR-3DC5C40E2A | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0xC004F00E .

Error - 4/12/2014 5:57:36 PM | Computer Name = YOUR-3DC5C40E2A | Source = Application Hang | ID = 1002
Description = Hanging application MyPC Backup.exe, version 1.0.0.0, hang module 
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/12/2014 5:57:58 PM | Computer Name = YOUR-3DC5C40E2A | Source = Application Hang | ID = 1001
Description = Fault bucket -1624095620.

Error - 4/12/2014 6:02:06 PM | Computer Name = YOUR-3DC5C40E2A | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0x80072EFE

Error - 4/12/2014 6:02:06 PM | Computer Name = YOUR-3DC5C40E2A | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0xC004F00E .

[ System Events ]
Error - 4/13/2014 8:04:08 AM | Computer Name = YOUR-3DC5C40E2A | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/13/2014 8:04:08 AM | Computer Name = YOUR-3DC5C40E2A | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/13/2014 8:04:08 AM | Computer Name = YOUR-3DC5C40E2A | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/13/2014 8:04:08 AM | Computer Name = YOUR-3DC5C40E2A | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/13/2014 8:04:08 AM | Computer Name = YOUR-3DC5C40E2A | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/13/2014 8:04:08 AM | Computer Name = YOUR-3DC5C40E2A | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/13/2014 8:04:08 AM | Computer Name = YOUR-3DC5C40E2A | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/13/2014 8:04:08 AM | Computer Name = YOUR-3DC5C40E2A | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/13/2014 8:04:08 AM | Computer Name = YOUR-3DC5C40E2A | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/13/2014 8:04:09 AM | Computer Name = YOUR-3DC5C40E2A | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

< End of report >


----------



## kevinf80 (Mar 21, 2006)

I believe must have got crossed wires somehow Sharron, I did not want you to run a fresh scan with OTL. I want you to run the instructions as posted in reply #48 and post that log...

Kevin


----------



## Sboutte (Jul 2, 2012)

Just now seeing your message did I realize that what I sent must have been initial logs.How long is it supposed to take to run/fix? Just curious because it takes forever.I've been letting it run for 3-5 hours and all night long once. I don't know why I got the logs OTL and extras but I will try again this morning.

Sharron


----------



## Sboutte (Jul 2, 2012)

Twice now I have tried to run the fix and both times the computer rebooted and sent me an Error Msg talking about a blue screen, Idid not have a blue screen but I guessthey are sayng that it is imminent. On the second time I wrote down the error code. I don't know if it will hrlp but here it is

BCCode : 100000ce BCP1 : A479 7094 BCP2 00000008 BCP3 : A4797094

BCP4 : 00000080 05VER : 5_1_2600 SP3_0 Product : 768_1

It's gobbledegook to me but maybe it makes sense to you. I'm a bit afraid to run the OTL again although I thought maybe if I deleted this one and downloada anotjer it might work. Will wait for your reply


----------



## kevinf80 (Mar 21, 2006)

Hello Sharron,

Leave OTL, we try another way....

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe

Double click *OTM.exe* to start the tool. Vista or Windows 7 users accepy UAC alert. *Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion....* If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

*Copy* the text from the code box belowbelow to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*). Ensure to start with and include the colon before Reg *:Reg*


```
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyPC Backup"=-
:Files
ipconfig /flushdns /c
C:\Program Files\MyPC Backup\x86\System.Data.SQLite.dll
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
C:\Program Files\Laflurla\bin\utilLaflurla.exe
C:\WINDOWS\system32\drivers\avgtpx86.sys
C:\Program Files\MyPC Backup
C:\WINDOWS\System32\drivers\avgtpx86.sys
C:\Documents and Settings\Owner\Desktop\MyPCBackup_Setup.exe
C:\Documents and Settings\All Users\Application Data\IncrediMail
C:\Program Files\Laflurla
C:\Program Files\Common Files\AVG Secure Search
:Commands
[EmptyTemp]
```

 Return to OTMoveIt3, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*.
Click the red







button.
*Copy* everything in the Results window (under the green bar) to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close *OTM*
*Note:* If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.*

If the machine reboots, the Results log can be found here:

*c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log*

Where mmddyyyy_hhmmss is the date of the tool run.

Next,








Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Next,

Download Security Check by screen317 from either of the following: 
http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)
Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me see those logs, also let me know if there are any remaining issues or concerns..

Kevin...


----------



## Sboutte (Jul 2, 2012)

When machine rebooted Notepad opened with results:

All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\MyPC Backup not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
DllUnregisterServer procedure not found in C:\Program Files\MyPC Backup\x86\System.Data.SQLite.dll
C:\Program Files\MyPC Backup\x86\System.Data.SQLite.dll moved successfully.
File/Folder C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe not found.
File/Folder C:\Program Files\Laflurla\bin\utilLaflurla.exe not found.
C:\WINDOWS\system32\drivers\avgtpx86.sys moved successfully.
C:\Program Files\MyPC Backup\x86 folder moved successfully.
C:\Program Files\MyPC Backup\Resources\cache folder moved successfully.
C:\Program Files\MyPC Backup\Resources folder moved successfully.
C:\Program Files\MyPC Backup\log folder moved successfully.
C:\Program Files\MyPC Backup\Database folder moved successfully.
C:\Program Files\MyPC Backup\Config folder moved successfully.
C:\Program Files\MyPC Backup folder moved successfully.
File/Folder C:\WINDOWS\System32\drivers\avgtpx86.sys not found.
C:\Documents and Settings\Owner\Desktop\MyPCBackup_Setup.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Licenses folder moved successfully.
C:\Documents and Settings\All Users\Application Data\IncrediMail\Data folder moved successfully.
C:\Documents and Settings\All Users\Application Data\IncrediMail folder moved successfully.
File/Folder C:\Program Files\Laflurla not found.
File/Folder C:\Program Files\Common Files\AVG Secure Search not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 789884 bytes

User: Owner
->Temp folder emptied: 10875787 bytes
->Temporary Internet Files folder emptied: 6080920 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 10666329 bytes
->Flash cache emptied: 595 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 263262 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 30851 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1471295398 bytes

Total Files Cleaned = 1,431.00 mb

OTM by OldTimer - Version 3.1.21.0 log created on 04162014_130455

Files moved on Reboot...

Registry entries deleted on Reboot...


----------



## Sboutte (Jul 2, 2012)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by Owner on Wed 04/16/2014 at 13:22:49.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 04/16/2014 at 13:28:38.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


----------



## kevinf80 (Mar 21, 2006)

Any remaining issues or concerns?


----------



## Sboutte (Jul 2, 2012)

That Java 6u29 has been hanging around forever. Tried to get rid of it in a previous session but all that happened waas that it couldn't find the program which created it (I forge what it was called)

Results of screen317's Security Check version 0.99.81 
Windows XP Service Pack 3 x86 
Internet Explorer 8 
*``````````````Antivirus/Firewall Check:``````````````* 
Windows Firewall Enabled! 
ESET NOD32 Antivirus 
*`````````Anti-malware/Other Utilities Check:`````````* 
Malwarebytes Anti-Malware version 1.75.0.1300 
Java(TM) 6 Update 29 
*Java version out of Date!* 
Adobe Reader XI 
Google Chrome 33.0.1750.154 
Google Chrome 34.0.1847.116 
Google Chrome plugins... 
*````````Process Check: objlist.exe by Laurent````````* 
ESET NOD32 Antivirus egui.exe 
ESET NOD32 Antivirus ekrn.exe 
Malwarebytes' Anti-Malware mbamscheduler.exe 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive C:: 5% 
*````````````````````End of Log``````````````````````*


----------



## kevinf80 (Mar 21, 2006)

Hiya Sharron...

Your Java







is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

*Upgrading Java:*

Go to http://java.com/en/ and click on *"Do I have Java"*
It will check your current version and then offer to update to the latest version
Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

****Note:* Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them.

Kevin...


----------



## Sboutte (Jul 2, 2012)

I went to the java page and installed Java 7u55. Trying to uninstall jre6 has been a pain. under add/remove. it doesn't even give an add or remove choice. I went back to Java and clicked on the uninstall tool and it told me that older versions that can't be uninstalled is because they aren't installed. So I guess my java 6u29 must not be installed?

Sharron


----------



## kevinf80 (Mar 21, 2006)

Download GeekUninstaller from here: http://www.geekuninstaller.com/download (Choose free version) Save Geek.zip to your Desktop. (Visit the Home page at that link for necessary information)

Extract Geek Uninstaller and save to your Desktop. There is no need to install, the executable is portable and can also be run from a USB if required.

Run the tool, the main GUI will populate with installed programs list,

Left click on *Program name* to highlight that entry.

Select *Action* from the Menu bar, then *Uninstall* from there follow the prompts.

If *Uninstall* fails open the "Action" menu one more time and use "Force Removal" option

Does that help...


----------



## Sboutte (Jul 2, 2012)

Good Morning Kevin

I had to force it and it took out 625 files to get it.

Before I uninstalled this I checked one of my fav programs. It doesn't work, it is old so I'm wondering if the new Java is the reason it does not work. It states Run Time Error '9' Subscript out of range.

Have a great Day!

Sharron


----------



## Sboutte (Jul 2, 2012)

I searched forum for Run Time Error 9 Subscript out of Range and found that HJT was asked for so I ran it again. Solar Fire 7 is the program, sometimes named Solfire. wish I knew how to read this HJT!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:57:13 AM, on 4/17/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Yahoo!\Search Protection\YspService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\YspService.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 6814 bytes


----------



## Sboutte (Jul 2, 2012)

for some reason my sound isn't working 
either


----------



## kevinf80 (Mar 21, 2006)

Your HJT log is clean, nothing to worry about...



> Solar Fire 7 is the program, sometimes named Solfire


Uninstall and then reinstall the program you have issues with, see if that helps....

Regarding your sound problem, open device manager; expand "Sound, video and game controllers" are there any exclamation or question marks listed...


----------



## Sboutte (Jul 2, 2012)

I think everything is going ok now. I guess I'll mark this solved after I hear from you. I need to go to the Linux forum unless you know of a better program to go to besides xp or should I just keep xp. If I do I want to be able to do a dual boot. Any input is greatly appreciasted. Thanks so much Kevin!

Happy Easter!

Sharron


----------



## kevinf80 (Mar 21, 2006)

If your system is responding ok run the following:

Download *"Delfix by Xplode"* and save it to your desktop.

*"Delfix link mirror"*

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:


 Remove disinfection tools
 Create registry backup
 Reset system settings

Now click on "*Run*" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Next,

If you intend using a linux based system I would recommend Ubuntu, very simple to use in my opinion....

Meet Ubuntu - http://www.ubuntu.com/desktop

Duel boot XP and Ubuntu - http://www.wikihow.com/Dual-Boot-Windows-XP-and-Ubuntu

Have fun with Ubuntu, it is easy to use in my opinion... I guess you can mark this solved anytime you`re ready...

Take care,

Kevin


----------



## Sboutte (Jul 2, 2012)

Hi Kevin,

I've been trying all day to get online, indeed to just get any program open. I've tried to get machine to shut down with task manager and get a warning. Had to cold boot everytime. This time I used F11 to restore, not sure if that is why I'm here or not because it never said anything like "entering restore" but then its been a long time since I've had to restore.

I thought that it was maybe my isp but mydaughter went online and we worked cleaning up her computer with no problems. This all started after I downloaded Ubuntu. I'm not blaming Ubuntu just giving info

Sharron


----------



## Sboutte (Jul 2, 2012)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:23:05 PM, on 4/23/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Yahoo!\Search Protection\YspService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\YspService.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 6748 bytes


----------



## Sboutte (Jul 2, 2012)

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-04-23 20:19:03
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e ST380815AS rev.4.AAA 74.53GB
Running: oroxcv0f.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\awrcyfod.sys

---- System - GMER 2.1 ----

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwAssignProcessToJobObject [0xA4546C40]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwCreateThread [0xA4546F80]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwDebugActiveProcess [0xA4547240]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwDuplicateObject [0xA4546D60]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwLoadDriver [0xA4547040]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwOpenProcess [0xA4546AE0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwOpenThread [0xA4546BA0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwProtectVirtualMemory [0xA4546D00]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwQueueApcThread [0xA4546DC0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetContextThread [0xA4546CC0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetInformationThread [0xA4546C80]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetSecurityObject [0xA4546E00]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetSystemInformation [0xA4547000]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSuspendProcess [0xA4546B40]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSuspendThread [0xA4546BC0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSystemDebugControl [0xA4546FC0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwTerminateProcess [0xA4546B00]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwTerminateThread [0xA4546C00]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwWriteVirtualMemory [0xA4546D80]

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2818 80502074 12 Bytes [40, 6B, 54, A4, C0, 6B, 54, ...] {INC EAX; IMUL EDX, [ESP-0x40], 0x6b; PUSH ESP; MOVSB ; SHR BYTE [EDI+0x54], 0xa4}
? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys The filename, directory name, or volume label syntax is incorrect. !

---- User code sections - GMER 2.1 ----

.text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 34, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 37, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 34, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 35, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91DB4E 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 36, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 35, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 36, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91DBBF 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 34, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91DCED 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 35, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 36, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtTerminateProcess 7C90DE6E 5 Bytes JMP 0042DC15 C:\Program Files\Google\Chrome\Application\chrome.exe
.text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 37, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[372] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\WINDOWS\system32\SearchIndexer.exe[1220] kernel32.dll!WriteFile 7C8112FF 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1848] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [18, 00, C3, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, F0, D0, 00] {SUB AL, DH; ROL BYTE [EAX], 0x1}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, F3, D0, 00] {SUB BL, DH; ROL BYTE [EAX], 0x1}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, F0, D0, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, F1, D0, 00] {TEST AL, 0xf1; ROL BYTE [EAX], 0x1}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91A70A 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, F2, D0, 00] {TEST AL, 0xf2; ROL BYTE [EAX], 0x1}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, F1, D0, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, F2, D0, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91A77B 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, F0, D0, 00] {TEST AL, 0xf0; ROL BYTE [EAX], 0x1}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91A8A9 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, F1, D0, 00] {SUB CL, DH; ROL BYTE [EAX], 0x1}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, F2, D0, 00] {SUB DL, DH; ROL BYTE [EAX], 0x1}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, F3, D0, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

---- Devices - GMER 2.1 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys
AttachedDevice \Driver\Tcpip \Device\Ip tStLibG.sys
AttachedDevice \Driver\Tcpip \Device\Tcp tStLibG.sys
AttachedDevice \Driver\Tcpip \Device\Udp tStLibG.sys
AttachedDevice \Driver\Tcpip \Device\RawIp tStLibG.sys
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----


----------



## Sboutte (Jul 2, 2012)

I thought I already posted these but now i don't wee them. Must be going blind! LOL

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.55.2
Run by Owner at 19:29:35 on 2014-04-23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1384 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Fix it Center\Matsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Yahoo!\Search Protection\YspService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uProxyOverride = <local>;*.local
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Yahooo Search Protection: {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [cdloader] "c:\documents and settings\owner\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\YspService.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{817FA071-AD53-4AA6-B7C6-BCFE83FF386C} : DHCPNameServer = 192.168.0.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2013-9-17 134248]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2013-9-17 118768]
R1 tStLibG;tStLibG;c:\windows\system32\drivers\tStLibG.sys [2014-3-31 55232]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2010-11-12 266240]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2013-9-12 1337752]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-12 418376]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-20 22856]
S1 avgtp;avgtp;\??\c:\windows\system32\drivers\avgtpx86.sys --> c:\windows\system32\drivers\avgtpx86.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-20 701512]
S3 519D104915E3F314;519D104915E3F314;c:\documents and settings\owner\local settings\temp\209E54678.sys [2014-4-23 295224]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2006-6-30 69692]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2013-8-12 13464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2014-04-18 15:46:15	--------	d-----w-	c:\program files\common files\Esoteric Technologies
2014-04-17 11:05:45	--------	d-----w-	c:\documents and settings\owner\application data\Geek Uninstaller
2014-04-17 02:16:08	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2014-04-07 15:35:20	1560	----a-w-	C:\FixitRegBackup.reg
2014-04-06 15:50:17	--------	d-----w-	c:\documents and settings\owner\Doctor Web
2014-04-05 11:35:21	--------	d-----w-	c:\documents and settings\owner\local settings\application data\ESET
2014-04-05 10:32:13	--------	d-----w-	c:\program files\ESET
2014-04-04 17:07:46	--------	d-----w-	c:\windows\ERUNT
2014-03-31 15:05:23	55232	----a-w-	c:\windows\system32\drivers\tStLibG.sys
2014-03-31 14:21:33	--------	d-----w-	c:\documents and settings\owner\application data\FreeFileViewer
2014-03-31 13:46:27	--------	d-----w-	c:\documents and settings\owner\local settings\application data\FreeFileViewer
2014-03-31 13:43:15	--------	d-----w-	c:\program files\FreeFileViewer
2014-03-30 20:15:39	--------	d-----w-	c:\documents and settings\owner\application data\rmi
2014-03-30 17:20:38	--------	d-----w-	c:\program files\Alex Feinman
2014-03-25 10:01:49	--------	d-----w-	c:\documents and settings\owner\.swt
2014-03-25 09:57:46	--------	d-----w-	c:\documents and settings\owner\application data\Azureus
.
==================== Find3M ====================
.
2014-04-17 02:15:17	145408	----a-w-	c:\windows\system32\javacpl.cpl
2014-04-06 17:31:20	13464	----a-w-	c:\windows\system32\drivers\SWDUMon.sys
2014-03-12 17:18:58	692616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-03-12 17:18:57	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-06 17:59:23	920064	----a-w-	c:\windows\system32\wininet.dll
2014-03-06 17:59:22	43520	------w-	c:\windows\system32\licmgr10.dll
2014-03-06 17:59:22	18944	----a-w-	c:\windows\system32\corpol.dll
2014-03-06 17:59:22	1469440	------w-	c:\windows\system32\inetcpl.cpl
2014-03-06 00:46:54	385024	------w-	c:\windows\system32\html.iec
2014-02-26 01:59:05	13312	------w-	c:\windows\system32\xp_eos.exe
2014-02-07 02:01:37	1879040	----a-w-	c:\windows\system32\win32k.sys
2014-02-05 08:55:04	562688	----a-w-	c:\windows\system32\qedit.dll
2011-01-17 17:35:38	1008936	-c--a-w-	c:\program files\AmazonMP3Installer.exe
2010-12-17 21:04:02	38147376	-c--a-w-	c:\program files\QuickTimeInstaller.exe
.
============= FINISH: 19:32:14.04 ===============
Attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/7/2009 1:29:30 PM
System Uptime: 4/23/2014 6:44:49 PM (1 hours ago)
.
Motherboard: ELITEGROUP | | 945GCT-M3
Processor: Intel Celeron processor | Socket 775 | 1599/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 46.669 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 1.712 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Reader XI (11.0.06)
Adobe SVG Viewer 3.0
AIO_Scan
Amazon Kindle
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Software Update
Bejeweled 2 Deluxe
Big Fish: Game Manager
Boatload of Crosswords
Bonjour
BufferChm
CCScore
Copy
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DJ_AIO_Software
DJ_AIO_Software_min
DVD Suite
eMachines Connect
eMachines Games
ESET NOD32 Antivirus
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
eSupportQFolder
F2100_doccd
fflink
Free File Viewer 2014
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.0.0
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 9.0
HP Deskjet All-In-One Software 9.0
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Product Assistant
HP Solution Center 9.0
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
ImgBurn
Intel(R) Graphics Media Accelerator Driver
Internet Explorer (Enable DEP)
ISO Recorder
Itibiti RTC
Java 7 Update 55
Java Auto Updater
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KSU
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Automated Troubleshooting Services Shim
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Fix it Center
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money Plus
Microsoft Money Shared Libraries
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft UI Engine
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Works
Microsoft WSE 2.0 SP3 Runtime
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
netbrdg
Notifier
OfotoXMI
Passport to Paradise
PSSWCORE
Realtek High Definition Audio Driver
Recovery Software Suite eMachines
Risk
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2909921)
Security Update for Windows Internet Explorer 8 (KB2925418)
Security Update for Windows Internet Explorer 8 (KB2936068)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2922229)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SFR
SHASTA
skin0001
SKINXSDK
Soft Data Fax Modem with SmartCP
Solar Fire Gold
Solar Spark v2.2
SolutionCenter
Speccy
staticcr
Status
Three Cards to Midnight
Toolbox
tooltips
TrayApp
TurboTax 2009 wrapper
Unity Web Player
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB2934207)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoToolkit01
VLC media player 2.1.3
VPRINTOL
WebFldrs XP
WebReg
Windows Backup Utility
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows Search 4.0
Windows XP Service Pack 3
WIRELESS
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Mail Advisor
Yahoo! Search Protection
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
4/18/2014 11:35:12 AM, error: Dhcp [1002] - The IP address lease 192.168.0.10 for the Network Card with network address 0019212EE670 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
4/18/2014 10:20:30 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
4/16/2014 7:25:51 AM, error: System Error [1003] - Error code 100000ce, parameter1 a4797094, parameter2 00000008, parameter3 a4797094, parameter4 00000000.
4/16/2014 7:14:12 AM, error: System Error [1003] - Error code 100000ce, parameter1 a5fbc094, parameter2 00000008, parameter3 a5fbc094, parameter4 00000000.
4/16/2014 6:34:10 AM, error: Service Control Manager [7000] - The vToolbarUpdater18.0.5 service failed to start due to the following error: The system cannot find the file specified.
4/16/2014 6:34:10 AM, error: Service Control Manager [7000] - The Util Laflurla service failed to start due to the following error: The system cannot find the path specified.
4/16/2014 2:17:54 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgtp
4/16/2014 1:04:55 PM, error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).
4/16/2014 1:04:55 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
4/16/2014 1:04:55 PM, error: Service Control Manager [7034] - The CopySafe Helper Service service terminated unexpectedly. It has done this 1 time(s).
4/16/2014 1:04:55 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
4/16/2014 1:04:55 PM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
.
==== End Of File ===========================


----------



## kevinf80 (Mar 21, 2006)

Hello Sharron,

I cannot understand how simply downloading Ubuntu ISO can cause any specific issues, the site links I listed for you are very trustworthy, I use them often without any issues whatsoever....

You mention using "restore" do you mean using "system restore" whereat you restore your system to an ealier created restore point.

You have also posted an array of logs, are you indicating your system has issues and requires further attention?

Kevin


----------



## Sboutte (Jul 2, 2012)

I didn't mean to imply that the download was bad, it was just a time line. I had problems with the download, it took me several tries to get it to work. I would click on the download button and nothing would happen. Finally I shut down and waited about an hour then tried again. I got the download that time. I then tried to make a DVD with no luck. Odd thing then, I tried again to make the disc and when I did a program I've never seen before popped up "CD Burning" sounded good so I went ahead with thee try but got error msg saying the disc was either full or could not be written to...something like that. I was geting frustrated so I quit for awhile.

About an hour later I tried to get online to read more about Ubuntu and when I clicked on the icon nothing happened. I tried IE and nothing so I went to shut down and it took about 45 minutes to shut down. When it came back up I tried again and no matter what icon I clicked on nothing happened (couldn't even get start button to work) so I went to shut down again...this ime it wouldn't shut down so I did cntrl-alt-delete and brought up task mgr. I clicked on shut down. Nothing happened. The system was frozen so I just shut it down with power button. I had to do that a couple of times and finally remembered to hit restore (F11) and here I am.

Thinking about it now those logs probably won't show anything since i am in restore, I don't know ...just confused.

Have a good day Kevin
Sharron


----------



## Sboutte (Jul 2, 2012)

PS...I've got Ubuntu dwnload sitting, waiting to be written to disc. I couldn't even get F: drive for flash drive to come up.


----------



## kevinf80 (Mar 21, 2006)

> I couldn't even get F: drive for flash drive to come up.


What do you mean, did you have a flash drive plugged in and it was not recognized?


----------



## Sboutte (Jul 2, 2012)

I had flash drive plugged in, opened up computer folder and it showed C drive, d drive, e drive but not F drive


----------



## kevinf80 (Mar 21, 2006)

Go here: http://support.microsoft.com/kb/925196/en-gb Scroll to "Resolution" and run the "Fix-it"

Reboot when done, plug in the flash drive, is it recognized?


----------



## Sboutte (Jul 2, 2012)

I did as you suggested and all it would do was check the Drive e: then stated that it would not burn or write a cd or dvd. I did write the Linux 13 but that was before the 8th. Just now a page opened up that stated that xp cannot detect a USB flash drive, Apple IPod or an external hard disk drive. So it looks like I am screwed on this. I will have to find a place that sells Ubuntu disks. In the meantime I need to clean the machine. May try downloading Ubuntu on my daughter's laptop, she's running Vista so may not work there either but will give it a try. I'm still having problems like I described earlier. Computer not responding, having to shut it down manually. Having so many problems with xp I may just have to go to full Ubuntu and forget the xp. Just won't be able to run some of my programs that I will really miss. Wish I would have known they were going to do this when I bought it! There is a link on that page that states what xp will not support any longer to email. If you wish I willemail it to you or here is the address http://support.microsoft.com/kb/925196.It states further down that this is caused by corrupted or incorrect keys in the registry. This is he same page as "Fixit".


----------



## kevinf80 (Mar 21, 2006)

OK if your system still has issues lets give Combofix a whirl...

Delete any versions of Combofix that you *may have* on your Desktop, download a fresh copy from either of the following links :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

http://www.infospyware.net/antimalware/combofix/


 Ensure that Combofix is saved directly to the Desktop * <--- Very important*

 Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.

 Close any open browsers and any other programs you might have running

 Double click the







icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)

 Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.

 If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.

 When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

*******Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze* ******

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

*EXTRA NOTES*

 If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
 *If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal*
 If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin


----------



## Sboutte (Jul 2, 2012)

ComboFix 14-04-26.01 - Owner 04/28/2014 17:54:26.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1504 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((( Files Created from 2014-03-28 to 2014-04-28 )))))))))))))))))))))))))))))))
.
.
2014-04-18 15:46 . 2014-04-18 15:47	--------	d-----w-	c:\program files\Common Files\Esoteric Technologies
2014-04-17 11:05 . 2014-04-17 11:13	--------	d-----w-	c:\documents and settings\Owner\Application Data\Geek Uninstaller
2014-04-17 02:16 . 2014-04-17 02:15	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2014-04-07 15:35 . 2014-04-07 15:35	1560	----a-w-	C:\FixitRegBackup.reg
2014-04-06 15:50 . 2014-04-13 12:39	--------	d-----w-	c:\documents and settings\Owner\Doctor Web
2014-04-05 12:01 . 2014-04-05 12:01	--------	d-----w-	c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2014-04-05 11:35 . 2014-04-05 11:35	--------	d-----w-	c:\documents and settings\Owner\Local Settings\Application Data\ESET
2014-04-05 10:32 . 2014-04-05 10:32	--------	d-----w-	c:\program files\ESET
2014-04-05 10:32 . 2014-04-05 10:32	--------	d-----w-	c:\documents and settings\All Users\Application Data\ESET
2014-04-04 17:07 . 2014-04-21 17:02	--------	d-----w-	c:\windows\ERUNT
2014-03-31 15:05 . 2014-03-31 15:05	55232	----a-w-	c:\windows\system32\drivers\tStLibG.sys
2014-03-31 14:21 . 2014-03-31 14:25	--------	d-----w-	c:\documents and settings\Owner\Application Data\FreeFileViewer
2014-03-31 13:46 . 2014-03-31 13:46	--------	d-----w-	c:\documents and settings\Owner\Local Settings\Application Data\FreeFileViewer
2014-03-31 13:43 . 2014-03-31 13:43	--------	d-----w-	c:\program files\FreeFileViewer
2014-03-30 20:15 . 2014-03-30 20:15	--------	d-----w-	c:\documents and settings\Owner\Application Data\rmi
2014-03-30 19:05 . 2014-03-30 20:21	--------	d-----w-	c:\documents and settings\Owner\Application Data\ImgBurn
2014-03-30 18:57 . 2014-03-30 18:57	--------	d-----w-	c:\program files\ImgBurn
2014-03-30 17:20 . 2014-03-31 03:15	--------	d-----w-	c:\program files\Alex Feinman
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-28 19:20 . 2012-03-30 13:32	692400	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-04-28 19:20 . 2011-05-15 03:36	70832	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-17 02:15 . 2012-06-07 18:06	145408	----a-w-	c:\windows\system32\javacpl.cpl
2014-04-06 17:31 . 2013-08-12 14:30	13464	----a-w-	c:\windows\system32\drivers\SWDUMon.sys
2014-03-06 17:59 . 2006-05-07 00:24	920064	----a-w-	c:\windows\system32\wininet.dll
2014-03-06 17:59 . 2006-05-07 00:24	43520	------w-	c:\windows\system32\licmgr10.dll
2014-03-06 17:59 . 2006-05-07 00:24	1469440	------w-	c:\windows\system32\inetcpl.cpl
2014-03-06 17:59 . 2006-05-07 00:24	18944	----a-w-	c:\windows\system32\corpol.dll
2014-03-06 00:46 . 2006-05-07 00:24	385024	------w-	c:\windows\system32\html.iec
2014-02-26 01:59 . 2014-03-10 15:28	13312	------w-	c:\windows\system32\xp_eos.exe
2014-02-07 02:01 . 2006-05-07 00:24	1879040	----a-w-	c:\windows\system32\win32k.sys
2014-02-05 08:55 . 2006-05-07 00:24	562688	----a-w-	c:\windows\system32\qedit.dll
2011-01-17 17:35 . 2011-01-17 17:35	1008936	-c--a-w-	c:\program files\AmazonMP3Installer.exe
2010-12-17 21:04 . 2010-12-17 21:03	38147376	-c--a-w-	c:\program files\QuickTimeInstaller.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\YspService.exe" [2010-06-14 296248]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-07-06 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5110672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57	959904	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2006-10-06 05:13	114688	----a-w-	c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 03:34	49152	----a-w-	c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-10-06 05:11	98304	----a-w-	c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-07-17 17:12	288080	----a-w-	c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2006-10-06 05:10	94208	----a-w-	c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2005-09-22 19:36	14854144	----a-w-	c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2012-07-06 02:14	39408	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9/17/2013 3:17 PM 134248]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9/17/2013 3:17 PM 118768]
R1 tStLibG;tStLibG;c:\windows\system32\drivers\tStLibG.sys [3/31/2014 10:05 AM 55232]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/12/2013 12:06 PM 1337752]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/12/2012 3:29 AM 418376]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/20/2012 10:18 AM 22856]
S1 avgtp;avgtp;\??\c:\windows\system32\drivers\avgtpx86.sys --> c:\windows\system32\drivers\avgtpx86.sys [?]
S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [11/12/2010 10:07 PM 266240]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/20/2012 10:18 AM 701512]
S3 519D104915E3F314;519D104915E3F314;\??\c:\documents and settings\owner\local settings\temp\209E54678.sys --> c:\documents and settings\owner\local settings\temp\209E54678.sys [?]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [6/30/2006 11:44 PM 69692]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 11:09 PM 267568]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [8/12/2013 9:30 AM 13464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-28 19:14	1078088	----a-w-	c:\program files\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 10:32	128512	----a-w-	c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 19:20]
.
2014-04-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2014-04-26 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 04:09]
.
2014-04-28 c:\windows\Tasks\DataUpload.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 04:09]
.
2014-04-28 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2014-03-31 22:24]
.
2014-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-06 02:13]
.
2014-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-06 02:13]
.
2014-04-26 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-10 01:59]
.
2014-04-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-10 01:59]
.
2014-04-28 c:\windows\Tasks\User_Feed_Synchronization-{E8CF57D3-0A42-4F7C-A14A-8B742D99AA68}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>;*.local
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-04-28 18:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2792)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\windows\system32\ieframe.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2014-04-28 18:07:27
ComboFix-quarantined-files.txt 2014-04-28 23:07
.
Pre-Run: 50,207,985,664 bytes free
Post-Run: 50,217,013,248 bytes free
.
- - End Of File - - CED84AA27B034A425845568857F150F4
985AD624FD084BEB528ABB11E03ABA6F

My ISP has been offline for a couple of days, Hopefully it will stay online now. Didn't have any black screens.

Later

Sharron


----------



## kevinf80 (Mar 21, 2006)

Clean log, what issues or concerns remain.......


----------



## Sboutte (Jul 2, 2012)

Everything seems ok, except for loading Ubuntu. I may have to load Linux 13 since I got it burnt to DVD. I don't know why Ubuntu won't burn. It's been a pleasure working with you. Thanks bunches!

Sharron


----------



## kevinf80 (Mar 21, 2006)

Anytime Sharron, have fun with Linux....

Kevin:up:


----------

