# In Windows XP, .exe files have become .lnk files, I can't access anything.



## mathcheck (Mar 28, 2013)

System restore won't work. Everytime I try something it keeps asking "Choose the program you want to use to open this file." The highlighted curser always lands on "Window media Player" which I don't want. In a round about way I can get online, and into Word, after deleting a "machine language" page. I can't get into Excel. I've been through the suggested procedures in this forum, the most promising was Doug Knox's - Windows xp file association fixes, but nothing happened. Would someone please walk me through the procedure. I think I may have missed something, or am doing something wrong. Please explain it to me like I am a fifth grader or younger. Thank you.


----------



## Mark1956 (May 7, 2011)

What usually causes the problem to occur in the first place is that someone right clicks on an .exe file accidentally, clicks open with and then chooses photo viewer or some other application. Once they do that all .exe files are then associated with photo viewer or whatever application was chosen.

Go to this site: http://www.dougknox.com/xp/file_assoc.htm and download the LNK(Shortcut) file and save it to your desktop. Extract the file and double click on it and allow it to merge with your registry.


----------



## mathcheck (Mar 28, 2013)

I go to this site and follow all the intructions. I do the special procedures for .exe problems and get a Register editor screen with no instructions. After I get out of that and click *EXE File associations Fix*, I get "Find or run". When I click find, I get a Windows file association page with options to buy things. Do I have to buy stuff to solve this problem? If I click save, then I saved xp_exe_fixit.zip. That is as far as I have able to go with this. I am frustrated to say the least. Am I close or completely out in left field somewhere.


----------



## Mark1956 (May 7, 2011)

Your trying to use the wrong fix. As I said in my last post you need to use the LNK(Shortcut) fix. You do not need to buy anything to make this work. If that does not fix the problem you then need to run the EXE fix.

I've attached the file you need to use for the LNK fix, download it to your desktop, extract the reg file and then double click on it, accept any warning and let it merge with the registry.

I get "Find or run". When I click find--- You need to select *Run.*


----------



## mathcheck (Mar 28, 2013)

I have linkfile fix.zip on my desktop. I click on it and get File Scout. It asks what I want to do. I choose "search the web for software that can open your file." I Get Softango.com - file extention zip, with a bunch of products that say they can open zip. So, not knowing any better I pick ALZip and download. I Get Windows file association page with a bunch of options for .exe cures. I pick Regcure, download,install & run. It then sends me right back to the Windows file association page without giving me the opportunity to start scan and then fix-all. I've tried this thing over and over in different ways, sometimes getting different options with different types of cures, and I always get kicked back to the Windows file association page. I don't know what to do next. It seem as though I'm getting closer_, _I don't know.


----------



## Phantom010 (Mar 9, 2009)

Looks like you're having trouble unzipping. You may also have a malware problem, which I'll leave to my malware removal expert colleague, *Mark1956*.

Try downloading *THIS* instead.

Save the .reg file to your desktop. Double-click it to merge it to the registry.

*Restart the computer*.

If the fix only opens as a text file (in Notepad), right-click the file (before opening it) and select *Open With* > *Choose Program...* Then, select the *Registry Editor*.

If the Registry Editor is not in the list, browse to C:\WINDOWS and select *regedit*.


----------



## Mark1956 (May 7, 2011)

Thank's Phantom.

If you still cannot get that to work there is a tool we can run that will fix all file associations. Please read all of this post before you start.

Download this and save it to the desktop: Windows Repair *DO NOT* use the big green *Download Now* button on the web page, use any of the Download buttons just below *Installer (5.28 MB). *Don't use the Regcure program you downloaded, we will need to remove that once the associations problem is solved, reg cleaners are to be avoided at all cost.

Close your browser and any running programs, double click on the Tweaking icon to run the tool. When the program opens click on the *Step 4* tab. Under System Restore click on *Create* and wait for the confirmation to appear just below the button.

When complete click on the tab *Start Repairs*, click on the *Start* button. Then click on *Unselect All* and tick the boxes next to the following items only.

*Repair File Associations*

When done click on the *Start* button and leave it undisturbed until complete.

*NOTE:* If you cannot get the program to run, click on Start and then Run, copy and paste this command into the box and hit the Enter key:

C:\Program Files\Tweaking.com\Windows Repair (All in One)\Repair_Windows.exe

If anything else goes wrong STOP and report back here. There are other methods we can use to fix the issue.


----------



## mathcheck (Mar 28, 2013)

I clicked on the tweaking.com link you provided and got a bunch of options. I picked "Direct Download" and saved it. I tried to open it and got "The publisher could not be verified," - unknown file type. I clicked run, and got "windows cannot open this file, what do you want to do." I picked "Use web to find program." It sends me to New Tab- Internet Explorer.
I also tried to run C:\Program Files\Tweaking.com\Windows Repair (All in One)\Repair_Windows.exe, but Windows couldn't find it. That's where I'm at with this.??


----------



## Phantom010 (Mar 9, 2009)

Did you try the following from post #6?



> Try downloading *THIS* instead.
> 
> Save the .reg file to your desktop. Double-click it to merge it to the registry.
> 
> ...


----------



## Mark1956 (May 7, 2011)

Please answer the post above from Phantom.

From your last post: I clicked on the tweaking.com link you provided and got a bunch of options.

You should not have been seeing a bunch of options, when you clicked on the link for *Windows Repair* you should have been taken to a web page that looks like the attached screenshot. Please confirm where it took you as it sounds as if your browser may be getting redirected.


----------



## mathcheck (Mar 28, 2013)

Mark1956 - That is exactly the screen I got, and I picked Direct download and saved it. After that, I describe in my last message.

Phantom10 - I clicked on This, saved it, clicked on it and got File Scout - Softango, File extension reg. Not sure what to do next. There are a couple option to choose from.?


----------



## Phantom010 (Mar 9, 2009)

Click Start > Run > type *appwiz.cpl*

Press Enter.

Find *File Scout* or *Softango* in the list and remove it.


----------



## mathcheck (Mar 28, 2013)

I just did that, and takes me to File Scout, I say ok, it gives me Softango cpl.


----------



## Phantom010 (Mar 9, 2009)

mathcheck said:


> Mark1956 - That is exactly the screen I got, and I picked Direct download and saved it. After that, I describe in my last message.
> 
> Phantom10 - I clicked on This, saved it, clicked on it and got File Scout - Softango, File extension reg. Not sure what to do next. There are a couple option to choose from.?


Can you double-click on the .reg file?

The icon should look like:


----------



## mathcheck (Mar 28, 2013)

I don't see anything that looks like that.
** Please bear with me with this, as I am brand new to this site, and don't yet know how get around efficiently.


----------



## Phantom010 (Mar 9, 2009)

After *linkfile_fix.reg* has been saved to your desktop, it should appear with that icon.

Double-click it to merge it to the registry.

You should get a prompt asking if you're sure you want to add the information to the registry. Answer Yes.


----------



## mathcheck (Mar 28, 2013)

From my desktop, click on linkfile fix.reg. I get security warning - unknown file type, unknown publisher. I click run and get file scout. I opt to search web and get IE, Softango Reg with two choices of products that open REG files: Regedit PsExec and RegEditer. That's where I'm at with this. I think I'm starting to lose it.


----------



## Phantom010 (Mar 9, 2009)

Looks like that Softango has taken over everything.

Try right-clicking the fix and selecting *Merge*. Any different?

If still no luck,

Click Start > Run > type *regedit*

Press Enter.

Does the Registry Editor open?

If it does, click File > Import...

Browse to where the registry fix has been saved and import it.


----------



## mathcheck (Mar 28, 2013)

No luck with either. I looked in linkfile fix properties and its size is 4.76 KB. What's up with that?


----------



## Phantom010 (Mar 9, 2009)

Can you open Notepad on your computer?

Copy the following:



> Windows Registry Editor Version 5.00
> 
> [HKEY_CLASSES_ROOT\.lnk]
> @="lnkfile"
> ...


Paste it into the Notepad window.

Save it as linkfix*.reg*

Now, double-click the new file to merge it to the registry.

If no luck, right-click it and select Merge...


----------



## mathcheck (Mar 28, 2013)

I've copied it and saved it as linkfix.reg in notepad. You're going to have to walk the through what to do next. This is all new stuff for me, sorry.


----------



## Phantom010 (Mar 9, 2009)

Once in Notepad, click to close. It will ask you if you want to save it. Answer yes and save it to your desktop again, or anywhere you'll remember where to find it. Call it linkfix*.reg*.

Then, double-click that new linkfix*.reg*. It should merge to the registry. You can also right-click it and select Merge.


----------



## mathcheck (Mar 28, 2013)

It's on my desktop, but doesn't merge or do anything else.


----------



## Phantom010 (Mar 9, 2009)

If you double-click it, do you get a prompt asking you if you agree to the merge?


----------



## mathcheck (Mar 28, 2013)

If I click it once or twice it just opens.


----------



## Mark1956 (May 7, 2011)

I'd like to suggest running this tool below, if you can get it to run it will automatically reset .exe .com & .bat file associations which may help. If you cannot get this to work then you could try System Restore to take the system back to a time before the file associations got messed up.

XP System Restore Guide

Please download RKill 
There are three buttons to choose from with different names on, select the first one and save it to your desktop.


Double-click on the *Rkill* desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and *Run As Administrator*.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
A log pops up at the end of the run. This log file is located at *C:\rkill.log*. Please post this in your next reply.
If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
If the tool does not run from any of the links provided, please let me know.

If the above doesn't work, please click on *Start* and then *Run*, type *cmd* into the Run box and hit the Enter key, tell me if that opens a window with a black background with some white text on it.

If that won't work we may be able to run some commands from the Recovery Environment, please tell me if you have a retail copy of XP, not to be confused with the Recovery disks that may have been supplied with your PC.


----------



## throoper (Jan 20, 2007)

mathcheck said:


> If I click it once or twice it just opens.


I'll bet it saved as a text file instead of a reg file.
Click Start>Settings>Control Panel>Folder Options.
Or alternatively, open ANY folder and click Tools>Folder Options.

In Folder Options, click the View tab.
Scroll down the list and UNCHECK "Hide extensions for known file types" and click OK.

Go to the desktop and locate the reg file (I'm guessing it's name will be linkfix.reg.txt).
Right click it and click Rename.
Remove the .txt from the end of the file name so it's named* linkfix.reg * with no additional .txt extension.
If you get a warning about changing the file type, just OK it.

It should change to a REG file and either merge when double clicked or give you the Merge command when right clicked.


----------



## mathcheck (Mar 28, 2013)

Thanks, I'll try that shortly.


----------



## mathcheck (Mar 28, 2013)

Mark1956 - I downloaded and saved Rkill. When I clicked on it I got "Windows can't open this file." I pressed ok for it to look on the web and got - New tab IE. ? Should I keep going with your instructions?


----------



## mathcheck (Mar 28, 2013)

Throoper - When I try this, I don't find "folder options" after control panel?


----------



## throoper (Jan 20, 2007)

Open the Control Panel folder and Folder options should be one of the icons.
If it's not right there, just open any folder (My Documents, My Music, My Pictures, etc) and click Tools>Folder Options.

That's just another way of getting to the same place.


----------



## Phantom010 (Mar 9, 2009)

If the fix only opens as a text file (in Notepad), right-click the file (before opening it) and select *Open With* > *Choose Program...* Then, select the *Registry Editor*.

If the Registry Editor is not in the list, browse to C:\WINDOWS and select *regedit*.


----------



## mathcheck (Mar 28, 2013)

It doesn't appear as a text file. On the desktop it appears as linkfix.reg, and when I click on it, it opens with program language that I pasted earlier. I can't find anything, anywhere that refers to merge. Also, on this computer there doesn't seem to be any difference between one-click and double-click?


----------



## Phantom010 (Mar 9, 2009)

Right-click the file (don't open it - don't click it) and select *Open With* > *Choose Program...* Then, select the *Registry Editor*.

If the Registry Editor is not in the list, browse to C:\WINDOWS and select *regedit*.


----------



## mathcheck (Mar 28, 2013)

From the desktop, I right-click linkfile.reg. The options are: Open, Cut, Copy, Create shortcut, Rename, Properties.


----------



## throoper (Jan 20, 2007)

mathcheck said:


> From the desktop, I right-click linkfile.reg. The options are: Open, Cut, Copy, Create shortcut, Rename, Properties.


Click on Properties and let us know what it says on the General tab next to "Type of file" and "Opens With".
It should look like the attached screenshot.


----------



## mathcheck (Mar 28, 2013)

When I right click on linkfix.reg:
It does not look like the attachment at all. Next to "type of file" it is blank. Next to "opens with" is says "Notepad."


----------



## Phantom010 (Mar 9, 2009)

Then, click on the "Change" button and select the Registry Editor.


----------



## throoper (Jan 20, 2007)

mathcheck said:


> When I right click on linkfix.reg:
> It does not look like the attachment at all. Next to "type of file" it is blank. Next to "opens with" is says "Notepad."


Looks like one of the "file association" casualties was .reg. (This is assuming you've done the Folder Options>View>uncheck "Hide extensions for known file types">OK.)
Let's see if a manual fix for that will enable you to use reg files to fix the others.

Open Regedit.
Click Start>Run>type regedit>OK.

In the left pane of Registry Editor, click the plus sign next to HKEY_CLASSES_ROOT to expand the key.
Scroll down to the key .reg and click on it to display it's values in the right pane.
In the right pane you should see 
ab(Default) Reg_SZ regfile
If that's what you have, close Registry Editor and let me know.

If the Data column has anything except regfile, right click on ab(Default) and click Modify.
Type regfile and click OK.
Close Registry Editor and reboot your computer.
See if the Reg file on your desktop will now run and merge.


----------



## mathcheck (Mar 28, 2013)

Phantom010 said:


> Then, click on the "Change" button and select the Registry Editor.


Clicked change and got "choose the program you want to use to open this file" - No registry editor.


----------



## mathcheck (Mar 28, 2013)

Throoper - After start,run, and regedit,ok, I get "windows cannot open this file. I chose to "use" web and got New Tab IE


----------



## throoper (Jan 20, 2007)

See if you can open Registry Editor directly.
On your keyboard press the Windows key (it's between Ctrl and Alt) + E (both keys at the same time) to open Windows Explorer.
In the left pane navigate to C:\Windows. and click on Windows. 
In the right pane, find and double click regedit.exe.


----------



## throoper (Jan 20, 2007)

mathcheck said:


> I get "windows cannot open this file. I chose to "use" web and got New Tab IE


FYI: Don't bother using the "web" service when you get that message. It won't help.
It's pretty obvious that you've lost your file associations for exe and reg files.
We need to get into regedit to get things working again. There are a few tricks to doing that with messed up associations and hopefully one of them will work.


----------



## Mark1956 (May 7, 2011)

I lost my internet connection for a couple of days and only just got back here. I made some alternative suggestions to solve this back in post 26. If you have a few Restore Points saved that go back before the problem started that would be the quickest way to fix this.

I also asked if you could open the Command Prompt, if you can there are some short and easy scripts that can be used to revert file associations back to normal. If the Command Prompt won't open you could use an XP install disc or make a Recovery Console boot disc from Artellos.com. to get to the Command Prompt and then run the scripts.


----------



## mathcheck (Mar 28, 2013)

I did all that and got "Windows cannot open this file


----------



## throoper (Jan 20, 2007)

mathcheck said:


> I did all that and got "Windows cannot open this file


Did all what? My last post or Mark's post #26?


----------



## mathcheck (Mar 28, 2013)

Your Post #42


----------



## throoper (Jan 20, 2007)

mathcheck said:


> Your Post #42


OK.
Let's see if we can force a Command window (I'm assuming you tried Start>Run>type cmd>OK from Mark's post 26 and got the same result).

On your keyboard, press Ctrl+Alt+Delete (all 3 at the same time) to open Task Manager.
If it opens, click File and while holding down the Ctrl key, click New Task (Run).
If the command window opens (black window with white text), type REGEDIT.EXE and press Enter on the keyboard.
If Registry Editor opens, follow the instructions I posted in post #39 for .reg.
Also while in Registry Editor, in the left pane click .exe and Modify the Data in the right pane to exefile.


----------



## mathcheck (Mar 28, 2013)

Mark1956 - I am sorry for not responding before, I didn't see your post #26 until just now. I tried what you suggested, but it wasn't able to open anything. I have also tried the restore process to no avail. I don't have a windows xp disk; I don't recall getting one when I bought the computer.


----------



## Phantom010 (Mar 9, 2009)

mathcheck said:


> Clicked change and got "choose the program you want to use to open this file" - No registry editor.



When getting "Choose the program you want to use to open this file", if the Registry Editor is not in the list, use the *Browse* button to go to *C:\WINDOWS* and select *regedit*. This was all explained in my first post (#6).
 
Then, your file is going to become a real .reg file to be merged to the registry.


----------



## mathcheck (Mar 28, 2013)

Ok, I have the Registry editer open and the "hide extensions for known file type." has been unchecked. Can we proceed from there? I must go away for about an hour. Also, thanks for helping me with this.


----------



## throoper (Jan 20, 2007)

Yeah!!! Registry Editor opened. :up:
Go back to post #39 and follow the instructions for checking and Modifying the ,reg key.
While you have Reg Editor open, scroll up to the .exe key in the left pane and click on it.
In the right pane, the first line should read 
ab(Default) Reg_SZ exefile

If it doesn't, right click the ab(Default) and click Modify.
IMPORTANT: Make a note of what the current value is before you change it.
Change the value to exefile, click OK and then close Registry Editor and reboot.

After Windows starts up, try the Start>Run>type regedit>OK and see if Registry Editor will start up.
If it does, you should be able to run reg files now and merge the reg file on your desktop to fix the link file association.
There will likely be a couple reg fixes to run, but let's see how this goes first.


----------



## mathcheck (Mar 28, 2013)

in #39 I expanded Hkey.classes Root, but I can't find .reg(there are a ton of keys to choose from), but I do see regedit and regfile? Also, I can't find .exe in regestry Editor, but there is a exefile.


----------



## mathcheck (Mar 28, 2013)

More information that I think you should know. In the Registry editor, again, no .reg or .exe, but in the right pane it reads ab(default) under name, REG_SZ under Type, and (value not set) under Data. I'll wait until I hear from you before I do anything else.


----------



## Mark1956 (May 7, 2011)

Mathcheck, I shall leave you in the capable hands of Throoper and Phantom, I am sure they will get you there. If not I have an alternative method, I shall monitor progress and jump back in if things don't come good.


----------



## throoper (Jan 20, 2007)

mathcheck said:


> in #39 I expanded Hkey.classes Root, but I can't find .reg(there are a ton of keys to choose from), but I do see regedit and regfile? Also, I can't find .exe in regestry Editor, but there is a exefile.


Now THAT I wasn't expecting. Directly under the main HKCR key, there should be a long line of extension keys that start with the . followed by the extension (see attached).
Are you sure the .exe and .reg are not in that list? If you get to the .txt and haven't found them (is .txt there?), then they aren't there and we'll have to go at this a little differently.
Note: Don't mess with any of the other reg keys (regedit, regfile, exefile, etc.).


----------



## throoper (Jan 20, 2007)

mathcheck: Let's see if this will get things working for you.

Download this reg file to your desktop. http://www.kellys-korner-xp.com/regs_edits/exefix.reg

Open the Registry Editor.
Click File>Import.
Browse to and select the exefix.reg you just saved on your desktop.
If it doesn't show in the "browse" window, click the arrow at the end of the "Files of type" (where it says "Registration Files (*.reg)" and click "All Files".
Once you've selected the exefix.reg, click Open and it should Import the data to your registry.
Reboot and see if things are working now.


----------



## mathcheck (Mar 28, 2013)

HURRAY!!! It worked. You did it! What a huge relief. 

I have explored around a bit, and regular internet access and Office are working. That is extremely important to me. What should I do about all the stuff that I saved on my desktop?

When I start up the computer I get an ugly noise and this: ApAgent.exe - Unable to locate component. "This app has failed to start because dnssd.dll was not found. Reinstall the app to fix this question, ok? I have no idea what this is. I don't know what ApAgent is.

I attemted to do a defrag and got this: "This file does not have a program associated with it to perform this action. Create an association in the folder options Control Panel." I've never seen this before?

While I'm at it, last week I was downloading Yahoo! Messenger when all this hassle started. At the same time the .exe/.lnk problem started, my computer slowed to a crawl(which it still is, and part of the reason why it took me so long to respond sometimes) and was bombarded with adds, to the point where I could not see what I was doing. It is still that way. Especially bothersome is the constant in my face messages from Flashplayer to update. I don't know what flashplayer is. Everything is so...slow.

I don't know what to do about these other problems, but I am extremely happy for what you have done. Much gratitude here. From the start, when I stumbled blind on this website, I had no idea a place such as this even existed.


----------



## Mark1956 (May 7, 2011)

Time for me to jump in as the symptoms you describe give a clear indication your system is infected with Adware.

ApAgent.exe is related to software from Apple and the dnssd.dll is related to Bonjour which is also related to Apple software, probably iTunes. This can probably be solved by re-installing iTunes, but please wait until I give instructions to make any changes.

Do not run any scans unless I ask you to as this can give very confusing results in the logs I am going to ask for. If you get stuck anywhere while following instructions please STOP and post back here before taking any further action.

I'd like you to run these following items of software so we can see what is on your system and to delete any Adware which will be causing all the adds to appear.

Please go Here and follow the instructions to run DDS, then *Copy and Paste* *both* the logs into your next reply. You need not run HJT or GMER.

Please run these two scans and post the logs:

*SCAN 1*
Click on this link to download : ADWCleaner and save it to your desktop.

*NOTE:* If using Internet Explorer and you get an alert that stops the program downloading click on *Tools > Smartscreen Filter > Turn off Smartscreen Filter* then click on *OK* in the box that opens. Then click on the link again.

Close your browser and click on this icon on your desktop:









You will then see the screen below, click on the *Delete* button (as indicated), accept any prompts that appear and allow it to reboot the PC. When the PC has rebooted you will be presented with the report, copy & paste it into your next post. If the log does not appear you should find it on your C: drive using Windows Explorer as ADWCleaner[S1].










*SCAN 2*
Download RogueKiller (by tigzy) and save direct to your Desktop.
On the web page select the 32bit or 64bit button to match the bit rate of your version of Windows.


Quit all running programs. 
Start RogueKiller.exe by double clicking on the icon. 
Wait until Prescan has finished. 
Ensure all boxes are ticked under "Report" tab. 
Click on Scan. 
Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
NOTE: *DO NOT attempt to remove anything that the scan detects.*


----------



## mathcheck (Mar 28, 2013)

It looks like I celebrated too early. I went to _here,_ saved all my important stuff, then downloaded and saved DDS to my desktop. When I tried to run it I got "security warning" then softango - file extension SCR. Also, you mentioned itunes, I have never used itunes? This is as far as I have been able to go, per your instructions. ?
Also, since my last post I came across something that appears to be another problem: When I go to task manager and then try to get out of it by clicking on "end task" everything on the task manager pane goes blank except "New task." When I click on that, I get "create new task" with Regedit in the box, highlighted in blue. I press ok and it opens Registry Editor. I can't get out except by re-booting.


----------



## Mark1956 (May 7, 2011)

We can deal with other issues once you have run all the scans I requested. We need to concentrate solely on running the scans I requested so we can clean up the Adware and rectify any problems found.

Please try to run DDS again and if a security warning pops up accept it so the tool will run.

I'm not clear as to why you opened Task Manager as it is not mentioned in any of my instructions, to close Task Manager you do not use the End Task button (which I think you will find is End Process) you simply click on the cross in the top right hand corner.

What Anti Virus program/s are you using?


----------



## mathcheck (Mar 28, 2013)

Note: I tried to use Task Manager before your previous post, but I failed to mention it. Everything went blank, nothing to click, I have to re-boot to get out.

I went through the procedure to run DDS again: downloaded it and saved it to my deskktop, run, security warning, file scout, ok, Softango - file extension SCR. ?

I had AVG, but it expired months ago. I am not able at this time to purchase anything else.


----------



## throoper (Jan 20, 2007)

mathcheck said:


> I had AVG, but it expired months ago. I am not able at this time to purchase anything else.


While you're waiting for Mark to reply, you really need to get some security running on that computer.
First step is to download and run the TSG system information utility from HERE and post the resulting information to give us an idea of what you have.

There's no need to purchase an AV program. There are many good free ones available such as MSE which can be downloaded HERE. 
You will need to uninstall AVG from Add/Remove Programs in the Control Panel before installing it.


----------



## mathcheck (Mar 28, 2013)

I went to Add or Remove Programs and found AVG 2113, AVG Tune-up, and AVG toolbar, The first two are gone now, but AVG Toolbar won't go away. I won't do anything else until I hear back from you.


----------



## throoper (Jan 20, 2007)

Leave the toolbar for now and download and install MSE from the link I posted.
If you get any warnings about AVG remnants during the MSE install, download and run the AVG remover from HERE. The top one in the list is the newest version.
The main concern is to get an AV up and running on that computer.


----------



## mathcheck (Mar 28, 2013)

ITech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) M processor 1.60GHz, x86 Family 6 Model 13 Stepping 8
Processor Count: 1
RAM: 502 Mb
Graphics Card: Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family, 128 Mb
Hard Drives: C: Total - 71186 MB, Free - 52431 MB;
Motherboard: 
Antivirus: AVG Anti-Virus Free Edition 2013, Updated: Yes, On-Demand Scanner: Enabled


----------



## Mark1956 (May 7, 2011)

Please boot the system into Safe Mode. Start tapping the F8 key as soon as you have hit the power button. A menu should appear, use the arrow keys on your keyboard to highlight Safe Mode and hit the Enter key. 

Wait for the desktop to appear and then double click on the DDS icon, if it now runs it will save a log on your desktop. 

Reboot the PC in the normal way and then come here and copy the log into your next reply.


----------



## mathcheck (Mar 28, 2013)

I went through all the Safe mode stuff and got to the desktop(with the small characters and black background) and clicked on the dds icon and got: warning signal, File Scout, clicked ok, then got "Internet Explorer cannot display the Webpage." I tried it several more times and got the same thing.


----------



## throoper (Jan 20, 2007)

While waiting for Mark, have you downloaded, installed, updated and run MSE yet? 
BTW, I forgot to mention you want the second download link ( the (x86)) for xp, not the amd64.


----------



## Mark1956 (May 7, 2011)

I'm not too sure what File Scout is, but on Google it tells me it is a file manager for Blackberry devices, so maybe there is still some file associations to repair.

Boot back into Normal Mode and go to Add/Remove Programs from the Control Panel and uninstall File Scout so it won't interfere again. When done try to run DDS again in Normal Mode and let me know what happens. If it works, post the log.


----------



## Mark1956 (May 7, 2011)

Following on from the above post. If DDS still won't run in Safe or Normal Mode, please go back to post 26 and try to run RKill again and let me know what happens.


----------



## mathcheck (Mar 28, 2013)

Mark1956 -

I really hope this is what You were hoping for.

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 04/03/2013 05:07:50 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\Documents and Settings\Andrew\Application Data\DefaultTab\DefaultTab\DTUpdate.exe (PID: 1824) [UP-HEUR]
1 proccess terminated!
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.bat did not exist and was recreated!
* HKLM\Software\Classes\.com did not exist and was recreated!

Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity: 
* Alerter [Missing Service]
* Browser [Missing Service]
* lanmanworkstation [Missing Service]
* Messenger [Missing Service]
* Netlogon [Missing Service]
* NtLmSsp [Missing Service]
* RpcLocator [Missing Service]
* NetBIOS [Missing Service]
Searching for Missing Digital Signatures: 
* No issues found.
Checking HOSTS File: 
* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.
* HOSTS file entries found: 
127.0.0.1 localhost
::1 localhost
Program finished at: 04/03/2013 05:09:35 PM
Execution time: 0 hours(s), 1 minute(s), and 44 seconds(s)

Is this what you needed?

Throoper -

I downloaded MSE(x86). Didn't see anything about BTW? I saved and ran MSE. It took a long time. 
"MSE scan completed on 45306 items. No threats detected on your pc during this scan." real-time protection-on; Virus and spyware is up to date. It asked me if I wanted to scan again, so I said yes(full.) It is doing that now. Is that necessary? Any way, is this good?


----------



## mathcheck (Mar 28, 2013)

Throoper - Now I get it, BTW = by the way. dah.


----------



## throoper (Jan 20, 2007)

mathcheck said:


> Throoper - Now I get it, BTW = by the way. dah.


 :up:


----------



## throoper (Jan 20, 2007)

mathcheck said:


> "MSE scan completed on 45306 items. No threats detected on your pc during this scan." real-time protection-on; Virus and spyware is up to date. It asked me if I wanted to scan again, so I said yes(full.) It is doing that now. Is that necessary? Any way, is this good?


Another scan probably wasn't needed, but it won't hurt. And yes, it's good that it turned up clean (nothing detected).


----------



## mathcheck (Mar 28, 2013)

Mark1956 - From before, I looked in Control Panel>Add or remove Programs and did not see file Scout.


----------



## Phantom010 (Mar 9, 2009)

There has to be *Softango* somewhere.


----------



## Mark1956 (May 7, 2011)

RKill has made some changes which may help to get some things running better, but it found several missing services that need to be repaired. Did you try to run DDS again as asked?

See if you can get this tool below to run and then try DDS again. If that works then please also go back and follow the instructions to run ADWCleaner and RogueKiller that I posted earlier, post 59.

You have already tried this tool so please delete the Teaking icon on your desktop and start with a fresh download.

Download this and save it to the desktop: Windows Repair

Close your browser and any running programs, double click on the Tweaking icon to run the tool. When the program opens click on the *Step 4* tab. Under System Restore click on *Create* and wait for the confirmation to appear just below the button.

When complete click on the tab *Start Repairs*, click on the *Start* button. Then click on *Unselect All* and tick the boxes next to the following items only.

When done click on the *Start* button and leave it undisturbed until complete.


Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair MDAC/MS Jet
Remove Policies Set By Infections
Remove Temp Files
Unhide Non System Files
Set Windows Services To Default Startup
Repair MSI (Windows Installer)
Repair File Associations
Restore Important Windows Services


----------



## Phantom010 (Mar 9, 2009)

mathcheck said:


> Mark1956 - From before, I looked in Control Panel>Add or remove Programs and did not see file Scout.


What if you go to C:\Program Files?

Can you find *File Scout* or *Softango*? If you can, open the folder and look for an *uninstaller* to run.

And please follow *Mark1956*'s instructions. *AdwCleaner* might get rid of *File Scout*, among many other annoyances, if you can't find anything to uninstall it.


----------



## throoper (Jan 20, 2007)

mathcheck: If, after following Mark's and Phantom's instructions, you still can't run DDS, try resetting all associations to the Windows default by running this BAT file. 
http://www.dougknox.com/xp/fileassoc/xp_fileassoc.zip
Save it to your desktop and unzip it. Double click the BAT file to run it.


----------



## mathcheck (Mar 28, 2013)

Mark1956 - I hope this works. It would not let me paste each log file icon so I did it this way...If this isn't right or you need it seperatly show me how to do it. I could copy but not paste? I am anxious to find out if this is what you needed.

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702
Run by Andrew at 13:45:24 on 2013-04-04
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.180 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fast Free Converter\FastFreeConverterUpdt.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=79
uURLSearchHooks: <No Name>: {8ba2cfef-a1bc-4964-aadc-33be1ae5a33c} - 
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 
BHO: SearchDonkey: {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - c:\program files\searchdonkey\ie\common.dll
BHO: {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Assistant BHO: {9b9dcae3-be34-424c-8d73-75e305a9e091} - 
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
BHO: Toolbar BHO: {dc9051c2-8f55-479a-97a4-747980d9047f} - 
BHO: Fast Free Converter 3.0: {DDA5D4B3-468F-4D62-9092-75142C6169B1} - c:\program files\fast free converter\fastfreeconverter\FastFreeConverter.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: WeatherBlink: {F20DE5E0-2A6E-4C54-985F-1CF59551CE39} - 
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: WeatherBlink: {f20de5e0-2a6e-4c54-985f-1cf59551ce39} - 
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Updater19962.exe] c:\documents and settings\andrew\local settings\application data\updater19962\Updater19962.exe /extensionid=19962 /extensionname='Supreme Savings' /chromeid=ihkeoookbpemkdccdccdmacnidhooohk /stayidle /delay=300
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [VMConsole.exe] c:\program files\sony\vaio media integrated server\platform\VMConsole.exe /windowmin
mRun: [AirPort Base Station Agent] "c:\program files\airport\APAgent.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [WeatherBlink Search Scope Monitor] "c:\progra~1\weathe~2\bar\1.bin\gcsrchmn.exe" /m=2 /w /h
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\docume~1\andrew\startm~1\programs\startup\fedexd~1.lnk - c:\program files\fedex\fedex desktop\FedEx Desktop.exe
StartupFolder: c:\docume~1\andrew\startm~1\programs\startup\monito~1.lnk - c:\windows\system32\RunDll32.exe
StartupFolder: c:\docume~1\andrew\startm~1\programs\startup\monito~2.lnk - c:\windows\system32\RunDll32.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:8
mPolicies-Explorer: NoDriveTypeAutoRun = dword:8
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\NPJPI150.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1355269036203
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 10.0.1.1
TCP: Interfaces\{22E42D94-0A99-44C2-8F52-9DD9943D560E} : DHCPNameServer = 10.0.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
Notify: igfxcui - igfxsrvc.dll
Notify: VESWinlogon - VESWinlogon.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.97\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-10-5 33112]
R1 MpKsl59312184;MpKsl59312184;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d58f032d-e6eb-447a-9a24-0eec2b0871fa}\MpKsl59312184.sys [2013-4-4 29904]
R2 FastFreeConverterUpdt;FastFreeConverterUpdt;c:\program files\fast free converter\FastFreeConverterUpdt.exe [2012-11-26 687104]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\common files\avg secure search\vtoolbarupdater\12.2.6\ToolbarUpdater.exe [2012-10-5 722528]
R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\14.2.0\ToolbarUpdater.exe [2013-2-21 968880]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys --> c:\windows\system32\drivers\avgidshx.sys [?]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys --> c:\windows\system32\drivers\avglogx.sys [?]
S0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys --> c:\windows\system32\drivers\avgmfx86.sys [?]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys --> c:\windows\system32\drivers\avgrkx86.sys [?]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys --> c:\windows\system32\drivers\avgidsdriverx.sys [?]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys --> c:\windows\system32\drivers\avgidsshimx.sys [?]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys --> c:\windows\system32\drivers\avgldx86.sys [?]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]
S2 5613;5613;\??\c:\docume~1\andrew\locals~1\temp\5613.sys --> c:\docume~1\andrew\locals~1\temp\5613.sys [?]
S2 AlotService;ALOT Update Service;c:\documents and settings\andrew\application data\alotservice\alotservice.exe --> c:\documents and settings\andrew\application data\alotservice\alotservice.exe [?]
S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\avg\avg2013\avgidsagent.exe" --> c:\program files\avg\avg2013\avgidsagent.exe [?]
S2 avgwd;AVG WatchDog;"c:\program files\avg\avg2013\avgwdsvc.exe" --> c:\program files\avg\avg2013\avgwdsvc.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup 3.0\symcpcculaunchsvc.exe /s --> c:\program files\norton pc checkup 3.0\SymcPCCULaunchSvc.exe [?]
S2 PCCUJobMgr;Common Client Job Manager Service;"c:\program files\norton pc checkup\engine\2.0.15.91\ccsvchst.exe" /s "pccujobmgr" /m "c:\program files\norton pc checkup\engine\2.0.15.91\dimaster.dll" /prefetch:1 --> c:\program files\norton pc checkup\engine\2.0.15.91\ccSvcHst.exe [?]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;"c:\program files\avg\avg pc tuneup\tuneuputilitiesservice32.exe" --> c:\program files\avg\avg pc tuneup\TuneUpUtilitiesService32.exe [?]
S2 WeatherBlinkService;WeatherBlinkService;c:\progra~1\weathe~2\bar\1.bin\gcbarsvc.exe --> c:\progra~1\weathe~2\bar\1.bin\gcbarsvc.exe [?]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;\??\c:\program files\avg\avg pc tuneup\tuneuputilitiesdriver32.sys --> c:\program files\avg\avg pc tuneup\TuneUpUtilitiesDriver32.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
.pif: <filetype is not registered>
.txt: <filetype is not registered>
.ini: <filetype is not registered>
.vbe: <filetype is not registered>
.jse: <filetype is not registered>
.wsf: <filetype is not registered>
.
=============== Created Last 30 ================
.
2013-04-04 20:18:53 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d58f032d-e6eb-447a-9a24-0eec2b0871fa}\MpKsl59312184.sys
2013-04-04 17:22:28 -------- d-----w- c:\program files\Tweaking.com
2013-04-03 23:49:37 60872 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d58f032d-e6eb-447a-9a24-0eec2b0871fa}\offreg.dll
2013-04-03 23:18:00 7108640 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d58f032d-e6eb-447a-9a24-0eec2b0871fa}\mpengine.dll
2013-04-03 23:16:57 237088 ----a-w- c:\windows\system32\MpSigStub.exe
2013-04-03 23:06:38 -------- d-----w- c:\program files\Microsoft Security Client
2013-03-26 04:23:58 -------- d-----w- C:\d608f2bb5b323a930a256af12f5c77
2013-03-26 03:53:55 18096 ----a-w- c:\windows\system32\roboot.exe
2013-03-25 20:05:39 -------- d-----w- c:\program files\Tuguu SL
2013-03-25 17:18:01 -------- d-----w- c:\program files\SearchDonkey
2013-03-25 17:17:53 -------- d-----w- c:\documents and settings\andrew\AppData
2013-03-25 17:15:38 -------- d-----w- c:\documents and settings\all users\application data\W3i
2013-03-25 17:10:37 -------- d-----w- c:\program files\Fast Free Converter
2013-03-25 17:09:54 -------- d-----w- c:\program files\W3i
2013-03-17 14:50:48 12928 -c--a-w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-17 14:50:48 12928 -c--a-w- c:\windows\system32\dllcache\usb8023.sys
2013-03-16 14:59:23 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-03-16 14:59:23 -------- d-----w- c:\windows\system32\wbem\Repository
2013-03-16 14:55:09 -------- d-----w- c:\windows\pss
2013-03-13 15:22:34 -------- dc----w- c:\windows\ie8
2013-03-13 01:56:05 -------- d-----w- c:\documents and settings\andrew\application data\FedEx
2013-03-13 01:56:01 -------- d-----w- c:\documents and settings\andrew\application data\FedExDesktop.026F9BDCA0F141E500950436A5D33181EE6B8EF5.1
2013-03-13 01:53:31 -------- d-----w- c:\program files\FedEx
2013-03-12 17:58:39 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2013-03-12 17:57:49 -------- d-sh--w- C:\AI_RecycleBin
2013-03-12 17:56:37 -------- d-----w- c:\program files\Free Download Manager
2013-03-10 00:38:21 -------- d-----w- C:\Data
2013-03-09 23:29:46 -------- d-----w- c:\documents and settings\andrew\local settings\application data\Yahoo
2013-03-09 23:12:29 -------- d-----w- c:\windows\msdownld.tmp
2013-03-07 16:19:24 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2013-03-07 16:19:24 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2013-03-07 16:09:32 544616 ----a-w- c:\windows\system32\HPDiscoPMa011.dll
2013-03-07 16:09:24 488296 ----a-w- c:\windows\system32\HPWia1_DJ3050A_J611.dll
2013-03-07 16:09:24 1929576 ----a-w- c:\windows\system32\HPScanTRDrv_DJ3050A_J611.dll
2013-03-07 16:09:16 429928 ----a-w- c:\windows\system32\hpinkstsa011.dll
2013-03-07 16:09:16 270696 ----a-w- c:\windows\system32\hpinkstsa011LM.dll
2013-03-07 16:09:15 216424 ----a-w- c:\windows\system32\hpinkcoia011.dll
.
==================== Find3M ====================
.
2013-03-17 16:51:01 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-17 16:51:00 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-21 19:32:51 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-08 18:21:54 5259504 ----a-w- c:\windows\uninst.exe
2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05:46 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53:57 385024 ----a-w- c:\windows\system32\html.iec
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-20 22:59:04 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-07 01:16:02 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36:58 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 13:46:56.18 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/17/2008 11:36:42 AM
System Uptime: 4/4/2013 12:57:48 PM (1 hours ago)
Processor: Intel(R) Pentium(R) M processor 1.60GHz | N/A | 798/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 52.176 GiB free.
D: is Removable
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP153: 1/4/2013 1:45:15 PM - System Checkpoint
RP154: 1/5/2013 5:06:32 PM - System Checkpoint
RP155: 1/6/2013 7:23:33 PM - System Checkpoint
RP156: 1/8/2013 1:30:40 PM - System Checkpoint
RP157: 1/9/2013 5:00:09 PM - System Checkpoint
RP158: 1/15/2013 3:35:31 PM - System Checkpoint
RP159: 1/18/2013 2:14:44 PM - System Checkpoint
RP160: 1/18/2013 8:57:01 PM - Software Distribution Service 3.0
RP161: 1/21/2013 1:20:46 PM - System Checkpoint
RP162: 1/22/2013 3:31:32 PM - System Checkpoint
RP163: 1/23/2013 5:08:54 PM - System Checkpoint
RP164: 1/24/2013 5:13:16 PM - System Checkpoint
RP165: 1/24/2013 5:29:00 PM - Installed Smead Viewables
RP166: 1/31/2013 4:59:05 PM - System Checkpoint
RP167: 2/1/2013 5:07:19 PM - System Checkpoint
RP168: 2/2/2013 5:34:58 PM - System Checkpoint
RP169: 2/4/2013 1:46:13 PM - System Checkpoint
RP170: 2/5/2013 2:25:19 PM - System Checkpoint
RP171: 2/6/2013 5:14:47 PM - System Checkpoint
RP172: 2/7/2013 7:00:16 PM - System Checkpoint
RP173: 2/7/2013 11:33:51 PM - Removed Bonjour
RP174: 2/7/2013 11:38:00 PM - Removed Apple Software Update
RP175: 2/8/2013 12:25:18 AM - Removed AVG 2013
RP176: 2/8/2013 12:28:45 AM - Removed AVG 2013
RP177: 2/8/2013 12:31:11 AM - Removed AVG PC TuneUp
RP178: 2/8/2013 12:31:59 AM - Removed AVG PC TuneUp Language Pack (en-US)
RP179: 2/8/2013 1:49:27 AM - ARO 2012 - Before Installation
RP180: 2/8/2013 1:50:59 AM - ARO 2012 - Before Installation
RP181: 2/8/2013 1:51:26 AM - ARO 2012 - FIRST RUN
RP182: 2/8/2013 2:00:01 AM - ARO 2012 Fri, Feb 08, 13 01:59
RP183: 2/8/2013 2:10:51 AM - ARO 2012 - Before Installation
RP184: 2/8/2013 2:11:23 AM - ARO 2012- Before One Click
RP185: 2/8/2013 2:44:16 AM - Software Distribution Service 3.0
RP186: 2/8/2013 11:54:27 AM - Software Distribution Service 3.0
RP187: 2/8/2013 12:38:02 PM - Restore Operation
RP188: 2/9/2013 2:26:36 PM - System Checkpoint
RP189: 2/10/2013 5:38:13 PM - System Checkpoint
RP190: 2/12/2013 1:48:12 PM - System Checkpoint
RP191: 2/13/2013 5:05:38 PM - System Checkpoint
RP192: 2/15/2013 9:31:44 AM - System Checkpoint
RP193: 2/16/2013 3:47:40 PM - System Checkpoint
RP194: 2/17/2013 9:12:59 AM - Printer Driver Microsoft Office Document Image Writer Installed
RP195: 2/17/2013 11:03:25 PM - Software Distribution Service 3.0
RP196: 2/19/2013 2:16:38 PM - System Checkpoint
RP197: 2/20/2013 4:01:14 PM - System Checkpoint
RP198: 2/21/2013 4:35:24 PM - System Checkpoint
RP199: 2/23/2013 5:17:23 PM - System Checkpoint
RP200: 2/24/2013 5:24:48 PM - System Checkpoint
RP201: 2/27/2013 2:31:22 PM - System Checkpoint
RP202: 2/28/2013 5:57:31 PM - System Checkpoint
RP203: 3/1/2013 10:12:31 PM - System Checkpoint
RP204: 3/3/2013 7:30:13 PM - System Checkpoint
RP205: 3/5/2013 5:02:25 PM - System Checkpoint
RP206: 3/6/2013 6:54:47 PM - System Checkpoint
RP207: 3/8/2013 12:52:09 PM - System Checkpoint
RP208: 3/9/2013 3:14:48 PM - Installed Windows Internet Explorer 8.
RP209: 3/9/2013 3:16:49 PM - Software Distribution Service 3.0
RP210: 3/9/2013 3:43:12 PM - Software Distribution Service 3.0
RP211: 3/9/2013 10:00:26 PM - Removed Google Chrome
RP212: 3/9/2013 10:05:04 PM - Removed MSXML 4.0 SP2 (KB973688)
RP213: 3/10/2013 12:08:12 AM - Uniblue SpeedUpMyPC installation
RP214: 3/11/2013 11:36:05 AM - System Checkpoint
RP215: 3/12/2013 11:29:34 AM - Removed Strongvault Online Backup
RP216: 3/13/2013 8:15:52 AM - Software Distribution Service 3.0
RP217: 3/13/2013 8:24:28 AM - Installed Windows Internet Explorer 8.
RP218: 3/13/2013 8:25:52 AM - Software Distribution Service 3.0
RP219: 3/13/2013 11:04:08 AM - Software Distribution Service 3.0
RP220: 3/14/2013 8:48:35 AM - Software Distribution Service 3.0
RP221: 3/15/2013 9:38:59 AM - System Checkpoint
RP222: 3/16/2013 7:57:38 AM - Restore Operation
RP223: 3/16/2013 8:11:23 AM - Software Distribution Service 3.0
RP224: 3/17/2013 9:12:40 AM - Software Distribution Service 3.0
RP225: 3/18/2013 5:35:02 PM - System Checkpoint
RP226: 3/20/2013 3:37:09 PM - System Checkpoint
RP227: 3/21/2013 4:47:30 PM - System Checkpoint
RP228: 3/22/2013 5:06:11 PM - System Checkpoint
RP229: 3/23/2013 7:30:54 PM - System Checkpoint
RP230: 3/25/2013 12:11:10 PM - System Checkpoint
RP231: 3/25/2013 8:57:27 PM - PC Performer Mon, Mar 25, 13 20:56
RP232: 3/25/2013 9:13:25 PM - Software Distribution Service 3.0
RP233: 3/26/2013 9:00:24 AM - Software Distribution Service 3.0
RP234: 3/28/2013 7:32:33 AM - System Checkpoint
RP235: 3/29/2013 12:07:06 PM - System Checkpoint
RP236: 3/30/2013 3:14:01 PM - System Checkpoint
RP237: 4/1/2013 3:24:27 PM - System Checkpoint
RP238: 4/2/2013 3:47:20 PM - System Checkpoint
RP239: 4/3/2013 9:40:58 AM - Quitado FlashPlayer
RP240: 4/3/2013 4:16:54 PM - Software Distribution Service 3.0
RP241: 4/4/2013 10:39:09 AM - Tweaking.com - Windows Repair
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.02)
AirPort
ALOT Appbar
Apple Software Update
AVG 2013
AVG PC TuneUp
AVG PC TuneUp Language Pack (en-US)
Bonjour
Click to DVD 2.0.02 Menu Data
Click to DVD 2.2.10
CONNECT
Coupon Printer for Windows
DVgate Plus
Fast Free Converter
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HDAUDIO SoftV92 Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB835221
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
HP Deskjet 3050 J610 series Basic Device Software
HP Deskjet 3050 J610 series Help
HP Deskjet 3050 J610 series Product Improvement Study
HP Photo Creations
HP Update
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterVideo WinDVD 5 for VAIO
InterVideo WinDVDX
J2SE Runtime Environment 5.0
mCore
mDriver
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Data Access Components KB870669
Microsoft Office File Validation Add-In
Microsoft Office Standard Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
mMHouse
MoodLogic
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB973688)
mWlsSafe
mXML
NetAssistant
Norton PC Checkup
NVIDIA Drivers
OpenMG Limited Patch 4.0-04-08-02-01
OpenMG Secure Module 4.0.00
ParetoLogic PC Health Advisor
PC TuneUp Maestro
PictureGear Studio 2.0
Quicken 2005
Realtek High Definition Audio Driver
SearchDonkey
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2675157)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Setting Utility Series
Smead Viewables
Sonic RecordNow!
SonicStage 2.1.02
SonicStage Mastering Studio Audio Filter Custom Preset
Sony Certificate PCH
Sony USB Mouse
Sony Utilities DLL
Sony Video Shared Library
SpeedMaxPc
SpeedyPC Pro
Supreme Savings
Tweaking.com - Windows Repair (All in One)
Uninstall Helper
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VAIO Control Center
VAIO Entertainment Platform
VAIO Event Service
VAIO Help and Support
VAIO Launcher
VAIO Light Flo Wallpaper
VAIO Media 3.1
VAIO Media Integrated Server 3.1
VAIO Media Redistribution 3.1
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Scene SD Wide Contents
VAIO Power Management
VAIO Registration
VAIO Survey Standalone
VAIO Update 2
VAIO Wireless Utility
VAIO Zone
W3i NetAssistant
WeatherBlink Toolbar
WebFldrs XP
Welcome to VAIO life
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
Wireless Switch Setting Utility
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
4/3/2013 8:18:03 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSDriver AVGIDSHX AVGIDSShim Avgldx86 Avglogx Avgmfx86 Avgrkx86 Avgtdix
4/3/2013 8:17:59 AM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The authentication service is unknown.
4/3/2013 8:17:59 AM, error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
4/3/2013 8:17:59 AM, error: Service Control Manager [7000] - The WeatherBlinkService service failed to start due to the following error: The system cannot find the path specified.
4/3/2013 8:17:59 AM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the path specified.
4/3/2013 8:17:59 AM, error: Service Control Manager [7000] - The Common Client Job Manager Service service failed to start due to the following error: The system cannot find the path specified.
4/3/2013 8:17:59 AM, error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The system cannot find the path specified.
4/3/2013 8:17:59 AM, error: Service Control Manager [7000] - The AVG WatchDog service failed to start due to the following error: The system cannot find the file specified.
4/3/2013 8:17:59 AM, error: Service Control Manager [7000] - The AVG PC TuneUp Service service failed to start due to the following error: The system cannot find the path specified.
4/3/2013 8:17:59 AM, error: Service Control Manager [7000] - The ALOT Update Service service failed to start due to the following error: The system cannot find the file specified.
4/3/2013 8:17:59 AM, error: Service Control Manager [7000] - The 5613 service failed to start due to the following error: The system cannot find the file specified.
4/3/2013 5:08:01 PM, error: Service Control Manager [7034] - The DefaultTabUpdate service terminated unexpectedly. It has done this 1 time(s).
4/3/2013 2:38:24 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/3/2013 2:38:21 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AVGIDSDriver AVGIDSHX AVGIDSShim Avgldx86 Avglogx Avgmfx86 Avgrkx86 Avgtdix DMICall Fips intelppm IPSec NetBT RasAcd Tcpip
4/3/2013 2:38:21 PM, error: Service Control Manager [7001] - The VAIO Entertainment File Import Service service depends on the VAIO Entertainment Database Service service which failed to start because of the following error: The dependency service or group failed to start.
4/3/2013 2:38:21 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
4/3/2013 2:38:21 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/3/2013 2:38:21 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/3/2013 2:38:21 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
4/3/2013 2:38:21 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/2/2013 8:57:00 PM, error: Schedule [7901] - The At7.job command failed to start due to the following error: General access denied error
4/2/2013 8:40:01 PM, error: Schedule [7901] - The At6.job command failed to start due to the following error: General access denied error
4/2/2013 8:40:01 PM, error: Schedule [7901] - The At2.job command failed to start due to the following error: General access denied error
4/2/2013 2:00:00 PM, error: Schedule [7901] - The At8.job command failed to start due to the following error: General access denied error
4/2/2013 2:00:00 PM, error: Schedule [7901] - The At4.job command failed to start due to the following error: General access denied error
4/2/2013 10:10:00 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: General access denied error
4/2/2013 10:10:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: General access denied error
4/2/2013 1:48:00 PM, error: Schedule [7901] - The At3.job command failed to start due to the following error: General access denied error
4/1/2013 12:46:58 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 000E35D7626C. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
4/1/2013 1:00:55 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 000E35D7626C. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
.
==== End Of File ===========================

# AdwCleaner v2.200 - Logfile created 04/04/2013 at 12:44:11
# Updated 02/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Andrew - E457FDF720CE414
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Andrew\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****
Stopped & Deleted : CltMngSvc
Stopped & Deleted : DefaultTabSearch
Stopped & Deleted : DefaultTabUpdate
Stopped & Deleted : IBUpdaterService
Stopped & Deleted : MyWebSearchService
***** [Files / Folders] *****
Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
File Deleted : C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
File Deleted : C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\END
File Deleted : C:\user.js
File Deleted : C:\WINDOWS\system32\dmwu.exe
File Deleted : C:\WINDOWS\system32\f3PSSavr.scr
File Deleted : C:\WINDOWS\system32\ImhxxpComm.dll
File Deleted : C:\WINDOWS\Tasks\AmiUpdXp.job
Folder Deleted : C:\Documents and Settings\All Users\Application Data\APN
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\BasicSeek
Folder Deleted : C:\Documents and Settings\All Users\Application Data\IBUpdaterService
Folder Deleted : C:\Documents and Settings\Andrew\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Andrew\Application Data\DefaultTab
Folder Deleted : C:\Documents and Settings\Andrew\Application Data\file scout
Folder Deleted : C:\Documents and Settings\Andrew\Application Data\incredibar.com
Folder Deleted : C:\Documents and Settings\Andrew\Application Data\PerformerSoft
Folder Deleted : C:\Documents and Settings\Andrew\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\Andrew\Application Data\SearchProtect
Folder Deleted : C:\Documents and Settings\Andrew\Application Data\SwvUpdater
Folder Deleted : C:\Documents and Settings\Andrew\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Andrew\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Andrew\Local Settings\Application Data\InternetHelper3
Folder Deleted : C:\Documents and Settings\Andrew\Local Settings\Application Data\Updater19962
Folder Deleted : C:\Documents and Settings\Andrew\Local Settings\Application Data\WhiteSmoke_New
Folder Deleted : C:\Documents and Settings\LAND & STREAM CO\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\LAND & STREAM CO\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\BasicSeek
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\DefaultTab
Folder Deleted : C:\Program Files\DomaIQ Uninstaller
Folder Deleted : C:\Program Files\Freeze.com
Folder Deleted : C:\Program Files\FunWebProducts
Folder Deleted : C:\Program Files\IB Updater
Folder Deleted : C:\Program Files\InternetHelper3
Folder Deleted : C:\Program Files\MyWebSearch
Folder Deleted : C:\Program Files\Perion
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Program Files\Supreme Savings
Folder Deleted : C:\Program Files\WhiteSmoke_New
Folder Deleted : C:\WINDOWS\system32\WNLT
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\Fun Web Products
Key Deleted : HKCU\Software\FunWebProducts
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\InternetHelper3
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110111991162}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B920380D-FBE7-45C7-96AB-37E9870A566C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110111991162}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2F4D7835-42B0-4BA7-9587-1B01393F78EE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F89054E-27B3-45BB-A3D6-E26D00838F00}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B920380D-FBE7-45C7-96AB-37E9870A566C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\MyWebSearch
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\WhiteSmoke_New
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110111991162}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6F89054E-27B3-45BB-A3D6-E26D00838F00}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7473D292-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7473D296-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{799391D3-EB86-4BAC-9BD3-CBFEA58A0E15}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9571378-68A1-443D-B082-284F960C6D17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B920380D-FBE7-45C7-96AB-37E9870A566C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0019962.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0019962.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0019962.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0019962.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.DataControl
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.DataControl.1
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler.1
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar.1
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu.2
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.IECookiesManager
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.IECookiesManager.1
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.KillerObjManager
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.KillerObjManager.1
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton.1
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugin
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanel
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanel.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.MultipleButton
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.MultipleButton.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddin
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddin.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.UrlAlertButton
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.UrlAlertButton.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPlugin
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller
Key Deleted : HKLM\SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller.1
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3277370
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\FocusInteractive
Key Deleted : HKLM\Software\Fun Web Products
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\Software\InternetHelper3
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111991162}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111991162}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2221D6C8-678E-4106-9931-75879D21A99C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35B4F049-7DB6-447D-AC9C-E881A9FE7E0A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54555BBF-CE57-491C-9BF0-FF7630C4D845}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A07DD4DC-E86D-424A-84D4-2DA0B4A969E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Key Deleted : HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin
Key Deleted : HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\InternetHelper3 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Updater Service
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WhiteSmoke_New Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110111991162}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B920380D-FBE7-45C7-96AB-37E9870A566C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2F4D7835-42B0-4BA7-9587-1B01393F78EE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F89054E-27B3-45BB-A3D6-E26D00838F00}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetHelper3 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mywebsearch bar uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_New Toolbar
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin
Key Deleted : HKLM\Software\MyWebSearch
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\WhiteSmoke_New
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{07B18EA9-A523-4961-B6BB-170DE4475CCA}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{739DF940-C5EE-4BAB-9D7E-270894AE687A}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{B920380D-FBE7-45C7-96AB-37E9870A566C}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00A6FAF6-072E-44CF-8957-5838F569A31D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{739DF940-C5EE-4BAB-9D7E-270894AE687A}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B920380D-FBE7-45C7-96AB-37E9870A566C}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [MyWebSearch Email Plugin]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{07B18EA9-A523-4961-B6BB-170DE4475CCA}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{739DF940-C5EE-4BAB-9D7E-270894AE687A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B920380D-FBE7-45C7-96AB-37E9870A566C}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows Media\Wmsdk\Sources [F3PopularScreenSavers]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\post platform [FunWebProducts]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [My Web Search Bar Search Scope Monitor]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [MyWebSearch Email Plugin]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Google Chrome v25.0.1364.97
File : C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
File : C:\Documents and Settings\LAND & STREAM CO\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [32972 octets] - [04/04/2013 12:44:11]
########## EOF - C:\AdwCleaner[S1].txt - [33033 octets] ##########

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Andrew [Admin rights]
Mode : Scan -- Date : 04/04/2013 13:25:39
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 9 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Updater19962.exe (C:\Documents and Settings\Andrew\Local Settings\Application Data\Updater19962\Updater19962.exe /extensionid=19962 /extensionname='Supreme Savings' /chromeid=ihkeoookbpemkdccdccdmacnidhooohk /stayidle /delay=300) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2509911267-1632943361-3296815733-1006[...]\Run : Updater19962.exe (C:\Documents and Settings\Andrew\Local Settings\Application Data\Updater19962\Updater19962.exe /extensionid=19962 /extensionname='Supreme Savings' /chromeid=ihkeoookbpemkdccdccdmacnidhooohk /stayidle /delay=300) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\5613 (C:\Documents and Settings\Andrew\Local Settings\Temp\5613.sys) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\5613 (C:\Documents and Settings\Andrew\Local Settings\Temp\5613.sys) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : atapi.sys -> HOOKED ([INLINE] atapi.sys @ 0xB9F19852)
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: HITACHI_DK23FA-80 +++++
--- User ---
[MBR] 94d7904b75c9805cbcd1a66eefc20719
[BSP] 2dab0b461558b0944ad0bf02ffa10e50 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 5130 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 10506510 | Size: 71186 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_04042013_02d1325.txt >>
RKreport[1]_S_04042013_02d1325.txt


----------



## Phantom010 (Mar 9, 2009)

AdwCleaner took care of a lot of adware (MyWebSearch, WhiteSmoke, PriceGong, Conduit...).

These nuisances are mostly installed as part of free software bundles. Most of the time, they ask for your permission to install. Never agree to it. Stay away from "free" screensavers. They often install crapware without your knowledge. Nothing is 100% free...


> Key Deleted : HKLM\SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller
> Key Deleted : HKLM\SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller.1


Did you find *Softango* in C:\Program Files?


----------



## Mark1956 (May 7, 2011)

Glad you eventually got those scans to run, there is no sign of anything particularly nasty, but we have a list of things to fix:

ADWCleaner found a large amount of Adware which we need to be sure has all gone.
DDS log shows many remnants of AVG Anti Virus that need to be removed. 
There are also a few Optimizer programs you would be well advised to remove as they can harm your system.
RogueKiller found several items that need to be dealt with.
Further back in the thread we found several Windows Services that are missing.
DDS log shows a bunch of file associations that need fixing.

So, there is a lot to do to completely clean up your system. We will deal with each problem one at a time.

I will now have this moved to the Malware forum, many thanks to the other guys who helped get us to this point.

First we need to do another scan with RogueKiller:


Quit all running programs. 
Start RogueKiller.exe by double clicking on the icon. 
Wait until Prescan has finished. 
Ensure all boxes are ticked under "Report" tab. 
Click on Scan. 
Click on Delete when complete.
Click on Report when the Deletion completes. Copy/paste the contents of the report into your next reply.


----------



## Phantom010 (Mar 9, 2009)

No problem, Mark. 

I think it's best to remove all malware before proceeding with anything else. :up:


----------



## Mark1956 (May 7, 2011)

Yes indeed, quite a few of the items ADWCleaner found don't always leave quietly.


----------



## mathcheck (Mar 28, 2013)

Here is round two of Roguekiller

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Andrew [Admin rights]
Mode : Remove -- Date : 04/04/2013 15:32:10
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][PREVRUN] HKCU\[...]\Run : Updater19962.exe (C:\Documents and Settings\Andrew\Local Settings\Application Data\Updater19962\Updater19962.exe /extensionid=19962 /extensionname='Supreme Savings' /chromeid=ihkeoookbpemkdccdccdmacnidhooohk /stayidle /delay=300) [x] -> DELETED
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\5613 (C:\Documents and Settings\Andrew\Local Settings\Temp\5613.sys) -> DELETED
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\5613 (C:\Documents and Settings\Andrew\Local Settings\Temp\5613.sys) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : atapi.sys -> HOOKED ([INLINE] atapi.sys @ 0xB9F19852)
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: HITACHI_DK23FA-80 +++++
--- User ---
[MBR] 94d7904b75c9805cbcd1a66eefc20719
[BSP] 2dab0b461558b0944ad0bf02ffa10e50 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 5130 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 10506510 | Size: 71186 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[3]_D_04042013_02d1532.txt >>
RKreport[1]_S_04042013_02d1325.txt ; RKreport[2]_S_04042013_02d1530.txt ; RKreport[3]_D_04042013_02d1532.txt


----------



## mathcheck (Mar 28, 2013)

I don't know how to do it anywhere else. *Mark1956, Throoper, Phantom010*: Thank you guys for helping me.


----------



## Mark1956 (May 7, 2011)

Next we need to remove the remnants of AVG. Please go to Add/Remove Programs and uninstall these three items if they are visible:

AVG 2013
AVG PC TuneUp
AVG PC TuneUp Language Pack (en-US)

Do not worry if any of the items are not listed and if you see anything else starting with the name AVG please uninstall it.

Then go here AVG Removal tool Click on the first item in the list of removal tools:
AVG Remover(32bit) 2013
(avg_remover_stf_x86_2013_2706.exe)

Save the tool to your desktop, double click on the icon and let the tool run to clean out the remnants.

I would then like you to run ADWCleaner again, using the Delete button just as before and post the new log. We can then see if there are any persistent items that need further action to clean them out.


----------



## Mark1956 (May 7, 2011)

Please read the above post and complete all the instructions given, I would then like you to continue with running this scan below, make sure you read and understand all the instructions before you proceed.

Please follow the instructions exactly as written, deviating from the instructions and trying to fix anything before I have seen the logs may make your PC unbootable. If TDSSKiller does not offer the Cure option *DO NOT select delete* as you may remove files needed for the system to operate.

Please download Kaspersky's *TDSSKiller* and *save it to your Desktop. <-Important!*
_-- The tool is frequently updated...if you used TDSSKiller before, delete that version and download the most current one before using again._

_Be sure to print out and follow all of these instructions._


Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop.
Alternatively, you can download TDSSKiller.exe and use that instead.
Double-click on *TDSSKiller.exe* to run the tool for known TDSS variants.
_*Vista*/*Windows 7* users right-click and select Run As Administrator_.
If an update is available, TDSSKiller will prompt you to update and download the most current version. Click *Load Update*. Close TDSSKiller and start again.


When the program opens, click the *Change parameters.*









Under "Additional options", check the boxes next to *Verify file digital signatures* and *Detect TDLFS file system*, then click *OK*.









Click the *Start Scan* button.









Do not use the computer during the scan
If the scan completes with nothing found, click *Close* to exit.
If '*Suspicious objects*' are detected, the default action will be *Skip*. Leave the default set to Skip and click on *Continue*.
If *Malicious objects* are detected, they will show in the Scan results - *Select action for found objects:* and offer three options.









Ensure *Cure* is selected...then click *Continue* -> *Reboot computer* *for cure completion.*









*Important! ->* If *Cure* *is not available*, please choose *Skip* instead. *Do not choose Delete unless instructed.* If you choose *Delete* you may *remove critical system files* and make your PC *unstable* or possibly *unbootable*.
A log file named *TDSSKiller_version_date_time_log.txt* will be created and saved to the root directory (usually Local Disk C: ).
Copy and paste the contents of that file in your next reply.

_-- If TDSSKiller does not run, try renaming it. To do this, right-click on *TDSSKiller.exe*, select *Rename* and give it a random name with the *.com* file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it to something else *before* beginning the download and saving to the computer or to perform the scan in "safe mode"._


----------



## mathcheck (Mar 28, 2013)

# AdwCleaner v2.200 - Logfile created 04/05/2013 at 08:34:08
# Updated 02/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Andrew - E457FDF720CE414
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Andrew\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
***** [Registry] *****

***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Google Chrome v25.0.1364.97
File : C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
File : C:\Documents and Settings\LAND & STREAM CO\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [33103 octets] - [04/04/2013 12:44:11]
AdwCleaner[S2].txt - [998 octets] - [05/04/2013 08:34:08]
########## EOF - C:\AdwCleaner[S2].txt - [1057 octets] ##########


----------



## mathcheck (Mar 28, 2013)

My computer froze up during the process so I had to do it more than once so I have four or five copies of this in Local Disk C:

09:37:59.0687 2800 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:38:01.0687 2800 ============================================================
09:38:01.0687 2800 Current date / time: 2013/04/05 09:38:01.0687
09:38:01.0687 2800 SystemInfo:
09:38:01.0687 2800 
09:38:01.0687 2800 OS Version: 5.1.2600 ServicePack: 3.0
09:38:01.0687 2800 Product type: Workstation
09:38:01.0687 2800 ComputerName: E457FDF720CE414
09:38:01.0687 2800 UserName: Andrew
09:38:01.0687 2800 Windows directory: C:\WINDOWS
09:38:01.0687 2800 System windows directory: C:\WINDOWS
09:38:01.0687 2800 Processor architecture: Intel x86
09:38:01.0687 2800 Number of processors: 1
09:38:01.0687 2800 Page size: 0x1000
09:38:01.0687 2800 Boot type: Normal boot
09:38:01.0687 2800 ============================================================
09:38:09.0531 2800 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:38:09.0531 2800 ============================================================
09:38:09.0531 2800 \Device\Harddisk0\DR0:
09:38:09.0531 2800 MBR partitions:
09:38:09.0531 2800 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xA0510E, BlocksNum 0x8B093B3
09:38:09.0531 2800 ============================================================
09:38:09.0562 2800 C: <-> \Device\Harddisk0\DR0\Partition1
09:38:09.0562 2800 ============================================================
09:38:09.0562 2800 Initialize success
09:38:09.0562 2800 ============================================================
09:47:00.0109 1264 ============================================================
09:47:00.0109 1264 Scan started
09:47:00.0109 1264 Mode: Manual; SigCheck; TDLFS; 
09:47:00.0109 1264 ============================================================
09:47:00.0531 1264 ================ Scan system memory ========================
09:47:00.0546 1264 System memory - ok
09:47:00.0546 1264 ================ Scan services =============================
09:47:00.0718 1264 Abiosdsk - ok
09:47:00.0718 1264 abp480n5 - ok
09:47:00.0781 1264 [ EA38C961260F29295C6D03070FA9D0B5 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:47:00.0796 1264 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: EA38C961260F29295C6D03070FA9D0B5, Fake md5: 8FD99680A539792A30E97944FDAECF17
09:47:00.0796 1264 ACPI ( Virus.Win32.Rloader.a ) - infected
09:47:00.0796 1264 ACPI - detected Virus.Win32.Rloader.a (0)
09:47:00.0875 1264 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
09:48:43.0640 1264 ACPIEC - ok
09:48:43.0750 1264 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:48:43.0781 1264 AdobeFlashPlayerUpdateSvc - ok
09:48:43.0781 1264 adpu160m - ok
09:48:43.0828 1264 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
09:48:44.0031 1264 aec - ok
09:48:44.0078 1264 [ F498FD605C08404B20A48954C722FF74 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
09:48:44.0140 1264 AegisP ( UnsignedFile.Multi.Generic ) - warning
09:48:44.0140 1264 AegisP - detected UnsignedFile.Multi.Generic (1)
09:48:44.0187 1264 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
09:48:44.0359 1264 AFD - ok
09:48:44.0359 1264 Aha154x - ok
09:48:44.0375 1264 aic78u2 - ok
09:48:44.0390 1264 aic78xx - ok
09:48:44.0437 1264 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
09:48:44.0578 1264 ALG - ok
09:48:44.0578 1264 AliIde - ok
09:48:44.0703 1264 AlotService - ok
09:48:44.0718 1264 amsint - ok
09:48:44.0781 1264 [ D3DA11B88AB29076B78FF79F35F0586B ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
09:48:44.0953 1264 ApfiltrService - ok
09:48:44.0968 1264 AppMgmt - ok
09:48:45.0046 1264 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:48:45.0390 1264 Arp1394 - ok
09:48:45.0406 1264 asc - ok
09:48:45.0406 1264 asc3350p - ok
09:48:45.0421 1264 asc3550 - ok
09:48:45.0562 1264 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:48:45.0609 1264 aspnet_state - ok
09:48:45.0625 1264 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:48:45.0812 1264 AsyncMac - ok
09:48:45.0843 1264 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
09:48:46.0000 1264 atapi - ok
09:48:46.0015 1264 Atdisk - ok
09:48:46.0078 1264 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:48:46.0281 1264 Atmarpc - ok
09:48:46.0328 1264 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
09:48:46.0546 1264 AudioSrv - ok
09:48:46.0593 1264 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
09:48:46.0781 1264 audstub - ok
09:48:46.0796 1264 Avglogx - ok
09:48:46.0843 1264 [ CAE7B6E4D7EB17829C526153D19B9C95 ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
09:48:47.0250 1264 avgtp - ok
09:48:47.0281 1264 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
09:48:47.0609 1264 Beep - ok
09:48:47.0671 1264 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
09:48:47.0968 1264 BITS - ok
09:48:48.0093 1264 Bonjour Service - ok
09:48:48.0140 1264 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
09:48:48.0453 1264 cbidf2k - ok
09:48:48.0453 1264 cd20xrnt - ok
09:48:48.0500 1264 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
09:48:48.0671 1264 Cdaudio - ok
09:48:48.0718 1264 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
09:48:48.0906 1264 Cdfs - ok
09:48:48.0953 1264 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:48:49.0250 1264 Cdrom - ok
09:48:49.0265 1264 Changer - ok
09:48:49.0312 1264 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
09:48:49.0531 1264 CiSvc - ok
09:48:49.0546 1264 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
09:48:49.0796 1264 ClipSrv - ok
09:48:49.0843 1264 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:48:50.0078 1264 clr_optimization_v4.0.30319_32 - ok
09:48:50.0109 1264 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
09:48:50.0343 1264 CmBatt - ok
09:48:50.0343 1264 CmdIde - ok
09:48:50.0375 1264 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
09:48:50.0656 1264 Compbatt - ok
09:48:50.0656 1264 COMSysApp - ok
09:48:50.0671 1264 Cpqarray - ok
09:48:50.0718 1264 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
09:48:50.0890 1264 CryptSvc - ok
09:48:50.0890 1264 dac2w2k - ok
09:48:50.0906 1264 dac960nt - ok
09:48:50.0968 1264 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
09:48:51.0109 1264 DcomLaunch - ok
09:48:51.0156 1264 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
09:48:51.0312 1264 Dhcp - ok
09:48:51.0328 1264 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
09:48:51.0515 1264 Disk - ok
09:48:51.0515 1264 dmadmin - ok
09:48:51.0593 1264 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
09:48:51.0859 1264 dmboot - ok
09:48:51.0921 1264 [ 526192BF7696F72E29777BF4A180513A ] DMICall C:\WINDOWS\system32\DRIVERS\DMICall.sys
09:48:52.0125 1264 DMICall - ok
09:48:52.0171 1264 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
09:48:52.0390 1264 dmio - ok
09:48:52.0421 1264 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
09:48:52.0609 1264 dmload - ok
09:48:52.0656 1264 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
09:48:52.0812 1264 dmserver - ok
09:48:52.0843 1264 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
09:48:53.0031 1264 DMusic - ok
09:48:53.0125 1264 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
09:48:53.0312 1264 Dnscache - ok
09:48:53.0343 1264 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
09:48:53.0656 1264 Dot3svc - ok
09:48:53.0671 1264 dpti2o - ok
09:48:53.0703 1264 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
09:48:53.0921 1264 drmkaud - ok
09:48:54.0046 1264 [ 5182244C0BB338A7545306CB6CA1DABA ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
09:48:54.0109 1264 E100B - ok
09:48:54.0140 1264 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
09:48:54.0390 1264 EapHost - ok
09:48:54.0437 1264 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
09:48:54.0656 1264 ERSvc - ok
09:48:54.0718 1264 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
09:48:54.0828 1264 Eventlog - ok
09:48:54.0921 1264 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
09:48:55.0031 1264 EventSystem - ok
09:48:55.0140 1264 [ B0C6B8DF9F20F84BDC9183DD520A8275 ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
09:48:55.0265 1264 EvtEng ( UnsignedFile.Multi.Generic ) - warning
09:48:55.0265 1264 EvtEng - detected UnsignedFile.Multi.Generic (1)
09:48:55.0312 1264 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
09:48:55.0640 1264 Fastfat - ok
09:48:55.0718 1264 [ 83158CA47591AF55A9759B5C648B0462 ] FastFreeConverterUpdt C:\Program Files\Fast Free Converter\FastFreeConverterUpdt.exe
09:48:55.0781 1264 FastFreeConverterUpdt ( UnsignedFile.Multi.Generic ) - warning
09:48:55.0781 1264 FastFreeConverterUpdt - detected UnsignedFile.Multi.Generic (1)
09:48:55.0843 1264 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
09:48:56.0015 1264 FastUserSwitchingCompatibility - ok
09:48:56.0062 1264 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
09:48:56.0281 1264 Fdc - ok
09:48:56.0312 1264 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
09:48:56.0593 1264 Fips - ok
09:48:56.0625 1264 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
09:48:56.0796 1264 Flpydisk - ok
09:48:56.0812 1264 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
09:48:57.0000 1264 FltMgr - ok
09:48:57.0062 1264 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:48:57.0234 1264 Fs_Rec - ok
09:48:57.0250 1264 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:48:57.0421 1264 Ftdisk - ok
09:48:57.0453 1264 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:48:57.0656 1264 Gpc - ok
09:48:57.0687 1264 gupdate - ok
09:48:57.0703 1264 gupdatem - ok
09:48:57.0718 1264 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:48:57.0875 1264 HDAudBus - ok
09:48:57.0937 1264 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:48:58.0093 1264 helpsvc - ok
09:48:58.0093 1264 HidServ - ok
09:48:58.0156 1264 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
09:48:58.0359 1264 hkmsvc - ok
09:48:58.0359 1264 hpn - ok
09:48:58.0421 1264 [ 3D812D0DE9344BC9BD1A1B8575B883DB ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
09:48:58.0531 1264 HSFHWAZL - ok
09:48:58.0609 1264 [ 0E130BEC5A13CF68ADAA216AB55A8DFF ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
09:48:58.0796 1264 HSF_DP - ok
09:48:58.0843 1264 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
09:48:58.0921 1264 HTTP - ok
09:48:59.0046 1264 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
09:48:59.0390 1264 HTTPFilter - ok
09:48:59.0390 1264 i2omgmt - ok
09:48:59.0406 1264 i2omp - ok
09:48:59.0437 1264 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:48:59.0656 1264  i8042prt - ok
09:48:59.0734 1264 [ 510A5E1CB84E82D4E89DFF3D96752048 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
09:48:59.0890 1264 ialm - ok
09:48:59.0906 1264 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
09:49:00.0171 1264 Imapi - ok
09:49:00.0281 1264 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
09:49:00.0468 1264 ImapiService - ok
09:49:00.0484 1264 ini910u - ok
09:49:00.0640 1264 [ 51EB28D8602A9DF0926CBBBD9997CBB9 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
09:49:00.0906 1264 IntcAzAudAddService - ok
09:49:00.0937 1264 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
09:49:01.0171 1264 IntelIde - ok
09:49:01.0218 1264 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:49:01.0437 1264 intelppm - ok
09:49:01.0468 1264 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
09:49:01.0812 1264 Ip6Fw - ok
09:49:01.0859 1264 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:49:02.0140 1264 IpFilterDriver - ok
09:49:02.0156 1264 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:49:02.0421 1264 IpInIp - ok
09:49:02.0453 1264 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:49:02.0671 1264 IpNat - ok
09:49:02.0703 1264 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:49:02.0984 1264 IPSec - ok
09:49:03.0093 1264 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
09:49:03.0187 1264 IRENUM - ok
09:49:03.0218 1264 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:49:03.0421 1264 isapnp - ok
09:49:03.0453 1264 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:49:03.0640 1264 Kbdclass - ok
09:49:03.0687 1264 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
09:49:03.0875 1264 kmixer - ok
09:49:03.0906 1264 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
09:49:04.0203 1264 KSecDD - ok
09:49:04.0281 1264 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
09:49:04.0343 1264 lanmanserver - ok
09:49:04.0343 1264 lbrtfdc - ok
09:49:04.0390 1264 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
09:49:04.0609 1264 LmHosts - ok
09:49:04.0640 1264 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
09:49:04.0687 1264 mdmxsdk - ok
09:49:04.0734 1264 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
09:49:05.0046 1264 mnmdd - ok
09:49:05.0140 1264 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
09:49:05.0375 1264 mnmsrvc - ok
09:49:05.0390 1264 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
09:49:05.0578 1264 Modem - ok
09:49:05.0593 1264 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:49:05.0812 1264 Mouclass - ok
09:49:05.0828 1264 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
09:49:06.0062 1264 MountMgr - ok
09:49:06.0109 1264 [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
09:49:06.0156 1264 MpFilter - ok
09:49:06.0359 1264 [ A69630D039C38018689190234F866D77 ] MpKslc6402f33 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C15E9548-5A82-4A77-B245-177547F80461}\MpKslc6402f33.sys
09:49:06.0390 1264 MpKslc6402f33 - ok
09:49:06.0390 1264 mraid35x - ok
09:49:06.0421 1264 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:49:06.0609 1264 MRxDAV - ok
09:49:06.0656 1264 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
09:49:06.0843 1264 MSDTC - ok
09:49:06.0859 1264 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
09:49:07.0234 1264 Msfs - ok
09:49:07.0265 1264 MSIServer - ok
09:49:07.0281 1264 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:49:07.0453 1264 MSKSSRV - ok
09:49:07.0500 1264 [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
09:49:07.0515 1264 MsMpSvc - ok
09:49:07.0546 1264 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:49:07.0734 1264 MSPCLOCK - ok
09:49:07.0765 1264 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
09:49:07.0937 1264 MSPQM - ok
09:49:07.0968 1264 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:49:08.0125 1264 mssmbios - ok
09:49:08.0140 1264 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
09:49:08.0234 1264 Mup - ok
09:49:08.0296 1264 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
09:49:08.0562 1264 napagent - ok
09:49:08.0578 1264 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
09:49:08.0796 1264 NDIS - ok
09:49:08.0843 1264 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:49:08.0906 1264 NdisTapi - ok
09:49:08.0937 1264 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:49:09.0203 1264 Ndisuio - ok
09:49:09.0218 1264 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:49:09.0468 1264 NdisWan - ok
09:49:09.0515 1264 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
09:49:09.0656 1264 NDProxy - ok
09:49:09.0687 1264 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
09:49:09.0953 1264 NetBT - ok
09:49:10.0046 1264 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
09:49:10.0437 1264 NetDDE - ok
09:49:10.0437 1264 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
09:49:10.0593 1264 NetDDEdsdm - ok
09:49:10.0640 1264 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
09:49:10.0796 1264 Netman - ok
09:49:10.0828 1264 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:49:10.0984 1264 NIC1394 - ok
09:49:11.0093 1264 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
09:49:11.0140 1264 Nla - ok
09:49:11.0156 1264 Norton PC Checkup Application Launcher - ok
09:49:11.0203 1264 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
09:49:11.0406 1264 Npfs - ok
09:49:11.0437 1264 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
09:49:11.0687 1264 Ntfs - ok
09:49:11.0765 1264 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
09:49:12.0000 1264 NtmsSvc - ok
09:49:12.0046 1264 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
09:49:12.0203 1264 Null - ok
09:49:12.0406 1264 [ 916D172B4A58A64174FF96CD5E9AAB37 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:49:12.0781 1264 nv - ok
09:49:12.0828 1264 [ C6C1BA4D6AF26201CBAEAE75863C0DE5 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
09:49:12.0875 1264 NVSvc - ok
09:49:12.0921 1264 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:49:13.0250 1264 NwlnkFlt - ok
09:49:13.0265 1264 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:49:13.0468 1264 NwlnkFwd - ok
09:49:13.0500 1264 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:49:13.0656 1264 ohci1394 - ok
09:49:13.0750 1264 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:49:13.0765 1264 ose - ok
09:49:13.0812 1264 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
09:49:14.0031 1264 Parport - ok
09:49:14.0031 1264 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
09:49:14.0250 1264 PartMgr - ok
09:49:14.0296 1264 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
09:49:14.0468 1264 ParVdm - ok
09:49:14.0484 1264 PCCUJobMgr - ok
09:49:14.0484 1264 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
09:49:14.0687 1264 PCI - ok
09:49:14.0703 1264 PCIDump - ok
09:49:14.0718 1264 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
09:49:14.0906 1264 PCIIde - ok
09:49:14.0921 1264 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
09:49:15.0234 1264 Pcmcia - ok
09:49:15.0234 1264 PDCOMP - ok
09:49:15.0250 1264 PDFRAME - ok
09:49:15.0250 1264 PDRELI - ok
09:49:15.0265 1264 PDRFRAME - ok
09:49:15.0265 1264 perc2 - ok
09:49:15.0281 1264 perc2hib - ok
09:49:15.0328 1264 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
09:49:15.0375 1264 PlugPlay - ok
09:49:15.0390 1264 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
09:49:15.0578 1264 PolicyAgent - ok
09:49:15.0640 1264 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:49:15.0906 1264 PptpMiniport - ok
09:49:15.0906 1264 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
09:49:16.0125 1264 ProtectedStorage - ok
09:49:16.0156 1264 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
09:49:16.0406 1264 PSched - ok
09:49:16.0421 1264 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:49:16.0625 1264 Ptilink - ok
09:49:16.0687 1264 [ F3A3B00666A40C6914B7B2864F7DC1C0 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:49:16.0734 1264 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
09:49:16.0734 1264 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
09:49:16.0734 1264 ql1080 - ok
09:49:16.0750 1264 Ql10wnt - ok
09:49:16.0750 1264 ql12160 - ok
09:49:16.0765 1264 ql1240 - ok
09:49:16.0781 1264 ql1280 - ok
09:49:16.0796 1264 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:49:16.0984 1264 RasAcd - ok
09:49:17.0109 1264 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
09:49:17.0328 1264 RasAuto - ok
09:49:17.0359 1264 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:49:17.0578 1264 Rasl2tp - ok
09:49:17.0625 1264 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
09:49:17.0796 1264 RasMan - ok
09:49:17.0812 1264 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:49:18.0046 1264 RasPppoe - ok
09:49:18.0093 1264 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
09:49:18.0281 1264 Raspti - ok
09:49:18.0328 1264 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:49:18.0484 1264 RDPCDD - ok
09:49:18.0562 1264 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
09:49:18.0734 1264 RDPWD - ok
09:49:18.0796 1264 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
09:49:19.0093 1264 RDSessMgr - ok
09:49:19.0250 1264 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
09:49:19.0546 1264 redbook - ok
09:49:19.0578 1264 [ B44B1BF0107C55707494F5E83A17D35B ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
09:49:19.0609 1264 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
09:49:19.0609 1264 RegSrvc - detected UnsignedFile.Multi.Generic (1)
09:49:19.0656 1264 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
09:49:20.0015 1264 RemoteAccess - ok
09:49:20.0125 1264 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
09:49:20.0187 1264 RpcSs - ok
09:49:20.0250 1264 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
09:49:20.0468 1264 RSVP - ok
09:49:20.0531 1264 [ 2F7A8BE42103918BBD4A30F62EDA6931 ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
09:49:20.0828 1264 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
09:49:20.0828 1264 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
09:49:20.0859 1264 [ 85A26A3BB748DFD3170CDBF45B0DD7FD ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
09:49:20.0890 1264 s24trans ( UnsignedFile.Multi.Generic ) - warning
09:49:20.0890 1264 s24trans - detected UnsignedFile.Multi.Generic (1)
09:49:20.0906 1264 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
09:49:21.0125 1264 SamSs - ok
09:49:21.0156 1264 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
09:49:21.0421 1264 SCardSvr - ok
09:49:21.0468 1264 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
09:49:21.0656 1264 Schedule - ok
09:49:21.0687 1264 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:49:21.0812 1264 Secdrv - ok
09:49:21.0843 1264 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
09:49:22.0000 1264 seclogon - ok
09:49:22.0015 1264 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
09:49:22.0203 1264 SENS - ok
09:49:22.0234 1264 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
09:49:22.0468 1264 Serial - ok
09:49:22.0500 1264 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
09:49:23.0156 1264 Sfloppy - ok
09:49:23.0234 1264 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
09:49:23.0546 1264 SharedAccess - ok
09:49:23.0593 1264 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
09:49:23.0609 1264 ShellHWDetection - ok
09:49:23.0609 1264 Simbad - ok
09:49:23.0671 1264 [ BE6038E0A7D2E2FE69107E41A0265831 ] SNC C:\WINDOWS\system32\Drivers\SonyNC.sys
09:49:23.0750 1264 SNC - ok
09:49:23.0812 1264 [ 60C377BE6B3CC83F6A8584934B181D2E ] SNMP C:\WINDOWS\System32\snmp.exe
09:49:23.0984 1264 SNMP - ok
09:49:24.0078 1264 [ 80A050795A107A76C2B1CD4CFBE010E6 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
09:49:24.0500 1264 SNMPTRAP - ok
09:49:24.0500 1264 Sparrow - ok
09:49:24.0562 1264 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
09:49:24.0718 1264 splitter - ok
09:49:24.0765 1264 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
09:49:25.0500 1264 Spooler - ok
09:49:25.0531 1264 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
09:49:25.0687 1264 sr - ok
09:49:25.0734 1264 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
09:49:25.0812 1264 srservice - ok
09:49:25.0843 1264 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
09:49:25.0953 1264 Srv - ok
09:49:26.0031 1264 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
09:49:26.0125 1264 SSDPSRV - ok
09:49:26.0140 1264 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
09:49:26.0359 1264 stisvc - ok
09:49:26.0406 1264 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
09:49:26.0656 1264 swenum - ok
09:49:26.0687 1264 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
09:49:26.0921 1264 swmidi - ok
09:49:26.0921 1264 SwPrv - ok
09:49:26.0937 1264 symc810 - ok
09:49:26.0953 1264 symc8xx - ok
09:49:26.0968 1264 sym_hi - ok
09:49:26.0968 1264 sym_u3 - ok
09:49:27.0046 1264 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
09:49:27.0218 1264 sysaudio - ok
09:49:27.0265 1264 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
09:49:27.0515 1264 SysmonLog - ok
09:49:27.0562 1264 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
09:49:27.0765 1264 TapiSrv - ok
09:49:27.0812 1264 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:49:27.0921 1264 Tcpip - ok
09:49:28.0062 1264 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
09:49:28.0250 1264 TDPIPE - ok
09:49:28.0265 1264 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
09:49:28.0484 1264 TDTCP - ok
09:49:28.0515 1264 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
09:49:28.0671 1264 TermDD - ok
09:49:28.0734 1264 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
09:49:29.0312 1264 TermService - ok
09:49:29.0359 1264 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
09:49:29.0406 1264 Themes - ok
09:49:29.0453 1264 [ 1A406B0A846FE7250E16E05813AEF849 ] tifmsony C:\WINDOWS\system32\drivers\tifmsony.sys
09:49:29.0609 1264 tifmsony - ok
09:49:29.0609 1264 TosIde - ok
09:49:29.0671 1264 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
09:49:29.0906 1264 TrkWks - ok
09:49:29.0921 1264 TuneUp.UtilitiesSvc - ok
09:49:29.0921 1264 TuneUpUtilitiesDrv - ok
09:49:29.0953 1264 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
09:49:30.0203 1264 Udfs - ok
09:49:30.0203 1264 ultra - ok
09:49:30.0265 1264 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
09:49:30.0312 1264 UMWdf - ok
09:49:30.0375 1264 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
09:49:30.0593 1264 Update - ok
09:49:30.0656 1264 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
09:49:30.0812 1264 upnphost - ok
09:49:30.0843 1264 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
09:49:31.0171 1264 UPS - ok
09:49:31.0218 1264 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:49:31.0453 1264 usbccgp - ok
09:49:31.0468 1264 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:49:31.0656 1264 usbehci - ok
09:49:31.0687 1264 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:49:31.0890 1264 usbhub - ok
09:49:31.0906 1264 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:49:32.0140 1264 usbprint - ok
09:49:32.0156 1264 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:49:32.0328 1264 usbscan - ok
09:49:32.0359 1264 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:49:32.0546 1264 usbstor - ok
09:49:32.0578 1264 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:49:32.0765 1264 usbuhci - ok
09:49:32.0843 1264 [ 5255C0E41FA138C153A1AA9B1339F700 ] VAIO Entertainment Aggregation and Control Service C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
09:49:32.0953 1264 VAIO Entertainment Aggregation and Control Service ( UnsignedFile.Multi.Generic ) - warning
09:49:32.0953 1264 VAIO Entertainment Aggregation and Control Service - detected UnsignedFile.Multi.Generic (1)
09:49:33.0093 1264 [ 34337E97B6608C3FE852889B228025C5 ] VAIO Entertainment Task Scheduler C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
09:49:33.0281 1264 VAIO Entertainment Task Scheduler ( UnsignedFile.Multi.Generic ) - warning
09:49:33.0281 1264 VAIO Entertainment Task Scheduler - detected UnsignedFile.Multi.Generic (1)
09:49:33.0406 1264 [ 047EB1A2F1E591E8892DCE24E9392A90 ] VAIO Entertainment TV Device Arbitration Service C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
09:49:33.0546 1264 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning
09:49:33.0546 1264 VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)
09:49:33.0609 1264 [ 4CC603645F50E806F9E46B8316EA54AB ] VAIO Event Service C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
09:49:33.0640 1264 VAIO Event Service ( UnsignedFile.Multi.Generic ) - warning
09:49:33.0640 1264 VAIO Event Service - detected UnsignedFile.Multi.Generic (1)
09:49:33.0796 1264 [ 9BA7FAEDC9D45E0D6641B87406E8BA1B ] VAIOMediaPlatform-IntegratedServer-AppServer C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
09:49:33.0968 1264 VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - warning
09:49:33.0968 1264 VAIOMediaPlatform-IntegratedServer-AppServer - detected UnsignedFile.Multi.Generic (1)
09:49:34.0093 1264 [ F557ABEC44DF2969FDF9D651C4B484B4 ] VAIOMediaPlatform-IntegratedServer-HTTP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
09:49:34.0125 1264 VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - warning
09:49:34.0125 1264 VAIOMediaPlatform-IntegratedServer-HTTP - detected UnsignedFile.Multi.Generic (1)
09:49:34.0187 1264 [ 15B2DA6E153CC25D1555723894AF7C45 ] VAIOMediaPlatform-IntegratedServer-UPnP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
09:49:34.0265 1264 VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - warning
09:49:34.0265 1264 VAIOMediaPlatform-IntegratedServer-UPnP - detected UnsignedFile.Multi.Generic (1)
09:49:34.0390 1264 [ E676A2C17581D84CF739E2785E5E760B ] VAIOMediaPlatform-VideoServer-AppServer C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
09:49:34.0984 1264 VAIOMediaPlatform-VideoServer-AppServer ( UnsignedFile.Multi.Generic ) - warning
09:49:34.0984 1264 VAIOMediaPlatform-VideoServer-AppServer - detected UnsignedFile.Multi.Generic (1)
09:49:35.0125 1264 [ 15B2DA6E153CC25D1555723894AF7C45 ] VAIOMediaPlatform-VideoServer-UPnP C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
09:49:35.0203 1264 VAIOMediaPlatform-VideoServer-UPnP ( UnsignedFile.Multi.Generic ) - warning
09:49:35.0203 1264 VAIOMediaPlatform-VideoServer-UPnP - detected UnsignedFile.Multi.Generic (1)
09:49:35.0234 1264 Vcsw - ok
09:49:35.0265 1264 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
09:49:35.0453 1264 VgaSave - ok
09:49:35.0468 1264 ViaIde - ok
09:49:35.0515 1264 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
09:49:35.0875 1264 VolSnap - ok
09:49:35.0937 1264 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
09:49:36.0187 1264 VSS - ok
09:49:36.0328 1264 [ 40DBA03782BCC10685A8C200C5EBDCD0 ] vToolbarUpdater12.2.6 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
09:49:36.0390 1264 vToolbarUpdater12.2.6 - ok
09:49:36.0500 1264 [ 3AD1E72748978D8B0B3B674741E4C3E2 ] vToolbarUpdater14.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
09:49:36.0609 1264 vToolbarUpdater14.2.0 - ok
09:49:36.0703 1264 [ 15DDA77E434484E6B5B4D0B60EFE76ED ] VzCdbSvc C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
09:49:36.0734 1264 VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning
09:49:36.0734 1264 VzCdbSvc - detected UnsignedFile.Multi.Generic (1)
09:49:36.0765 1264 [ 0E362E517AFEB0669BD473315BE3CDE5 ] VzFw C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
09:49:36.0796 1264 VzFw ( UnsignedFile.Multi.Generic ) - warning
09:49:36.0796 1264 VzFw - detected UnsignedFile.Multi.Generic (1)
09:49:37.0265 1264 [ C89DA341FCC883A3D79DC11727484FC2 ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys
09:49:37.0671 1264 w29n51 - ok
09:49:37.0734 1264 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
09:49:38.0078 1264 W32Time - ok
09:49:38.0312 1264 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:49:38.0515 1264 Wanarp - ok
09:49:38.0531 1264 WDICA - ok
09:49:38.0562 1264 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
09:49:38.0718 1264 wdmaud - ok
09:49:38.0734 1264 WeatherBlinkService - ok
09:49:38.0765 1264 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
09:49:39.0015 1264 WebClient - ok
09:49:39.0281 1264 [ C08FAD1207BB219BDF9EEC30AFC1809E ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
09:49:39.0421 1264 winachsf - ok
09:49:39.0515 1264 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
09:49:39.0671 1264 winmgmt - ok
09:49:39.0859 1264 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:49:40.0000 1264 wlidsvc - ok
09:49:40.0171 1264 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
09:49:40.0296 1264 WmdmPmSN - ok
09:49:40.0359 1264 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:49:40.0796 1264 WmiApSrv - ok
09:49:40.0937 1264 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:49:41.0031 1264 WPFFontCache_v0400 - ok
09:49:41.0140 1264 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
09:49:41.0328 1264 wscsvc - ok
09:49:41.0359 1264 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
09:49:41.0578 1264 wuauserv - ok
09:49:41.0640 1264 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
09:49:41.0906 1264 WZCSVC - ok
09:49:42.0062 1264 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
09:49:42.0359 1264 xmlprov - ok
09:49:42.0453 1264 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
09:49:42.0531 1264 YahooAUService - ok
09:49:42.0562 1264 ================ Scan global ===============================
09:49:42.0609 1264 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
09:49:42.0671 1264 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
09:49:42.0796 1264 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
09:49:42.0828 1264 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
09:49:42.0828 1264 [Global] - ok
09:49:42.0843 1264 ================ Scan MBR ==================================
09:49:42.0875 1264 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
09:49:43.0343 1264 \Device\Harddisk0\DR0 - ok
09:49:43.0359 1264 ================ Scan VBR ==================================
09:49:43.0359 1264 [ 9F3153A0FB79A96ED2C85B9BED779ECB ] \Device\Harddisk0\DR0\Partition1
09:49:43.0359 1264 \Device\Harddisk0\DR0\Partition1 - ok
09:49:43.0359 1264 ============================================================
09:49:43.0359 1264 Scan finished
09:49:43.0359 1264 ============================================================
09:49:43.0515 2212 Detected object count: 19
09:49:43.0515 2212 Actual detected object count: 19
09:59:11.0171 2212 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine
09:59:14.0968 2212 Backup copy found, using it..
09:59:15.0484 2212 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
09:59:15.0484 2212 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure 
09:59:15.0484 2212 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
09:59:15.0484 2212 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:59:15.0484 2212 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
09:59:15.0484 2212 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:59:15.0484 2212 FastFreeConverterUpdt ( UnsignedFile.Multi.Generic ) - skipped by user
09:59:15.0484 2212 FastFreeConverterUpdt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:59:15.0484 2212 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
09:59:15.0484 2212 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:59:15.0515 2212 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:59:15.0515 2212 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:59:15.0515 2212 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
09:59:15.0515 2212 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:59:15.0515 2212 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
09:59:15.0515 2212 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:59:15.0515 2212 VAIO Entertainment Aggregation and Control Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:59:15.0515 2212 VAIO Entertainment Aggregation and Control Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:59:15.0515 2212 VAIO Entertainment Task Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user
09:59:15.0515 2212 VAIO Entertainment Task Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:59:15.0515 2212 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:59:15.0515 2212 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:59:15.0562 2212 VAIO Event Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:59:15.0562 2212 VAIO Event Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:59:15.0562 2212 VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - skipped by user
09:59:15.0562 2212 VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:59:15.0562 2212 VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
09:59:15.0562 2212 VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:59:15.0562 2212 VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - skipped by user
09:59:15.0562 2212 VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:59:15.0562 2212 VAIOMediaPlatform-VideoServer-AppServer ( UnsignedFile.Multi.Generic ) - skipped by user
09:59:15.0562 2212 VAIOMediaPlatform-VideoServer-AppServer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:59:15.0562 2212 VAIOMediaPlatform-VideoServer-UPnP ( UnsignedFile.Multi.Generic ) - skipped by user
09:59:15.0562 2212 VAIOMediaPlatform-VideoServer-UPnP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:59:15.0609 2212 VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:59:15.0609 2212 VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:59:15.0609 2212 VzFw ( UnsignedFile.Multi.Generic ) - skipped by user
09:59:15.0609 2212 VzFw ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:59:43.0531 2224 Deinitialize success


----------



## Mark1956 (May 7, 2011)

You're doing great. TDSSkiller found an infected file and has replaced it with a clean copy.

ADWCleaner found another remnant of AVG, did you run the AVG removal tool, if not please do so.

Irrespective of having run the AVG removal tool please do another scan with ADWCleaner so we can be certain the item has gone for good and post the new log. Please also run RogueKiller again and post that log also.

As you had an infection in a system file we should now run Combofix which will dig deep into the system and carry out more checks.

Please download *ComboFix*







from one of the locations below and *save it to your Desktop. <-Important!!!*


Download Mirror #1
Download Mirror #2

Be sure to print out and follow these instructions: *A guide and tutorial on using ComboFix*

*Vista*/*Windows 7* users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. If you do not have a Windows 7 DVD then please create a Windows 7 Repair Disc. *XP* users need to install the Recovery Console first.


Temporarily *disable* your *anti-virus*, script blocking and any *anti-malware* real-time protection _*before*_ performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause _"unpredictable results"_. Click this link to see a list of such programs and how to disable them.
If ComboFix detects an older version of itself, you will be asked to update the program.
ComboFix will begin by showing a Disclaimer. Read it and click *I Agree* if you want to continue.
Follow the prompts and click on *Yes* to continue scanning for malware.
If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the *Continue* button.
When finished, please copy and paste the contents of C:\*ComboFix.txt* (_which will open after reboot_) in your next reply.
Be sure to *re-enable* your anti-virus and other security programs.

_-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
-- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
-- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security._

If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "_How to Guide_" you printed out earlier. Those instructions only apply to XP, for Vista and Windows 7 go here: Internet connection repair

*NOTE:* if you see a message like this when you attempt to open anything after the reboot *"Illegal Operation attempted on a registry key that has been marked for deletion"* please reboot the system again and the warning should not return.



> *Do NOT use ComboFix* unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, *NOT for general public or personal use*. *Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again.* This site, sUBs and myself *will not* be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read *ComboFix's Disclaimer*.


----------



## mathcheck (Mar 28, 2013)

Sorry, AVG remover was the first thig I did. I checked in Add/Remove Programs and there is nothing listed there anymore. I ran AVG remover and it left an Icon on my desktop AVGremover.log, but it won't open. I am working on the other things now. Something doesn't seem right with how AVG remover ran. Should I do the whole procedure again?


----------



## mathcheck (Mar 28, 2013)

Here are the latest ADWcleaner and Roguekillers:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Andrew [Admin rights]
Mode : Scan -- Date : 04/05/2013 14:44:20
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 1 ¤¤¤
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\68960749 (C:\WINDOWS\system32\drivers\51236355.sys) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: HITACHI_DK23FA-80 +++++
--- User ---
[MBR] 94d7904b75c9805cbcd1a66eefc20719
[BSP] 2dab0b461558b0944ad0bf02ffa10e50 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 5130 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 10506510 | Size: 71186 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[5]_S_04052013_02d1444.txt >>
RKreport[1]_S_04042013_02d1325.txt ; RKreport[2]_S_04042013_02d1530.txt ; RKreport[3]_D_04042013_02d1532.txt ; RKreport[4]_S_04052013_02d1436.txt ; RKreport[5]_S_04052013_02d1444.txt

# AdwCleaner v2.200 - Logfile created 04/05/2013 at 14:25:07
# Updated 02/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Andrew - E457FDF720CE414
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Andrew\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
***** [Registry] *****

***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Google Chrome v25.0.1364.97
File : C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
File : C:\Documents and Settings\LAND & STREAM CO\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [33103 octets] - [04/04/2013 12:44:11]
AdwCleaner[S2].txt - [1126 octets] - [05/04/2013 08:34:08]
AdwCleaner[S3].txt - [1058 octets] - [05/04/2013 14:25:07]
########## EOF - C:\AdwCleaner[S3].txt - [1118 octets] ##########


----------



## Mark1956 (May 7, 2011)

It will do no harm running the AVG tool again, I just wanted to confirm you had used it, any remaining remnants can be dealt with later. Please continue with the other scans.


----------



## Mark1956 (May 7, 2011)

Our posts crossed over, ADWCleaner has found AVG Secure Search which will will deal with later as it is not malicious. RogueKiller found a bad service, Combofix may also find it and remove it, we will see what the log shows.


----------



## mathcheck (Mar 28, 2013)

It says to disable antivirus protection before scanning?? How do I do that? Recovery Console? I don't have a Windows xp disk. This combofix looks kind of scary...I going to wait for your reply before I do anything else. All of a sudden not feeling so sure of myself.


----------



## mathcheck (Mar 28, 2013)

This is where I stand right now: I downloaded mirror #1 and have Combofix.exe on my desktop. I have printed the "How to use Combofix" pages and feel a lot better about it, but I'm concerned about the virus protection part that it refers to - turning it off. When I look at the right side of the task bar, I have a green figure with a check in the middle of it, and when I put the pointer on it, it says "pc status protected"; Also on the taskbar is a red figure shaped like a shield with an X. When I put the pointer on it, it says "Windows security alert"; When I go to Windows Security Center, it says "Virus protections off." Without knowing more about this confusion I am afraid to go ahead with the combofix procedure. I hope this helps you see where I am at this point. Meantime, I am anxious to move forward with Combofix.


----------



## Mark1956 (May 7, 2011)

Don't worry about the security center alert. To disable MSE just do this:

You can easily disable MSE by clicking on the icon in the taskbar and click on Open.
Click on Settings > In the left pane select Real-time protection.
Uncheck the box and click on Save Changes and shut the window.

Make sure you re-enable it after MSE has completed.

Combofix will install the Recovery Console in the early stages of it running, you don't need the XP disc.


----------



## mathcheck (Mar 28, 2013)

Here's what I got.
***As I look through this log I see a lot of things that have been causing me grief for a long time - things I hope I never lay eyes on again!***

ComboFix 13-04-06.01 - Andrew 04/06/2013 8:15.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.202 [GMT -7:00]
Running from: c:\documents and settings\Andrew\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Andrew\My Documents\~WRL0788.tmp
c:\documents and settings\Andrew\My Documents\~WRL3073.tmp
c:\documents and settings\Andrew\My Documents\~WRL3326.tmp
c:\documents and settings\Andrew\My Documents\~WRL3640.tmp
c:\documents and settings\Andrew\My Documents\~WRL3655.tmp
c:\windows\jestertb.dll
c:\windows\setup.exe
c:\windows\system32\Cache
c:\windows\system32\Cache\0b263e3cffdde959.fb
c:\windows\system32\Cache\18c0408b353acbe9.fb
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\2e0dda6f643c7753.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\3e61564d33128d10.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\roboot.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ALOTSERVICE
-------\Legacy_WEATHERBLINKSERVICE
-------\Service_AlotService
-------\Service_WeatherBlinkService
.
.
((((((((((((((((((((((((( Files Created from 2013-03-06 to 2013-04-06 )))))))))))))))))))))))))))))))
.
.
2013-04-06 03:35 . 2013-03-15 07:21 7108640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{76787773-BA05-4BAD-B8A9-D639161B0BCC}\mpengine.dll
2013-04-05 16:59 . 2013-04-05 16:59 177496 ----a-w- c:\windows\system32\drivers\51236355.sys
2013-04-05 16:59 . 2013-04-05 16:59 -------- d-----w- C:\TDSSKiller_Quarantine
2013-04-05 01:31 . 2013-03-15 07:21 7108640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-04 17:25 . 2013-04-04 18:24 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-04-04 17:22 . 2013-04-04 17:22 -------- d-----w- c:\program files\Tweaking.com
2013-04-03 23:16 . 2013-04-02 10:33 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-04-03 23:06 . 2013-04-03 23:07 -------- d-----w- c:\program files\Microsoft Security Client
2013-03-29 22:19 . 2013-03-29 22:19 -------- d-----w- c:\windows\Sun
2013-03-26 04:23 . 2013-03-26 04:33 -------- d-----w- C:\d608f2bb5b323a930a256af12f5c77
2013-03-25 20:05 . 2013-03-25 20:05 -------- d-----w- c:\program files\Tuguu SL
2013-03-25 17:18 . 2013-03-25 17:18 -------- d-----w- c:\program files\SearchDonkey
2013-03-25 17:17 . 2013-03-25 17:17 -------- d-----w- c:\windows\system32\config\systemprofile\AppData
2013-03-25 17:17 . 2013-03-25 17:17 -------- d-----w- c:\documents and settings\NetworkService\AppData
2013-03-25 17:17 . 2013-03-25 17:17 -------- d-----w- c:\documents and settings\LocalService\AppData
2013-03-25 17:17 . 2013-03-25 17:17 -------- d-----w- c:\documents and settings\LAND & STREAM CO\AppData
2013-03-25 17:17 . 2013-03-25 17:17 -------- d-----w- c:\documents and settings\Andrew\AppData
2013-03-12 17:56 . 2013-03-12 18:28 -------- d-----w- c:\program files\Free Download Manager
2013-03-09 23:29 . 2013-03-09 23:29 -------- d-----w- c:\documents and settings\Andrew\Local Settings\Application Data\Yahoo
2013-03-09 23:12 . 2013-03-13 15:30 -------- d-----w- c:\windows\msdownld.tmp
2013-03-07 16:19 . 2001-08-17 21:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2013-03-07 16:19 . 2001-08-17 21:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2013-03-07 16:09 . 2011-06-09 02:06 544616 ----a-w- c:\windows\system32\HPDiscoPMa011.dll
2013-03-07 16:09 . 2011-06-08 21:57 488296 ----a-w- c:\windows\system32\HPWia1_DJ3050A_J611.dll
2013-03-07 16:09 . 2011-06-08 21:57 1929576 ----a-w- c:\windows\system32\HPScanTRDrv_DJ3050A_J611.dll
2013-03-07 16:09 . 2011-06-08 21:57 429928 ----a-w- c:\windows\system32\hpinkstsa011.dll
2013-03-07 16:09 . 2011-06-08 21:57 270696 ----a-w- c:\windows\system32\hpinkstsa011LM.dll
2013-03-07 16:09 . 2011-06-08 21:57 216424 ----a-w- c:\windows\system32\hpinkcoia011.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-05 17:00 . 2004-08-03 23:07 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2013-03-17 16:51 . 2012-06-05 15:00 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-17 16:51 . 2012-06-05 15:00 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-21 19:32 . 2012-10-06 04:42 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-02-12 00:32 . 2008-04-13 18:56 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-11-21 00:04 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-08 18:21 . 2013-02-08 18:22 5259504 ----a-w- c:\windows\uninst.exe
2013-02-05 20:05 . 2004-11-21 00:04 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05 . 2004-11-21 00:04 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05 . 2004-11-21 00:04 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53 . 2004-11-21 00:04 385024 ----a-w- c:\windows\system32\html.iec
2013-01-26 03:55 . 2004-11-21 00:04 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-20 22:59 . 2013-01-20 22:59 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-07 01:16 . 2004-11-21 00:04 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36 . 2004-08-03 22:59 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn3\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{DDA5D4B3-468F-4D62-9092-75142C6169B1}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-06 5406720]
"VMConsole.exe"="c:\program files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe" [2004-06-24 557056]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-11-11 771360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
.
c:\documents and settings\Andrew\Start Menu\Programs\Startup\
FedEx Desktop.lnk - c:\program files\FedEx\FedEx Desktop\FedEx Desktop.exe [2013-3-12 142336]
Monitor Ink Alerts - HP Deskjet 3050 J610 series.lnk - c:\windows\system32\RunDll32.exe [2004-11-20 33280]
Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk - c:\windows\system32\RunDll32.exe [2004-11-20 33280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2004-10-27 23:40 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\AirPort\\APAgent.exe"=
"c:\\Program Files\\AirPort\\APUtil.exe"=
"c:\\Program Files\\Online Services\\AOL Instant Messenger Setup\\aimsetup.exe"=
"c:\\Program Files\\Sony\\vaio media 3.1\\VmpClient.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [10/5/2012 9:42 PM 33112]
R2 FastFreeConverterUpdt;FastFreeConverterUpdt;c:\program files\Fast Free Converter\FastFreeConverterUpdt.exe [11/26/2012 6:30 AM 687104]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [10/5/2012 9:42 PM 722528]
R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2/21/2013 12:34 PM 968880]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys --> c:\windows\system32\DRIVERS\avglogx.sys [?]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe /s --> c:\program files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [?]
S2 PCCUJobMgr;Common Client Job Manager Service;"c:\program files\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe" /s "PCCUJobMgr" /m "c:\program files\Norton PC Checkup\Engine\2.0.15.91\diMaster.dll" /prefetch:1 --> c:\program files\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe [?]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;"c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe" --> c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [?]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;\??\c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys --> c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 16:51]
.
2013-04-05 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-15 00:07]
.
2013-04-06 c:\windows\Tasks\At10.job
- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-09 02:06]
.
2013-04-05 c:\windows\Tasks\At11.job
- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-09 02:06]
.
2013-04-05 c:\windows\Tasks\At12.job
- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-09 02:06]
.
2013-04-06 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-15 00:07]
.
2013-04-05 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-15 00:07]
.
2013-04-05 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-15 00:07]
.
2013-04-05 c:\windows\Tasks\At5.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-15 00:07]
.
2013-04-06 c:\windows\Tasks\At6.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-15 00:07]
.
2013-04-06 c:\windows\Tasks\At7.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-15 00:07]
.
2013-04-05 c:\windows\Tasks\At8.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-15 00:07]
.
2013-04-05 c:\windows\Tasks\At9.job
- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-09 02:06]
.
2013-04-06 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 18:11]
.
2008-12-17 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-11-21 00:12]
.
2008-12-17 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-11-21 00:12]
.
2008-12-17 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-11-21 00:12]
.
2013-04-06 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2012-07-06 20:52]
.
2013-04-06 c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-07-06 20:52]
.
2012-07-14 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-07-06 20:52]
.
2013-04-06 c:\windows\Tasks\User_Feed_Synchronization-{338A9EA3-733C-4378-9B99-3D24E7CBD95A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=79
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.1.1
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - (no file)
Toolbar-Locked - (no file)
Toolbar-{A531D99C-5A22-449b-83DA-872725C6D0ED} - (no file)
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
HKLM-Run-WeatherBlink Search Scope Monitor - c:\progra~1\WEATHE~2\bar\1.bin\gcsrchmn.exe
HKLM_ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
AddRemove-alotAppbar - c:\program files\alotappbar\alotUninst.exe
AddRemove-CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003 - c:\program files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003\HXFSETUP.EXE -U -IHDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_20030003
AddRemove-Google Chrome - c:\program files\Google\Chrome\Application\25.0.1364.97\Installer\setup.exe
AddRemove-MoodLogic - c:\windows\ml-uninstall-v10.exe
AddRemove-Norton PC Checkup_is1 - c:\documents and settings\All Users\Application Data\Norton\PC Checkup\unins000.exe
AddRemove-NortonPCCheckup - c:\program files\NortonInstaller\{170fa89a-6886-4c9e-b17b-12bccdd80788}\NortonPCCheckup\LicenseType\2.0.15.91\InstStub.exe
AddRemove-PC TuneUp Maestro - c:\program files\CompuClever\PC TuneUp Maestro\uninstall.exe
AddRemove-Supreme Savings - c:\program files\Supreme Savings\Uninstall.exe
AddRemove-{3CBF3EBB-235D-4c29-A68B-2BB1F428586E} - c:\program files\ParetoLogic\PCHA\uninstall.exe
AddRemove-{604CD5A1-4520-4844-B064-A3D884B77E91} - c:\program files\SpeedyPC Software\SpeedyPC\uninstall.exe
AddRemove-{EF4F8650-7710-4CA0-831D-4AA9C1CF6D87} - c:\program files\SpeedMaxPc\SpeedMaxPc\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-06 09:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.15.91\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(824)
c:\windows\system32\VESWinlogon.dll
.
- - - - - - - > 'explorer.exe'(1968)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\System32\snmp.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Sony\VAIO Media Integrated Server\VMISrv.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\igfxext.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2013-04-06 09:06:41 - machine was rebooted
ComboFix-quarantined-files.txt 2013-04-06 16:06
.
Pre-Run: 55,955,873,792 bytes free
Post-Run: 56,053,567,488 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /PAE
.
- - End Of File - - D750B38D0ECD6DE1ACDC76B38C7B1050


----------



## Mark1956 (May 7, 2011)

We now need to run Combofix again using the instructions below.

First I would like you to check in Add/Remove Programs and uninstall any of these that may still be there. 
Ignore any that are not visible but please tell of any that you *DO* find that will not uninstall.

ALOT Appbar
Coupon Printer for Windows
Norton PC Checkup
PC TuneUp Maestro
SpeedMaxPc
SpeedyPC Pro
Supreme Savings
WeatherBlink Toolbar

We are now going to run ComboFix a different way.

Open Notepad by clicking







> *Run...* and in the open box type: *Notepad.exe*
Press Ok, then copy and paste everything in the *code box* below into it.
_-- Note: Make sure Word Wrap is *unchecked* in Notepad by clicking on *Format* in the top menu._


```
KillAll::

File::
c:\windows\system32\drivers\avgtpx86.sys
c:\windows\system32\DRIVERS\avglogx.sys
c:\windows\Tasks\SpeedyPC Registration3.job
c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job
c:\windows\Tasks\SpeedyPC Update Version3.job

Driver::
avgtp
vToolbarUpdater12.2.6
vToolbarUpdater14.2.0
Avglogx
Norton PC Checkup Application Launcher
PCCUJobMgr
TuneUp.UtilitiesSvc
TuneUpUtilitiesDrv

DDS::



Folder::
c:\program files\Common Files\AVG Secure Search
c:\program files\Norton PC Checkup 3.0
c:\program files\Norton PC Checkup
c:\program files\AVG
c:\program files\Common Files\SpeedyPC Software

ClearJavaCache::

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PCCUJobMgr]

Reboot::
```

Save the file as *CFScript.txt* by choosing _Save As..._ in the File Menu, and save it to your Desktop where the ComboFix icon is also located.
Close your browser and* disconnect* from the Internet.
Now use your mouse to *drag*, then *drop* the CFScript.txt file on top of ComboFix.exe as seen in the image below.









This will start ComboFix again and launch the script.
ComboFix may reboot your system when it finishes. This is normal.
A log will be created just as before and saved to C:\ComboFix.txt. Please copy and paste the contents of *ComboFix.txt* in your next reply.
Be sure to *re-enable* your anti-virus and other security programs *after* the scan is complete.
NOTE: if you see a message like this when you attempt to open anything after the reboot *"Illegal Operation attempted on a registry key that has been marked for deletion"* please reboot the system again and the warning should not return.
======================================================================

After this has been done we will be moving on to deal with any of the items that would not uninstall, replacing the missing services and fixing the file associations.


----------



## mathcheck (Mar 28, 2013)

Ok, I went through Add/Remove programs and found Coupon Printer for Windows and uninstalled it. Nothing else on your list was there... Incidentally Boujour and something called Search Donkey is in there. Also, that APagent thing still shows up after re-booting. One more thing: lately when I search for something on the internet I get this annoying Hotstartsearch.com that goes in front of yahoo, everytime. I just thought I might mention this....

I did all the other things you asked me to do, and here is the log. You mentioned turning off and on my virus and *Other security Programs*. The only one I have is MSE.?

ComboFix 13-04-06.01 - Andrew 04/07/2013 8:55.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.231 [GMT -7:00]
Running from: c:\documents and settings\Andrew\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Andrew\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\windows\system32\DRIVERS\avglogx.sys"
"c:\windows\system32\drivers\avgtpx86.sys"
"c:\windows\Tasks\SpeedyPC Registration3.job"
"c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job"
"c:\windows\Tasks\SpeedyPC Update Version3.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\AVG Secure Search
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
c:\program files\Common Files\SpeedyPC Software
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\ad_generic.jpg
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\close.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\close_md.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\close_mo.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\close_pu.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\close_pu_md.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\close_pu_mo.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\Logo.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\min.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\min_md.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\min_mo.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\progress_glow.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\topbar_gradient.png
c:\program files\Common Files\SpeedyPC Software\UUS3\LiteUnzip.dll
c:\program files\Common Files\SpeedyPC Software\UUS3\settings.xml
c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe
c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll
c:\windows\jestertb.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AVGLOGX
-------\Legacy_AVGTP
-------\Legacy_NORTON_PC_CHECKUP_APPLICATION_LAUNCHER
-------\Legacy_PCCUJOBMGR
-------\Legacy_TUNEUP.UTILITIESSVC
-------\Legacy_TUNEUPUTILITIESDRV
-------\Legacy_VTOOLBARUPDATER12.2.6
-------\Legacy_VTOOLBARUPDATER14.2.0
-------\Service_Avglogx
-------\Service_avgtp
-------\Service_Norton PC Checkup Application Launcher
-------\Service_PCCUJobMgr
-------\Service_TuneUp.UtilitiesSvc
-------\Service_TuneUpUtilitiesDrv
-------\Service_vToolbarUpdater12.2.6
-------\Service_vToolbarUpdater14.2.0
.
.
((((((((((((((((((((((((( Files Created from 2013-03-07 to 2013-04-07 )))))))))))))))))))))))))))))))
.
.
2013-04-07 14:30 . 2013-03-15 07:21 7108640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE899AA6-3416-44DF-BF5A-6F53705E5C9C}\mpengine.dll
2013-04-06 16:25 . 2013-03-15 07:21 7108640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-05 16:59 . 2013-04-05 16:59 177496 ----a-w- c:\windows\system32\drivers\51236355.sys
2013-04-05 16:59 . 2013-04-05 16:59 -------- d-----w- C:\TDSSKiller_Quarantine
2013-04-04 17:25 . 2013-04-04 18:24 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-04-04 17:22 . 2013-04-04 17:22 -------- d-----w- c:\program files\Tweaking.com
2013-04-03 23:16 . 2013-04-02 10:33 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-04-03 23:06 . 2013-04-03 23:07 -------- d-----w- c:\program files\Microsoft Security Client
2013-03-29 22:19 . 2013-03-29 22:19 -------- d-----w- c:\windows\Sun
2013-03-26 04:23 . 2013-03-26 04:33 -------- d-----w- C:\d608f2bb5b323a930a256af12f5c77
2013-03-25 20:05 . 2013-03-25 20:05 -------- d-----w- c:\program files\Tuguu SL
2013-03-25 17:18 . 2013-03-25 17:18 -------- d-----w- c:\program files\SearchDonkey
2013-03-25 17:17 . 2013-03-25 17:17 -------- d-----w- c:\windows\system32\config\systemprofile\AppData
2013-03-25 17:17 . 2013-03-25 17:17 -------- d-----w- c:\documents and settings\NetworkService\AppData
2013-03-25 17:17 . 2013-03-25 17:17 -------- d-----w- c:\documents and settings\LocalService\AppData
2013-03-25 17:17 . 2013-03-25 17:17 -------- d-----w- c:\documents and settings\LAND & STREAM CO\AppData
2013-03-25 17:17 . 2013-03-25 17:17 -------- d-----w- c:\documents and settings\Andrew\AppData
2013-03-12 17:56 . 2013-03-12 18:28 -------- d-----w- c:\program files\Free Download Manager
2013-03-09 23:29 . 2013-03-09 23:29 -------- d-----w- c:\documents and settings\Andrew\Local Settings\Application Data\Yahoo
2013-03-09 23:12 . 2013-03-13 15:30 -------- d-----w- c:\windows\msdownld.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-05 17:00 . 2004-08-03 23:07 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2013-02-21 19:32 . 2012-10-06 04:42 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-02-12 00:32 . 2008-04-13 18:56 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-11-21 00:04 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-08 18:21 . 2013-02-08 18:22 5259504 ----a-w- c:\windows\uninst.exe
2013-02-05 20:05 . 2004-11-21 00:04 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05 . 2004-11-21 00:04 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05 . 2004-11-21 00:04 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53 . 2004-11-21 00:04 385024 ----a-w- c:\windows\system32\html.iec
2013-01-26 03:55 . 2004-11-21 00:04 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-20 22:59 . 2013-01-20 22:59 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn3\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{DDA5D4B3-468F-4D62-9092-75142C6169B1}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-06 5406720]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-11-11 771360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
.
c:\documents and settings\Andrew\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Deskjet 3050 J610 series.lnk - c:\windows\system32\RunDll32.exe [2004-11-20 33280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2004-10-27 23:40 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\AirPort\\APAgent.exe"=
"c:\\Program Files\\AirPort\\APUtil.exe"=
"c:\\Program Files\\Online Services\\AOL Instant Messenger Setup\\aimsetup.exe"=
"c:\\Program Files\\Sony\\vaio media 3.1\\VmpClient.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour
.
R2 FastFreeConverterUpdt;FastFreeConverterUpdt;c:\program files\Fast Free Converter\FastFreeConverterUpdt.exe [11/26/2012 6:30 AM 687104]
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-06 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-15 00:07]
.
2013-04-07 c:\windows\Tasks\At10.job
- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-09 02:06]
.
2013-04-05 c:\windows\Tasks\At11.job
- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-09 02:06]
.
2013-04-06 c:\windows\Tasks\At12.job
- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-09 02:06]
.
2013-04-07 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-15 00:07]
.
2013-04-06 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-15 00:07]
.
2013-04-06 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-15 00:07]
.
2013-04-06 c:\windows\Tasks\At5.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-15 00:07]
.
2013-04-07 c:\windows\Tasks\At6.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-15 00:07]
.
2013-04-07 c:\windows\Tasks\At7.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-15 00:07]
.
2013-04-06 c:\windows\Tasks\At8.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-15 00:07]
.
2013-04-06 c:\windows\Tasks\At9.job
- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-09 02:06]
.
2013-04-07 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 18:11]
.
2008-12-17 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-11-21 00:12]
.
2008-12-17 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-11-21 00:12]
.
2008-12-17 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-11-21 00:12]
.
2013-04-07 c:\windows\Tasks\User_Feed_Synchronization-{338A9EA3-733C-4378-9B99-3D24E7CBD95A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
2013-04-07 c:\windows\Tasks\User_Feed_Synchronization-{6658E6C8-7180-43A7-851B-F41F858CBE3B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=79
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-07 09:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\VESWinlogon.dll
.
- - - - - - - > 'explorer.exe'(1488)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\System32\snmp.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2013-04-07 09:19:12 - machine was rebooted
ComboFix-quarantined-files.txt 2013-04-07 16:19
ComboFix2.txt 2013-04-06 16:06
.
Pre-Run: 55,925,854,208 bytes free
Post-Run: 56,052,011,008 bytes free
.
- - End Of File - - B3D2DBCB9CF08705D6E6E5E3087CE0B7


----------



## Mark1956 (May 7, 2011)

Ok, the Combofix log is looking good and all the deletions appear to have worked ok.

In answer to your queries, Bonjour is related to iTunes and is legitimate software.

Search Donkey is a legitimate Search Engine, if you don't use it uninstall it.

APagent is related to a flight simulator program which I believe you have installed.

Hotstartsearch we will have to search for and remove as I believe it is Adware. Please also run ADWCleaner again with the Delete button and post the log.

Please download *SystemLook* from the following link below and save it to your Desktop.


*SystemLook (32-bit)*


Double-click *SystemLook.exe* to run it.
_*Vista*/*Windows 7* users right-click and select Run As Administrator_.
Copy and paste everything in the codebox below into the main textfield:

```
:filefind
*Hotstartsearch*
:folderfind
*Hotstartsearch*
:reg
Hotstartsearch
```

Click the Look button to start the scan.
When finished, a Notepad window will open SystemLook.txt with the results of the search and save a copy on your Desktop.
Please copy and paste the contents of that log in your next reply.


----------



## mathcheck (Mar 28, 2013)

Another thing you might want to know: Before the really major meltdown, Google quit altogether. No access, couldn't download it or anything. I tried uninstalling it and re-trying it - nothing worked. So I gave up. I use gmail and yahoo mail for my three email addressed. In gmail, It tells me that I am using an outdated version of Internet Explorer and I should get a more modern browser. I have been clicking "dismiss" and I goes away. I don't know what this is all about. Here are the two logs you asked for:

# AdwCleaner v2.200 - Logfile created 04/07/2013 at 13:18:38
# Updated 02/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Andrew - E457FDF720CE414
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Andrew\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Google Chrome v25.0.1364.97
File : C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
File : C:\Documents and Settings\LAND & STREAM CO\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [33103 octets] - [04/04/2013 12:44:11]
AdwCleaner[S2].txt - [1126 octets] - [05/04/2013 08:34:08]
AdwCleaner[S3].txt - [1187 octets] - [05/04/2013 14:25:07]
AdwCleaner[S4].txt - [1049 octets] - [07/04/2013 13:18:38]
########## EOF - C:\AdwCleaner[S4].txt - [1109 octets] ##########

SystemLook 30.07.11 by jpshortstuff
Log created at 13:33 on 07/04/2013 by Andrew
Administrator - Elevation successful
========== filefind ==========
Searching for "*Hotstartsearch*"
No files found.
========== folderfind ==========
Searching for "*Hotstartsearch*"
No folders found.
========== reg ==========
[Hotstartsearch]
Hive unrecognized.
-= EOF =-


----------



## mathcheck (Mar 28, 2013)

*Something new - *
I have two user accounts on this computer, one I use regularly and the other once in a while. When I went into the other account it said that IE had been upgraded - everything is new and fresh. It has a Google toolbar and access to Google, and it works. When I right-click on the IE icon in on the left side of the task bar, then Properties, I get "Launch IE Browser Properties", then I click "general"
and it say that it was created, modified, and accessed *today*, all at the same time. Also the Task Manager appears to work fine.
When I switch back to the other account(the one we've been dealing with) and go to "Launch IE Properties", General, I see Created 2008, Modified March 2013, and Accessed today. Also, the Task Manager does *not* work, and I have to log off that account for things to work.


----------



## Mark1956 (May 7, 2011)

Ok, I think at this point we should repair the missing services as it may help things run a bit smoother, please run RKill again and post the new log.


----------



## mathcheck (Mar 28, 2013)

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 04/08/2013 07:46:05 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity: 
* Alerter [Missing Service]
* lanmanworkstation [Missing Service]
* NtLmSsp [Missing Service]
* RpcLocator [Missing Service]
* NetBIOS [Missing Service]
* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]
Searching for Missing Digital Signatures: 
* No issues found.
Checking HOSTS File: 
* HOSTS file entries found: 
127.0.0.1 localhost
Program finished at: 04/08/2013 07:47:03 AM
Execution time: 0 hours(s), 0 minute(s), and 57 seconds(s)


----------



## Mark1956 (May 7, 2011)

I have attached a zip file with all the service fixes. Download it to your desktop and the extract the contents, there are six .reg files. Double left click on each one in turn and allow them to merge with the registry.

When done reboot the system and run Rkill again and post the log to make sure all is well. See if there is any improvement in the way the system is running.


----------



## mathcheck (Mar 28, 2013)

Here is the log. I will reboot again and look around for things. Everthing is running *much* faster. When I rebooted after running Rkill, that APAgent.exe is still there, and lots of ads keep coming up.

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 04/08/2013 12:14:55 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity: 
* No issues found.
Searching for Missing Digital Signatures: 
* No issues found.
Checking HOSTS File: 
* HOSTS file entries found: 
127.0.0.1 localhost
Program finished at: 04/08/2013 12:15:28 PM
Execution time: 0 hours(s), 0 minute(s), and 32 seconds(s)


----------



## Mark1956 (May 7, 2011)

Which browser is showing the pop ups?

We need to do a search for APAgent.exe to find what it is related to.

Run SystemLook again and then copy the text in the code box into it and run it, post back the results.


```
:filefind
*APAgent*
:folderfind
*APAgent*
:reg
APAgent
```


----------



## throoper (Jan 20, 2007)

Mark1956 said:


> We need to do a search for APAgent.exe to find what it is related to.


It's part of the Airport program that is in the OP's installed programs list.
Uninstall Airport and it should get rid of it.


----------



## mathcheck (Mar 28, 2013)

I don't think I know how to say this right: My internet service is running off of a router with Airport Extreme(fifth generation) with an Airport Express booster. When this booster was added(some time ago), it was a hassle to get my computer to run. After consulting with the Apple people(special Apple people over the phone), I downloaded and installed some software and have been able to run - it is slow and often I get kicked off. Much of the time I can't tell if problems are inside my computer or a result of the internet connection via all this Apple Airport stuff. It has to do with that. ?
About the pop ups: I am not sure I understand your question. I have been using IE the whole time, if I understand what you mean. Right now I am looking at one stretched across the bottom of my screen; it is one of the same ones that keeps popping up over and over.

SystemLook 30.07.11 by jpshortstuff
Log created at 16:25 on 08/04/2013 by Andrew
Administrator - Elevation successful
========== filefind ==========
Searching for "*APAgent*"
C:\Program Files\AirPort\APAgent.exe --a---- 771360 bytes [23:17 11/11/2009] [23:17 11/11/2009] 1C86D0C84FF3870A3E13808B853C040A
C:\WINDOWS\Prefetch\APAGENT.EXE-1586BE5C.pf --a---- 2978 bytes [03:32 07/04/2013] [22:00 08/04/2013] 17D7552A026250421AC2BA169DF17F67
========== folderfind ==========
Searching for "*APAgent*"
No folders found.
========== reg ==========
[APAgent]
Hive unrecognized.
-= EOF =-


----------



## Mark1956 (May 7, 2011)

I have no knowledge of the Airport software, may be Throoper can give some advice on that.

As for the continuing pop ups on IE, try running it with no Add-ons and see if that stops them.

Follow the instructions in this guide for IE: How to run Firefox and Internet Explorer with no add-ons


----------



## mathcheck (Mar 28, 2013)

I clicked on the "How to run IE with no add-ons" file and followed the instructions exactly: Start>Run>type: *iexplore -extoff*, ok, and get "Windows can not find iexplore. I then searched for iexplore and found lots of iexplore files. ?
I don't know whether this matters: I went into yahoo Mail and chose *opt-out* in ads settings, but I'm still getting lots of pop ups. Should I do the same thing in Gmail? I don't know. I'm at a loss here. I just don't want any ads.


----------



## Mark1956 (May 7, 2011)

Ok, please try this alternative method to disable Add-ons in IE and let me know if the pop ups stop in IE only.

Close all browsers.
Click on Start > All Programs > Accessories > System Tools > Look down the list and you should find Internet Explorer (No Add-ons) click on it and IE should open, run it for a while and see if any pop ups occur.


----------



## mathcheck (Mar 28, 2013)

I followed the instructions and got this: "Internet Explorer is currently running without add-ons. All IE add-ons such as ActiveX controls or toolbars are turned off. Some webpages might not display correctly. To continue using your homepage....


----------



## throoper (Jan 20, 2007)

Simplest solution to the problem with APAgent would be to get a different router so you aren't using Apple software, but since you shelled out around $200 for it, I'm guessing you'd rather have another option. 
Assuming you haven't uninstalled Bonjour, go into the Control Panel>Add/Remove and select bonjour.
Click Change/Remove and select Repair. You may have to insert your Airport install disc.
If the repair doesn't work, uninstall Bonjour and reinstall from the Apple store (be sure to download the latest Bonjour for Windows).

I can't be too much help on this as I've never tried repairing Bonjour. I've only eradicated it as an unwanted nuisance.


----------



## Mark1956 (May 7, 2011)

As for running IE without Add-ons the message you got is normal, did it run without any pop ups showing?


----------



## mathcheck (Mar 28, 2013)

Mark1956 - No the add-ons are still there. "Opt-out" in *ad settings* doesn't seem to be doing much. I think I got one ad to stop by clicking on a little T at the bottom. It sent me to a screen the let me uninstall it. It was called "Fast Free Converter". There are other ads with "ad choices" in the corner. When I click on that it sends me into a place where it tells all about ads, but not how to remove it. I don't know what this opt-out is doing: I'm getting ads from Western Union, dating, etc. It is better, but far from gone. Last time I checked my email in Yahoo, about a third of the screen was blanketed with pictures of available women over 50, and I don't subscribe to anything or visit sites like that.

Throoper - I tried to repair bonjour and it says "The feature you are trying to use is on a network resource that is unavailable." Also, I tried to remove it, but it won't. I don't have a disk for Airport Utility. I downloaded it from the web, and I don't remember the procedure, but I do recall that it was quite simple. I have Airport Utility in "All Programs", but when I try to run it I get "This application has failed to start because dnssd.dll was not found - Reinstalling the program may fix this problem." I just looked for Airport Utility for windows, and there are a bunch to choose from. ?


----------



## throoper (Jan 20, 2007)

This looks to be the latest version of Airport utilities for Windows that's compatible with xp.
http://support.apple.com/kb/dl1391
Not sure, but I think you need to uninstall your current version before installing a newer one.

I wonder if you even need to have it. It doesn't appear to be starting because you're missing the Bonjour files.


----------



## mathcheck (Mar 28, 2013)

*Mark1956* - It looks like the pop up ads have been stopped in both yahoo and gmail. I think those last ones were enabled by the settings in Yahoo Mail and Gmail that allowed them to keep showing up after you cleared out all the other bad stuff. The computer is running much faster, better than I can remember - thank you for all of your help and patience.
In Gmail, I am still told that I need a more modern browser, but when I try to upgrade to a newer version IE tells me that I already am running the latest version. ? Also, that version that was temporarily running in my other user account was definitely an upgrade. I am confused by what happened. It was there running everything the way it should, with new upgraded features. Task manager was working, Google was there, and then it disappeared.

*Throoper *- I downloaded and replaced Airport Utility with the latest version, but it won't run. I don't know what to do. Somebody here thinks that bonjour might have something to do with a wireless connection to a printer, but I can't confirm that. There are two printers that are set up in this computer, one is my personal printer that I am wired to directly, and the other is a wireless connection to a printer that I set up but have never used. I think this whole bonjour problem has something to do with that. I feel stuck. I can't get rid of bonjour, and I can't run Airport Utility. I really just want to clean this up and eliminate that message when I start up.


----------



## Mark1956 (May 7, 2011)

Glad to hear the pop ups have stopped, but it is a bit odd the way things have gone. You have IE 8 which is as high as you can go with XP, versions above IE8 are not compatible with XP. As for the Gmal issue all you can do to stop the pop up telling you to use a more modern browser is to change to Firefox or Google Chrome.

Other than that and the problem Throoper is helping you with is everything else ok?


----------



## throoper (Jan 20, 2007)

Since Airport Utilities doesn't run without Bonjour and it sounds like you don't need or use the Bonjour service, I would just uninstall the Utilities program.
I didn't see an entry for it in your installed programs list in Add/Remove (if it IS there, use that to uninstall it).
Otherwise, there should be an uninstaller for it in Start>Programs>Airport Utilities.


----------



## mathcheck (Mar 28, 2013)

I removed Airport Utility and the APAgent error message has not shown up again. It appears that maybe I don't need Airtport Utility after all, although I have doubts. I needed it before. ? Bonjour still won't go away, but I did find out that it is directly related to Airport/extreme and the associated printer. The error message is gone and that is good.
The reception I am getting from this Airport Exteme/Express set up is slow and inconsistent. Another computer(Apple) was just set up, about ten feet from me, and is running on the same Airport Extreme/Express as I am. It is running good and fast just like it should, while am plugging along significantly slower. This is not new. Until now I have just accepted it. I am hoping there is some place in TSG where someone familiar with this type of situation might offer some assistance to me. I welcome any ideas you might have. Now that the other problems have been dealt with this issue has become isolated and is more recognizable.

I am still at a loss about IE and task manager problems that I mentioned before.


----------



## throoper (Jan 20, 2007)

Mathcheck: I think you might get help with the router and the Apple software in the Networking forum.
Start a new thread there and link back to this thread so they can check what you've been doing so far.

I'm glad to see you got rid of the APAgent error. I don't see where you would need the Utilities program.
My understanding of it is it's just a manager for peripherals on the network. I would think Windows would be capable of doing that without the Apple software ( I also question the need for the entire Airport program). I'm sure someone in the Networking forum could advise you better on that.


----------



## mathcheck (Mar 28, 2013)

Throoper - Ok great, I'll try to put together a thread and do just what you suggested. I really want to believe that there is something out there that can make this faster. Sometimes it goes fast like it should, but most of the time I am waiting. It's really nice to have a that other junk cleaned out. However, I am wary of downloading anything in fear of inviting in unwanted things like I had before. That includes trying to upgrade IE, and getting my system completely up to date. How do you really know. Thanks for all your valuable help.


----------



## Mark1956 (May 7, 2011)

We need to do a quick check on your security and clean up the tools used before finishing up here.

Download Security Check by screen317 from Here or Here.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please Copy & Paste the contents of that document into your next reply.

To uninstall ComboFix, press the *WINKEY + R* keys on your keyboard or click







> *Run... *and in the Open dialog box, type: *ComboFix /Uninstall*











Press *OK*.
*-- Vista/Windows 7* users refer to these instructions.
If you encounter any problems using the switch from the Run dialog box, just rename ComboFix.exe to *Uninstall.exe*, then double-click on it to remove.
This will delete ComboFix's related folders/files, reset the clock settings, hide file extensions/system files, clear the System Restore cache to prevent possible reinfection and *create a new Restore point.*
When it has finished you will see a dialog box stating that _"ComboFix has been uninstalled". _
After that, you can delete the ComboFix.exe program from your computer (Desktop).


*Next*
Run OTM and click on the Cleanup button.
Restart your computer when prompted.

-- Doing this will *remove* any specialized tools downloaded and used. If OTM does not delete itself, then delete the file manually when done.
-- Any leftover folders/files related to ComboFix or other tools which OTC did not remove can be deleted manually (right-click on it and choose delete).

Please post back when this is complete and let me know if you have had any problems.


----------



## mathcheck (Mar 28, 2013)

When I pressed Winkey + R and got the open: box, I typed *Combofix/uninstall* and got "Windows cannot find Combofix/uninstall." From the instructions, I am not sure what to do next.

Results of screen317's Security Check version 0.99.62 
Windows XP Service Pack 3 x86 
Internet Explorer 8 
*``````````````Antivirus/Firewall Check:``````````````* 
Windows Firewall Enabled! 
AVG PC TuneUp 
AVG PC TuneUp Language Pack (en-US) 
SonicStage Mastering Studio Audio Filter Custom Preset 
Microsoft Security Essentials 
*`````````Anti-malware/Other Utilities Check:`````````* 
AVG PC TuneUp 
AVG PC TuneUp Language Pack (en-US) 
Adobe Reader XI 
*````````Process Check: objlist.exe by Laurent````````* 
Microsoft Security Essentials MSMpEng.exe 
Microsoft Security Essentials msseces.exe 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive C:: 2% 
*````````````````````End of Log``````````````````````*


----------



## Mark1956 (May 7, 2011)

Did you type in Combofix /uninstall without a space before the forward slash? If so try it again with the space.

Security Check shows you still have AVG PC TuneUp, I thought you uninstalled that earlier, if not please do so as the program and its language pack are not required.


----------



## mathcheck (Mar 28, 2013)

There is no sign of AVG in All Programs or Add or Remove Programs.?
When I retried Combofix /uninstall it started running, asked if I wanted an updated version, told me to deactivate antivirus protection. I said no to the updated version and it kept running. I exited at the next convenient opportunity. There was no indication that anything was being uninstalled.?


----------



## Mark1956 (May 7, 2011)

Please start the Combofix uninstall again and allow it to finish uninterrupted, when it offers an updated version answer yes and allow it to continue to completion, you should soon get a message that the uninstall has completed.

Security Check must be picking up a remnant of AVG PC TuneUp so you can leave that as is, remnants of the program will do no harm.


----------



## mathcheck (Mar 28, 2013)

Combofix is uninstalled - it disappeared from my desktop all by itself. I am sorry, but what is OTM?


----------



## Mark1956 (May 7, 2011)

My mistake, I thought we had used OTM, but on checking I see we didn't. Please follow this below to use OTC to clear out the tools used.


*Next*
Download *OTC* by OldTimer and save it to your *desktop.*
Double click







icon to start the program. 
If you are using Vista or Windows 7, please right-click and choose *Run as Administrator*
Then Click the big







button.
You will get a prompt saying "_Begin Cleanup Process_". Please select *Yes*.
Restart your computer when prompted.

-- Doing this will *remove* any specialized tools downloaded and used. If OTC does not delete itself, then delete the file manually when done.
-- Any leftover folders/files related to ComboFix or other tools which OTC did not remove can be deleted manually (right-click on it and choose delete).


----------



## mathcheck (Mar 28, 2013)

Ok, that is done. It did leave a number of things behind, and I am wondering if I should keep some of them: like adwcleaner, Rkill, Security check, Sysinfo in case I detect problems in the future. This makes me wonder what should I expect in the future as far as staying safe. Right now I am concerned everytime I make a move that involves something new with the internet. I want to try to get my Internet Explorer situation fixed and completely up to date, including Task Manager - that doesn't work - but I am afraid to follow instructions from sources I know nothing about that involve downloading files from the internet and changing things. Maybe I'm being paranoid. This is important because I don't want to end up like I was before, and I do not have the insite to know when I might be getting into trouble with this. This whole process that you (Throoper included) have taken me through has been enlightening and extremely educational, and I know I don't want to continue stumbling around blindly hoping and praying that something terrible doesn't happen whenever I encounter a problem and try to fix it, or want to make an improvement.


----------



## Mark1956 (May 7, 2011)

ADWCleaner is a good tool to run on a regular basis to keep your system free of Adware, but RKill should really be used with the guidance of a Malware expert as it may produce information that you cannot interpret. The other tools can be kept if you wish, but with all the tools be aware that updated versions are released on a regular basis, especially with respect to ADWCleaner which is updated frequently, so you should always check you have the most up to date version in order to get the most accurate results.

As for your remaining problems I would suggest you start a new thread in the XP forum where all helpers can give assistance, I will now rap this one up and mark it as solved and leave you with some security advice. You can post back here if you have any remaining questions in respect of Malware issues.

There are many places where you will find security advice, but most are biased towards a particular item of software that they are trying to promote. I have given some unbiased advice below that should help keep you better protected. Unfortunately there is no "best protection", new Malware is being produced every minute of the day so it is a cat & mouse game for all security software vendors to keep up with the latest infections.

It has always been the case that what one Anti Virus program will detect another one will miss and vice versa. That being said, never be tempted to install more than one Anti Virus program thinking that will give you better protection as in fact the reverse is true. Two or more AV programs will (in most cases) conflict with each other, slow your system down and actually reduce your security level. Don't assume that your present Anti Virus is no good on the grounds that you got infected, if I have seen you are using a poor Anti Virus I will have advised you earlier in the thread. There are a lot of nasty infections out there waiting to jump onto a PC and with some of the newest infections there is very little that will block them. Fortunately there are those who dedicate their spare time, for little reward, in making the tools we use here to remove these infections. It is those people that we have to thank as without them a reinstall would often be the only way out.

*Some additional security measures.*
If your present security software does not include a third party Firewall or AntiSpyware.

Go Here for a selection of third party Firewalls.

Go Here or Here for Anti Spyware.

Malwarebytes free version (which you may have used during this thread) is worth having for regular scans of your system, always check for updates before using it. If you can afford the Malwarebytes Pro version it will provide even better protection with a full time active scanner. Never have more than one active anti virus, anti spyware or firewall running on your system as it can cause conflicts and slow down the PC. You can safely run the Pro version of *Malwarebytes* with any Anti Virus software.

WOT (Web OF Trust) Will warn you (in most cases) about dangerous web sites. (This is only available for use with Internet Explorer).

Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Attacks exploiting vulnerable programs and plug-ins are rarely blocked by traditional anti-virus and are therefore increasingly "popular"among criminals.

WinPatrol is a useful facility to have. *WinPatrol* takes snapshots of your critical system resources and alerts you to any changes that may occur without your knowledge. It can also be used to control all your *start up* programs.

Finally, make sure that Windows Update is turned on as many updates are to fix newly discovered security holes in the Windows Operating System. You should also make sure that any Java or Adobe products are kept up to date and any old versions are uninstalled. Never use Registry Cleaners as they can and do damage the systems registry and stay well clear of P2P file sharing sites as these are one of the best places to get your PC infected.


----------



## mathcheck (Mar 28, 2013)

Mark1956,Throoper, Phantom010 - Thank you, much gratitude here.


----------



## Mark1956 (May 7, 2011)

You're most welcome.


----------

