# Redirects wont stop ..please help



## cherdon (Feb 10, 2009)

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Intel Pentium III Xeon processor, x86 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 2038 Mb
Graphics Card: Intel(R) G33/G31 Express Chipset Family, 384 Mb
Hard Drives: C: Total - 305234 MB, Free - 265305 MB;
Motherboard: ASRock, G31M-S.
Antivirus: AVG AntiVirus 2015, Updated: Yes, On-Demand Scanner: Enabled

I just finished doing a scan which showed a few problems which it say it cleaned..then all of a sudden i happen to look up and there must have been 20 tabs at the top all redirects..i checked add/remove programs which i see something called health alert which i tried to remove and avg popped up and said it removed it but its still there...something fishy is going on..hope u can help me get rid of this..thanks


----------



## BrianDrab (Oct 22, 2014)

Hi. My name is *Brian*, and I would be happy to look into your issue.

I am currently in training and my posts will need to be reviewed by an expert, so *expect a slight delay* between posts.

*- General Instructions -*


*Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.*
I would advise *printing any instructions* for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
Any fixes provided by myself are for *this log file only* and should not be used on any other systems.
*Do not run* any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
Please feel free to ask any questions, *especially *if you are having problems with my instructions.

*- Save ALL Tools to your Desktop-*

All tools that I have you download should be placed on the *desktop *unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.







Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.







Choose *Settings*. at the bottom of the screen click the
"*Show advanced settings...*" link. Scroll down to find the Downloads section and click the *Change... *button. Select your desktop and click OK.







Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser.







Choose *Options*. In the downloads section, click the *Browse *button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.







Internet Explorer - Click the Tools menu in the upper right-corner of the browser.







Select *View downloads*. Select the *Options *link in the lower left of the window. Click Browse and
select the Desktop and then choose the *Select Folder *button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

*- Finally Before We Start-*

Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. *I strongly recommend you backup your personal files and folders*. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Let's see if we can get you some logs and help you out.

Step#6 - Fresh Set of Logs Needed

1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
* Note*: You need to run the 32-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click *Yes* to disclaimer.
3. Note: Ensure that the Addition.txt check box is checked at the bottom of the form within the Optional Scan area.
4. Press *Scan* button.
5. It will produce a log called *FRST.txt* in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. The first time the tool is run it generates another log (*Addition.txt* - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.


----------



## cherdon (Feb 10, 2009)

Hi Brian

I deleted that AVG 2015 along with Malwarebytes and all of a sudden I haven't had any problems with redirects. How weird is that because everytime I did a scan with AVG it would point out the redirects, say it fixed it but yet all my tabs across the top were redirects. No way am I downloading AVG again and as far as Malwarebytes, I just downloaded that and it says my trial period ended. Arghhhhhh so knock on wood I think I solved the problem. Thank you anyways


----------



## BrianDrab (Oct 22, 2014)

Thank you for letting us know. I felt it necessary to at least caution you with the following.

*Windows XP has reached End of Life*
You likely are already aware of this but I feel it is necessary to mention it. Windows XP has reached end of life. What this means is that Microsoft will no longer be supporting it. Security vulnerabilities that are found in Windows XP will no longer be patched so this leaves you very exposed to threats. Upgrading, if possible, to a newer Operating System is advised. You can read more about this from here.

Also it's very important that you have an Antivirus installed on your machine. If you are looking for a suggestion on what to use I would suggest Avast.

Take care and let us know if you have any issues.


----------



## cherdon (Feb 10, 2009)

Darn..I was wrong..went on my computer tonight and there were tons of redirects..they came back so I still need help. I am aware of windows xp which sucks because I love it and I hate windows 8.


----------



## cherdon (Feb 10, 2009)

Well I just downloaded avast as per your instructions and omg it did a browser cleanup and found stuff but then of course after going forever says failed to perform changes..an unknown error occured. Cant seem to do anything and then of course the redirect started again


----------



## cherdon (Feb 10, 2009)

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-12-2014 01
Ran by Cheryl at 2014-12-23 00:33:51
Running from C:\Documents and Settings\Cheryl\My Documents\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
3DVIA player 5.0.0.20 (HKLM\...\{B01DD1A4-F4E1-4CE7-AB6E-3168C5BD5D30}) (Version: 5.0.20 - 3DVIA)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden
C510 (Version: 140.0.344.000 - Hewlett-Packard) Hidden
Canon PowerShot A3500 IS Camera User Guide (HKLM\...\CameraUserGuide-PSA3500IS) (Version: 1.0.0.1 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC) (Version: 8.10.0.16 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM\...\ImageBrowser EX) (Version: 1.4.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Destinations (Version: 140.0.167.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\...\Dropbox) (Version: 3.0.4 - Dropbox, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden
Haali Media Splitter (HKLM\...\HaaliMkx) (Version: - )
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart eStn C510 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{EEEA9020-FCB0-4E35-82B9-D0994EF267B0}) (Version: 14.0 - HP)
HP Product Detection (HKLM\...\{8A9FC225-75F6-4B5D-911C-0ED230565643}) (Version: 11.15.0009 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAppStudio (Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
IObit Toolbar v6.2 (HKLM\...\{835BCA58-EBE8-415B-8E7F-457F76F15821}) (Version: 6.2 - Spigot, Inc.) <==== ATTENTION
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
KODAK Share Button App (HKLM\...\{F5930CDE-2FF5-4A8D-9DBD-3177C816D4A9}) (Version: 4.05.0000.0000 - Eastman Kodak Company)
LeapFrog Connect (HKLM\...\UPCShell) (Version: 4.2.13.16151 - LeapFrog)
LeapFrog Connect (Version: 4.2.13.16151 - LeapFrog) Hidden
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden
PS_AIO_07_C510_SW_Min (Version: 140.0.344.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.23.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5730 - Realtek Semiconductor Corp.)
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (Version: 140.0.256.000 - Hewlett-Packard) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Cheryl\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Cheryl\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Cheryl\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Cheryl\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Cheryl\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Cheryl\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Cheryl\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Cheryl\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Cheryl\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Cheryl\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

24-09-2014 15:49:21 System Checkpoint
25-09-2014 16:06:23 System Checkpoint
26-09-2014 17:37:14 System Checkpoint
27-09-2014 17:45:41 System Checkpoint
28-09-2014 18:20:40 System Checkpoint
29-09-2014 18:29:48 System Checkpoint
30-09-2014 18:57:57 System Checkpoint
01-10-2014 18:59:55 System Checkpoint
02-10-2014 19:41:10 System Checkpoint
03-10-2014 19:48:50 System Checkpoint
04-10-2014 20:18:56 System Checkpoint
05-10-2014 20:25:37 System Checkpoint
06-10-2014 20:26:01 System Checkpoint
07-10-2014 21:56:37 System Checkpoint
08-10-2014 23:11:41 System Checkpoint
10-10-2014 09:02:05 System Checkpoint
11-10-2014 09:03:41 System Checkpoint
12-10-2014 09:27:43 System Checkpoint
13-10-2014 10:42:40 System Checkpoint
14-10-2014 12:08:01 System Checkpoint
15-10-2014 14:42:42 System Checkpoint
16-10-2014 01:31:50 Software Distribution Service 3.0
17-10-2014 10:42:51 System Checkpoint
18-10-2014 10:57:21 System Checkpoint
19-10-2014 11:18:57 System Checkpoint
19-10-2014 23:59:03 Installed AVG 2015
20-10-2014 00:00:10 Installed AVG 2015
21-10-2014 09:59:39 Removed Java 7 Update 51
21-10-2014 10:01:12 Removed JavaFX 2.1.0
21-10-2014 12:07:48 Removed Adobe Reader XI (11.0.08).
22-10-2014 14:31:46 System Checkpoint
23-10-2014 15:33:06 System Checkpoint
24-10-2014 16:27:38 System Checkpoint
25-10-2014 17:57:58 System Checkpoint
26-10-2014 18:50:04 System Checkpoint
27-10-2014 19:53:41 System Checkpoint
28-10-2014 20:37:21 System Checkpoint
29-10-2014 21:23:09 System Checkpoint
30-10-2014 22:16:27 System Checkpoint
31-10-2014 22:53:25 System Checkpoint
01-11-2014 23:16:19 System Checkpoint
02-11-2014 06:19:49 Removed AVG 2015
03-11-2014 08:40:52 Removed AVG 2015
03-11-2014 08:43:01 Removed AVG 2015
04-11-2014 12:40:40 System Checkpoint
05-11-2014 12:52:23 System Checkpoint
06-11-2014 12:59:04 System Checkpoint
07-11-2014 13:25:43 System Checkpoint
08-11-2014 14:00:18 System Checkpoint
09-11-2014 14:03:00 System Checkpoint
10-11-2014 15:07:08 System Checkpoint
11-11-2014 15:51:19 System Checkpoint
12-11-2014 15:54:04 System Checkpoint
13-11-2014 03:00:25 Software Distribution Service 3.0
14-11-2014 09:53:38 System Checkpoint
15-11-2014 10:11:40 System Checkpoint
16-11-2014 10:22:18 System Checkpoint
17-11-2014 11:58:31 System Checkpoint
18-11-2014 12:14:32 System Checkpoint
19-11-2014 13:44:15 System Checkpoint
20-11-2014 06:43:36 Removed Google Earth.
21-11-2014 08:27:50 System Checkpoint
22-11-2014 09:23:36 System Checkpoint
23-11-2014 10:39:24 System Checkpoint
24-11-2014 11:34:19 System Checkpoint
25-11-2014 11:56:21 System Checkpoint
26-11-2014 11:58:24 System Checkpoint
27-11-2014 12:35:33 System Checkpoint
28-11-2014 15:07:32 System Checkpoint
29-11-2014 16:22:19 System Checkpoint
30-11-2014 16:30:00 System Checkpoint
01-12-2014 16:52:27 System Checkpoint
02-12-2014 17:38:27 System Checkpoint
03-12-2014 20:57:06 System Checkpoint
04-12-2014 23:59:52 System Checkpoint
06-12-2014 11:58:03 System Checkpoint
07-12-2014 12:40:34 System Checkpoint
08-12-2014 13:03:32 System Checkpoint
09-12-2014 14:52:29 System Checkpoint
10-12-2014 15:36:53 System Checkpoint
11-12-2014 05:08:52 Software Distribution Service 3.0
12-12-2014 09:10:27 System Checkpoint
13-12-2014 09:33:01 System Checkpoint
14-12-2014 10:57:56 System Checkpoint
14-12-2014 15:59:19 Installed AVG 2015
14-12-2014 16:00:16 Installed AVG 2015
14-12-2014 18:06:43 Installed AVG PC TuneUp 2015
15-12-2014 18:28:45 System Checkpoint
15-12-2014 18:45:43 Removed AVG PC TuneUp 2015
15-12-2014 18:47:53 Removed AVG PC TuneUp 2015 (en-US)
16-12-2014 18:55:57 System Checkpoint
17-12-2014 19:02:55 System Checkpoint
18-12-2014 19:03:49 System Checkpoint
19-12-2014 19:59:32 System Checkpoint
20-12-2014 19:21:47 Installed Windows XP KB942288-v3.
20-12-2014 19:22:32 AA11
20-12-2014 19:26:04 LavasoftWeCompanion
20-12-2014 22:11:53 AA11
20-12-2014 22:26:29 LavasoftWeCompanion
21-12-2014 14:02:18 Removed AVG 2015
21-12-2014 14:04:30 Removed AVG 2015
21-12-2014 14:08:31 Removed Visual Studio 2012 x86 Redistributables
22-12-2014 20:50:04 System Checkpoint
22-12-2014 23:49:21 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 07:00 - 2013-06-10 13:02 - 00000019 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2014-12-22 23:52 - 2014-12-22 23:52 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14122201\algo.dll
2014-12-14 15:35 - 2014-12-02 12:33 - 03309224 _____ () C:\Documents and Settings\Cheryl\Local Settings\Application Data\mbot_ca_235\upmbot_ca_235.exe
2014-12-22 23:51 - 2014-12-22 23:51 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-04-14 07:00 - 2008-04-14 07:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 07:00 - 2008-04-14 07:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-12-11 21:07 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-11 21:07 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-11 21:07 - 2014-12-05 20:50 - 14913352 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageBrowser EX Agent.lnk => C:\WINDOWS\pss\ImageBrowser EX Agent.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AVG_UI => "C:\Program Files\AVG\AVG2015\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: ConduitFloatingPlugin_iolllphbfidpiigenecjjflaefapfnef => "C:\WINDOWS\system32\Rundll32.exe" "C:\Program Files\Conduit\CT3279412\plugins\TBVerifier.dll",RunConduitFloatingPlugin iolllphbfidpiigenecjjflaefapfnef
MSCONFIG\startupreg: ConduitFloatingPlugin_oiffmnkajgkhjjchngmajlomfdhfjdma => "C:\WINDOWS\system32\Rundll32.exe" "C:\Program Files\Conduit\CT3287810\plugins\TBVerifier.dll",RunConduitFloatingPlugin oiffmnkajgkhjjchngmajlomfdhfjdma
MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k
MSCONFIG\startupreg: KGShareApp => C:\Program Files\Kodak\KODAK Share Button App\KGShare_App.exe
MSCONFIG\startupreg: KodakShareButtonApp => C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
MSCONFIG\startupreg: Monitor => "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: Optimizer Pro => C:\Program Files\Optimizer Pro 3.13\OptProLauncher.exe
MSCONFIG\startupreg: Persistence => C:\WINDOWS\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: RoboForm => "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
MSCONFIG\startupreg: ROC_ROC_NT => "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-1214440339-1659004503-1801674531-500 - Administrator - Enabled)
Cheryl (S-1-5-21-1214440339-1659004503-1801674531-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Cheryl
Guest (S-1-5-21-1214440339-1659004503-1801674531-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1214440339-1659004503-1801674531-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1214440339-1659004503-1801674531-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/23/2014 00:00:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application browsercleanup.exe, version 10.0.2207.78, faulting module unknown, version 0.0.0.0, fault address 0x74786574.
Processing media-specific event for [browsercleanup.exe!ws!]

Error: (12/15/2014 02:01:32 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (12/15/2014 02:01:31 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (12/14/2014 03:54:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application au_.exe, version 2.7.47.1, faulting module helper.dll, version 0.0.0.0, fault address 0x000e0e5c.
Processing media-specific event for [au_.exe!ws!]

Error: (12/14/2014 03:52:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application uninstall.exe, version 0.0.0.0, faulting module uninstall.exe, version 0.0.0.0, fault address 0x00042bfe.
Processing media-specific event for [uninstall.exe!ws!]

Error: (12/14/2014 03:52:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application uninstall.exe, version 0.0.0.0, faulting module uninstall.exe, version 0.0.0.0, fault address 0x00042bfe.
Processing media-specific event for [uninstall.exe!ws!]

Error: (12/14/2014 03:36:20 PM) (Source: MsiInstaller) (EventID: 11309) (User: CHERYL-A778CF1B)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.

Error: (11/12/2014 08:32:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]

Error: (11/12/2014 08:32:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application msimn.exe, version 6.0.2900.5512, faulting module msoe.dll, version 6.0.2900.5931, fault address 0x000a251a.
Processing media-specific event for [msimn.exe!ws!]

Error: (11/02/2014 06:19:48 AM) (Source: MsiInstaller) (EventID: 10005) (User: CHERYL-A778CF1B)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 27054. CA_Error27054: SetupAction(0xC0070642): Installation failed.

System errors:
=============
Error: (12/23/2014 00:13:07 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cherimoya
wpnfd_1_10_0_4

Error: (12/23/2014 00:12:49 AM) (Source: 0) (EventID: 1) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (12/22/2014 07:33:27 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cherimoya
wpnfd_1_10_0_4

Error: (12/21/2014 02:08:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error: 
%%126

Error: (12/21/2014 02:08:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error: 
%%126

Error: (12/21/2014 02:08:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error: 
%%126

Error: (12/21/2014 02:08:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error: 
%%126

Error: (12/21/2014 02:08:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error: 
%%126

Error: (12/21/2014 02:08:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error: 
%%126

Error: (12/21/2014 02:08:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error: 
%%126

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU E3200 @ 2.40GHz
Percentage of memory in use: 37%
Total physical RAM: 2038.23 MB
Available physical RAM: 1272.25 MB
Total Pagefile: 3934.8 MB
Available Pagefile: 3220.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.76 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:298.08 GB) (Free:258.62 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 8AB28AB2)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================


----------



## BrianDrab (Oct 22, 2014)

No problem. Let's get you fixed. It looks like you only posted the Addition.txt log file. In your downloads folder there should be a FRST.txt file. Can you post that one as well?


----------



## cherdon (Feb 10, 2009)

I am so sorry BrianDrab.. I did not get a link to this posting in my email or for whatever reason it got missed. Here is what you requested

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-12-2014 01
Ran by Cheryl (administrator) on CHERYL-A778CF1B on 23-12-2014 00:32:09
Running from C:\Documents and Settings\Cheryl\My Documents\Downloads
Loaded Profile: Cheryl (Available profiles: Cheryl)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Eastman Kodak Company) C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
() C:\Documents and Settings\Cheryl\Local Settings\Application Data\mbot_ca_235\upmbot_ca_235.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Outlook Express\msimn.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [KodakShareButtonApp] => C:\Program Files\Kodak\KODAK Share Button App\Listener.exe [108544 2012-10-11] (Eastman Kodak Company)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [upmbot_ca_235.exe] => C:\Documents and Settings\Cheryl\Local Settings\Application Data\mbot_ca_235\upmbot_ca_235.exe [3309224 2014-12-02] ()
HKLM\...\Run: [rec_ca_1] => [X]
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-12-22] (AVAST Software)
HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\...\Run: [KGShareApp] => C:\Program Files\Kodak\KODAK Share Button App\KGShare_App.exe [394752 2012-10-11] (Eastman Kodak Company)
HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\...\MountPoints2: {09dae5a8-1182-11e4-894a-0025221887fe} - I:\KODAK_Software_Downloader.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:2954;https=127.0.0.1:2954;
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gfe_rd=cr&ei=jveYVIyuN4Sh8wehr4DgCg&gws_rd=ssl
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3331617&octid=EB_ORIGINAL_CTID&ISID=M4845E18D-15DD-48AE-960F-A99A4ADA2211&SearchSource=58&CUI=&UM=6&UP=SP95110FD8-F4EF-4D4D-B5E4-7F5626874D3C&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.ca/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004 -> {acbd5593-e5ee-4c15-b48f-1823ce819dec} URL = 
SearchScopes: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10088_cnet_141221&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004 -> No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File
Toolbar: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004 -> No Name - {4D503352-5636-006A-76A7-7A786E7484D7} - No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1263.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 24.226.1.93 24.226.10.193
Tcpip\..\Interfaces\{03A1F3B4-09A7-4F3D-A3F2-2786877B1477}: [NameServer] 8.26.56.26,8.20.247.20

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\Profiles\yqnlpmdi.default
FF DefaultSearchEngine: Google
FF DefaultSearchUrl: 
FF SelectedSearchEngine: Google
FF Homepage: about:blank
FF NewTab: about:blank
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @ei.MyScrapNook_12.com/Plugin -> C:\Program Files\MyScrapNook_12EI\Installr\1.bin\NP12EISB.dll No File
FF Plugin: @java.com/DTPlugin,version=10.4.1 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @virtools.com/3DviaPlayer -> C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\Profiles\yqnlpmdi.default\searchplugins\securesearch.xml
FF Extension: MP3 Rocket Downloader - C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\Profiles\yqnlpmdi.default\Extensions\[email protected] [2013-03-11]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-06-24]
FF HKLM\...\Firefox\Extensions: [{C74AB308-BA97-42f6-BB20-00E0868F52FB}] - C:\Program Files\shopperz\Firefox
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-22]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR Profile: C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-22]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-29]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-22]
CHR HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\Cheryl\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-22] (AVAST Software)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-12-22] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-12-22] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-12-22] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-12-22] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-12-22] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-12-22] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-12-22] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-12-22] ()
S3 FlyUsb; C:\WINDOWS\System32\DRIVERS\FlyUsb.sys [18560 2008-02-26] (LeapFrog)
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2009-08-06] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2009-08-06] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2009-08-06] (HP)
R3 HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [220032 2008-04-13] (Conexant Systems, Inc.)
R3 HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [1041536 2008-04-13] (Conexant Systems, Inc.)
S3 USBAAPL; C:\WINDOWS\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R3 winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [685056 2008-04-13] (Conexant Systems, Inc.)
S1 cherimoya; system32\drivers\cherimoya.sys [X]
S4 IntelIde; No ImagePath
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
S1 wpnfd_1_10_0_4; system32\drivers\wpnfd_1_10_0_4.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-23 00:31 - 2014-12-23 00:32 - 00000000 ____D () C:\FRST
2014-12-23 00:09 - 2014-12-23 00:09 - 00000000 ____D () C:\Program Files\Dropbox
2014-12-23 00:08 - 2014-12-23 00:08 - 00000000 ____D () C:\Documents and Settings\Cheryl\Start Menu\Programs\Dropbox
2014-12-23 00:05 - 2014-12-23 00:11 - 00000000 ____D () C:\Documents and Settings\Cheryl\Application Data\Dropbox
2014-12-22 23:55 - 2014-12-22 23:55 - 00000000 ____D () C:\Documents and Settings\Cheryl\Application Data\AVAST Software
2014-12-22 23:54 - 2014-12-22 23:54 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-12-22 23:53 - 2014-12-23 00:13 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-12-22 23:53 - 2014-12-22 23:53 - 00001731 _____ () C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2014-12-22 23:53 - 2014-12-22 23:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2014-12-22 23:52 - 2014-12-22 23:53 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-12-22 23:52 - 2014-12-22 23:53 - 00423784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-12-22 23:52 - 2014-12-22 23:51 - 00206248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-12-22 23:52 - 2014-12-22 23:51 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-12-22 23:52 - 2014-12-22 23:51 - 00057928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-12-22 23:52 - 2014-12-22 23:51 - 00055240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-12-22 23:52 - 2014-12-22 23:51 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-12-22 23:52 - 2014-12-22 23:51 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-12-22 23:51 - 2014-12-22 23:51 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-12-22 23:51 - 2014-12-22 23:51 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-12-22 23:49 - 2014-12-22 23:49 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-21 00:16 - 2014-12-21 00:16 - 00156240 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-12-20 19:33 - 2014-12-20 19:33 - 00000000 ____D () C:\Documents and Settings\Cheryl\Application Data\LavasoftStatistics
2014-12-20 19:27 - 2014-12-20 19:27 - 00004072 _____ () C:\WINDOWS\system32\LavasoftTcpService.ini
2014-12-20 19:27 - 2014-12-20 19:27 - 00002088 _____ () C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2014-12-20 19:27 - 2014-12-16 12:10 - 00312424 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService.dll
2014-12-20 19:21 - 2014-12-20 19:21 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v3$
2014-12-20 19:20 - 2014-12-20 22:27 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Lavasoft
2014-12-20 19:20 - 2014-12-20 19:22 - 00009456 _____ () C:\WINDOWS\KB942288-v3.log
2014-12-20 01:43 - 2014-12-20 01:43 - 00081920 _____ () C:\WINDOWS\Minidump\Mini122014-01.dmp
2014-12-20 01:10 - 2014-12-20 02:13 - 00000000 ____D () C:\Documents and Settings\Cheryl\Desktop\newest pics
2014-12-20 00:58 - 2014-12-20 00:58 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-12-20 00:58 - 2014-12-20 00:58 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-12-19 23:23 - 2014-12-22 23:45 - 00000000 ____D () C:\Program Files\rec_ca_1
2014-12-15 22:37 - 2014-12-15 22:37 - 00000325 _____ () C:\Documents and Settings\Cheryl\Desktop\HP Printer Diagnostic Tools.url
2014-12-14 18:13 - 2014-12-14 18:13 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\AVG
2014-12-14 18:13 - 2014-12-14 18:13 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\AVG
2014-12-14 18:12 - 2014-12-16 01:23 - 00065536 _____ () C:\WINDOWS\system32\config\TuneUp.evt
2014-12-14 18:11 - 2014-12-14 18:11 - 00000000 ____D () C:\Documents and Settings\Cheryl\Application Data\AVG
2014-12-14 18:04 - 2014-12-14 18:04 - 00000000 ____D () C:\Documents and Settings\Cheryl\Local Settings\Application Data\Avg
2014-12-14 18:00 - 2014-12-14 18:12 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG
2014-12-14 15:59 - 2014-12-22 19:32 - 00000000 ____D () C:\Program Files\AVG
2014-12-14 15:53 - 2014-12-15 00:23 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\{FAECC00E-8025-47C7-94A5-DCC838C392A1}
2014-12-14 15:53 - 2014-12-14 15:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\412301046
2014-12-14 15:48 - 2014-12-14 15:51 - 00000000 ____D () C:\Program Files\shopperz
2014-12-14 15:48 - 2014-12-14 15:48 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2014-12-14 15:48 - 2014-12-14 15:48 - 00000000 ____D () C:\Documents and Settings\Cheryl\Local Settings\Application Data\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2014-12-14 15:48 - 2014-12-14 15:48 - 00000000 ____D () C:\Documents and Settings\Cheryl\Application Data\Company
2014-12-14 15:48 - 2014-12-14 15:48 - 00000000 ____D () C:\Documents and Settings\Cheryl\Application Data\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2014-12-14 15:40 - 2014-12-14 15:40 - 00000000 ____D () C:\Program Files\predm
2014-12-14 15:40 - 2014-12-14 15:40 - 00000000 ____D () C:\Documents and Settings\Cheryl\My Documents\Optimizer Pro
2014-12-14 15:36 - 2014-12-14 21:41 - 00000000 ____D () C:\Program Files\globalUpdate
2014-12-14 15:36 - 2014-12-14 15:36 - 00000000 ____D () C:\Documents and Settings\Cheryl\Local Settings\Application Data\globalUpdate
2014-12-14 15:35 - 2014-12-23 00:16 - 00000000 ____D () C:\Documents and Settings\Cheryl\Local Settings\Application Data\mbot_ca_235
2014-12-12 14:44 - 2014-12-12 14:44 - 00000804 _____ () C:\Documents and Settings\Cheryl\My Documents\Shortcut to DYLAN TOPAS RESUME DO NOT DELETE.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-23 00:33 - 2012-05-16 15:15 - 00000000 ____D () C:\Documents and Settings\Cheryl\Local Settings\Temp
2014-12-23 00:14 - 2012-05-16 15:11 - 01597445 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-23 00:13 - 2012-05-16 11:06 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-12-23 00:13 - 2012-05-16 11:06 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-12-23 00:12 - 2014-03-22 07:17 - 00000224 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-12-23 00:12 - 2013-09-29 13:13 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-23 00:12 - 2012-05-16 15:14 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-23 00:04 - 2013-09-29 13:13 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-23 00:04 - 2012-05-16 15:33 - 00000000 ____D () C:\Documents and Settings\Cheryl\Local Settings\Application Data\Temp
2014-12-22 23:49 - 2012-09-17 23:28 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-12-22 21:37 - 2012-05-16 16:10 - 00000000 ____D () C:\Documents and Settings\Cheryl\Application Data\HpUpdate
2014-12-22 19:33 - 2008-04-14 07:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-12-22 19:32 - 2012-09-18 21:26 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-12-22 01:25 - 2012-05-16 15:15 - 00000178 ___SH () C:\Documents and Settings\Cheryl\ntuser.ini
2014-12-22 01:25 - 2012-05-16 15:14 - 00032626 _____ () C:\WINDOWS\SchedLgU.Txt
2014-12-22 01:24 - 2012-09-24 00:01 - 11223232 ___SH () C:\Documents and Settings\Cheryl\Desktop\Thumbs.db
2014-12-21 14:03 - 2014-10-20 00:01 - 00077392 _____ () C:\WINDOWS\setupapi.log
2014-12-20 22:28 - 2012-05-16 18:00 - 00000000 ____D () C:\Program Files\PokerStars
2014-12-20 19:22 - 2014-11-20 02:22 - 00037571 _____ () C:\WINDOWS\FaxSetup.log
2014-12-20 19:22 - 2014-11-20 02:22 - 00034594 _____ () C:\WINDOWS\ocgen.log
2014-12-20 19:22 - 2014-11-20 02:22 - 00020406 _____ () C:\WINDOWS\tsoc.log
2014-12-20 19:22 - 2014-11-20 02:22 - 00012642 _____ () C:\WINDOWS\comsetup.log
2014-12-20 19:22 - 2014-11-20 02:22 - 00009081 _____ () C:\WINDOWS\ntdtcsetup.log
2014-12-20 19:22 - 2014-11-20 02:22 - 00004882 _____ () C:\WINDOWS\iis6.log
2014-12-20 19:22 - 2014-11-20 02:22 - 00002623 _____ () C:\WINDOWS\msgsocm.log
2014-12-20 19:22 - 2014-11-20 02:22 - 00002545 _____ () C:\WINDOWS\ocmsn.log
2014-12-20 19:22 - 2014-11-20 02:22 - 00001393 _____ () C:\WINDOWS\imsins.log
2014-12-20 19:22 - 2012-05-16 10:56 - 00000000 ____D () C:\WINDOWS\system32\mui
2014-12-20 01:43 - 2012-09-15 10:59 - 00000000 ____D () C:\WINDOWS\Minidump
2014-12-20 00:59 - 2014-11-20 02:22 - 00001905 _____ () C:\WINDOWS\imsins.BAK
2014-12-15 18:10 - 2012-05-16 15:15 - 00000000 ____D () C:\Documents and Settings\Cheryl
2014-12-15 14:52 - 2012-05-16 11:01 - 00000211 ___SH () C:\boot.ini
2014-12-15 14:52 - 2008-04-14 07:00 - 00000512 _____ () C:\WINDOWS\win.ini
2014-12-15 14:52 - 2008-04-14 07:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-12-14 18:33 - 2012-05-28 11:01 - 00000000 ____D () C:\Documents and Settings\Cheryl\Start Menu\Programs\MediaPlayerLite
2014-12-14 15:52 - 2013-04-01 22:26 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-12-14 15:48 - 2012-05-16 15:14 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-12-14 15:36 - 2013-09-29 13:16 - 00001871 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-12-11 05:19 - 2013-07-25 16:18 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-11 05:10 - 2012-05-16 16:04 - 109818608 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-08 15:00 - 2014-03-22 07:17 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-12-06 10:51 - 2012-05-16 15:18 - 08868352 ___SH () C:\Documents and Settings\Cheryl\My Documents\Thumbs.db
2014-11-30 23:57 - 2014-07-03 22:28 - 00000000 ____D () C:\Documents and Settings\Cheryl\Desktop\sophie pics
2014-11-27 14:59 - 2014-11-02 15:26 - 00000000 ____D () C:\Documents and Settings\Cheryl\Desktop\recent sophie pics

Some content of TEMP:
====================
C:\Documents and Settings\Cheryl\Local Settings\Temp\5695d9e3-90ed-4e20-8449-9af751ebdd61.exe
C:\Documents and Settings\Cheryl\Local Settings\Temp\5be2e806-6551-4892-9c6d-30990b04f384.exe
C:\Documents and Settings\Cheryl\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpllb8pn.dll
C:\Documents and Settings\Cheryl\Local Settings\Temp\DseShExt-x86.dll
C:\Documents and Settings\Cheryl\Local Settings\Temp\hpqrrx08.exe
C:\Documents and Settings\Cheryl\Local Settings\Temp\hpzmsi01.exe
C:\Documents and Settings\Cheryl\Local Settings\Temp\hpzscr01.EXE
C:\Documents and Settings\Cheryl\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Cheryl\Local Settings\Temp\SDShelEx-win32.dll
C:\Documents and Settings\Cheryl\Local Settings\Temp\setup.exe
C:\Documents and Settings\Cheryl\Local Settings\Temp\setup_490.exe
C:\Documents and Settings\Cheryl\Local Settings\Temp\setup_mbot_ca.exe
C:\Documents and Settings\Cheryl\Local Settings\Temp\SpOrder.dll
C:\Documents and Settings\Cheryl\Local Settings\Temp\sprz.exe
C:\Documents and Settings\Cheryl\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\Cheryl\Local Settings\Temp\wordproser-setup-1.10.0.4.exe
C:\Documents and Settings\Cheryl\Local Settings\Temp\_unps.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================


----------



## cherdon (Feb 10, 2009)

I am not having problems with re directs any longer..I have other problems now..for one thing I tried to remove 4 programs that I no longer need in add/remove (CANON) because I no longer have that camera but when I try to do so, i get the following error for all









Also, when i did MSCONFIG to remove cc cleaner from start up I got this error









I have always been admin and no one else uses this computer but myself so i wonder if somewhere on here a trojan or virus has somehow caused this because in user accts it still is showing me as admin and guest accts turned off.

Alot of times when I click on Google Chrome or IE8 I will take hour glass but it takes forever to come up..just like the old dial up..and if I happen to be running an avast scan or another scan and try and access internet it takes forever or will freeze up..Hoping you can help me solve this issues because my computer was running just fine until I lost all my bookmarks in google chrome after deleting it amongst other programs in hopes of finding out what was causing puter to run so slow and not act right.


----------



## BrianDrab (Oct 22, 2014)

No problem and welcome back. Please follow my instructions below. We need to ensure you are malware free and then can address any remaining problems.

Step#1 - FRST Fix

*NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system*
1. Download attached file and save it to the *Desktop*. 
*Note.* It's important that both files, *FRST* and *fixlist.txt *are in the same location or the fix will not work (in this case...the desktop).
2. Run *FRST* by *Right-Clicking *on the file and choosing *Run as administrator*.
3. Press the *Fix* button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (*Fixlog.txt*). Please post the contents of it in your reply.

Step#2 - Uninstalls

Please *uninstall *the following programs one at a time. Instructions for doing so are here. Please follow the section *How to remove an installed program*.
If any of the programs give you an error during the uninstall, *notate it *and *move on* to the next one. Just *let me know which ones had issues*.

IObit Toolbar v6.2 - <-- The vendor is untrustworthy and deemed a rogue within the Anti-Malware community as a whole.


Step#3 - AdWCleaner
1. Please download *AdwCleaner* by Xplode onto your *desktop*.
2. Close all open programs and internet browsers.
3. Right-click on *AdwCleaner.exe* and select *Run as administrator *to run the tool.
4. Click on *Scan*.
5. After the scan is complete click on "*Clean*"
6. Confirm each time with *Ok*.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at *C:\AdwCleaner\AdwCleaner[S0].txt* as well. 

Step#4 - Fresh Set of Logs

1. *Right click *on FRST.exe and select *Run as administrator*. When the tool opens click *Yes* to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press *Scan* button.
4. It will produce a log called *FRST.txt* in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the *Addition.txt *check box this log will be created as well. Please copy and paste this log as well.

Items for your next post
1. FRST Fix Log
2. AdwCleaner log
3. Fresh FRST and Addition logs


----------



## cherdon (Feb 10, 2009)

Thankyou for the welcome back. In step #1 you state to download attached file but its not there? I will wait for your response and then do as you have instructed. In step #2 you want me to uninstall the following programs one at a time but you dont state which programs?


----------



## BrianDrab (Oct 22, 2014)

The fixlist.txt is attached at the bottom of the post.

The program to uninstall is listed above. It's named 
IObit Toolbar v6.2


----------



## cherdon (Feb 10, 2009)

Sorry I missed the fixlist.txt at bottom..as far as IObit Toolbar I'm sorry but I'm not seeing link for that..the one highlighted in blue isn't a link..and after I download that, what programs exactly do you want me to uninstall..yes I'm somewhat confused


----------



## BrianDrab (Oct 22, 2014)

I just need you to remove the program named IObit Toolbar v6.2. You currently have that installed. Instructions for doing so (if you are unfamiliar) are here.


----------



## cherdon (Feb 10, 2009)

As far as step #1, I clicked on attached file which goes to my downloads folder which when clicked on brings up text, cant right click and run as admin...dont understand what I am doing wrong with this one.


Got errors when I tried to uninstall IOBit toolbar from add/remove..i took a print screen shot to show you both


----------



## BrianDrab (Oct 22, 2014)

No problem, hang in there. We'll get it. Let me adjust my instructions for Step#1 a bit. Since you saved the fixlist.txt to your Downloads folder already then you don't have to do bullet#1 below. But please start with Bullet#2.

Step#1 - FRST Fix

*NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system*
1. Download attached file and save it to the *Desktop*. 
*Note.* It's important that both files, *FRST* and *fixlist.txt *are in the same location or the fix will not work (in this case...the desktop).
2. Run *FRST* by *Double-Clicking *on FRST.exe which is in your Downloads folder. 
3. Press the *Fix* button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log in your Downloads folder (*Fixlog.txt*). Please post the contents of it in your reply.


----------



## cherdon (Feb 10, 2009)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-01-2015 01
Ran by Cheryl at 2015-01-27 20:38:38 Run:1
Running from C:\Documents and Settings\Cheryl\My Documents\Downloads
Loaded Profiles: Cheryl (Available profiles: Cheryl)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CreateRestorePoint:
() C:\Documents and Settings\Cheryl\Local Settings\Application Data\mbot_ca_235\upmbot_ca_235.exe
C:\Documents and Settings\Cheryl\Local Settings\Application Data\mbot_ca_235
HKLM\...\Run: [upmbot_ca_235.exe] => C:\Documents and Settings\Cheryl\Local Settings\Application Data\mbot_ca_235\upmbot_ca_235.exe [3309224 2014-12-02] ()
HKLM\...\Run: [rec_ca_1] => [X]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\...\MountPoints2: {09dae5a8-1182-11e4-894a-0025221887fe} - I:\KODAK_Software_Downloader.exe
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:2954;https=127.0.0.1:2954;
SearchScopes: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3331617&octid=EB_ORIGINAL_CTID&ISID=M4845E18D-15DD-48AE-960F-A99A4ADA2211&SearchSource=58&CUI=&UM=6&UP=SP95110FD8-F4EF-4D4D-B5E4-7F5626874D3C&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004 -> {acbd5593-e5ee-4c15-b48f-1823ce819dec} URL = 
SearchScopes: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10088_cnet_141221&q={searchTerms }
Toolbar: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004 -> No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File
Toolbar: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004 -> No Name - {4D503352-5636-006A-76A7-7A786E7484D7} - No File
FF SearchPlugin: C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\Profiles\yqnlpmdi.default\searchplugins\securesearch.x ml
FF HKLM\...\Firefox\Extensions: [{C74AB308-BA97-42f6-BB20-00E0868F52FB}] - C:\Program Files\shopperz\Firefox
CHR HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\Cheryl\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahig kjlhalf_live.crx [Not Found]
S1 cherimoya; system32\drivers\cherimoya.sys [X]
S1 wpnfd_1_10_0_4; system32\drivers\wpnfd_1_10_0_4.sys [X]
2014-12-14 15:53 - 2014-12-15 00:23 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\{FAECC00E-8025-47C7-94A5-DCC838C392A1}
2014-12-14 15:53 - 2014-12-14 15:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\412301046
2014-12-14 15:48 - 2014-12-14 15:51 - 00000000 ____D () C:\Program Files\shopperz
2014-12-14 15:48 - 2014-12-14 15:48 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2014-12-14 15:48 - 2014-12-14 15:48 - 00000000 ____D () C:\Documents and Settings\Cheryl\Local Settings\Application Data\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2014-12-14 15:48 - 2014-12-14 15:48 - 00000000 ____D () C:\Documents and Settings\Cheryl\Application Data\Company
2014-12-14 15:48 - 2014-12-14 15:48 - 00000000 ____D () C:\Documents and Settings\Cheryl\Application Data\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2014-12-14 15:40 - 2014-12-14 15:40 - 00000000 ____D () C:\Program Files\predm
2014-12-14 15:40 - 2014-12-14 15:40 - 00000000 ____D () C:\Documents and Settings\Cheryl\My Documents\Optimizer Pro
2014-12-14 15:36 - 2014-12-14 21:41 - 00000000 ____D () C:\Program Files\globalUpdate
2014-12-14 15:36 - 2014-12-14 15:36 - 00000000 ____D () C:\Documents and Settings\Cheryl\Local Settings\Application Data\globalUpdate
C:\Program Files\Conduit
C:\Program Files\Optimizer Pro 3.13
C:\Program Files\AVG Secure Search
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
EmptyTemp:
*****************

Restore point was successfully created.
C:\Documents and Settings\Cheryl\Local Settings\Application Data\mbot_ca_235\upmbot_ca_235.exe => No running process found
"C:\Documents and Settings\Cheryl\Local Settings\Application Data\mbot_ca_235" => File/Directory not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\upmbot_ca_235.exe => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\rec_ca_1 => Value not found.
C:\Documents and Settings\All Users\Application Data\TEMP => ":373E1720" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":5C321E34" ADS removed successfully.
"HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09dae5a8-1182-11e4-894a-0025221887fe}" => Key deleted successfully.
HKCR\CLSID\{09dae5a8-1182-11e4-894a-0025221887fe} => Key not found. 
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found. 
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found. 
"HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{acbd5593-e5ee-4c15-b48f-1823ce819dec}" => Key deleted successfully.
HKCR\CLSID\{acbd5593-e5ee-4c15-b48f-1823ce819dec} => Key not found. 
"HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}" => Key deleted successfully.
HKCR\CLSID\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9} => Key not found. 
HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} => value deleted successfully.
HKCR\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A} => Key not found. 
HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. 
HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4D503352-5636-006A-76A7-7A786E7484D7} => value deleted successfully.
HKCR\CLSID\{4D503352-5636-006A-76A7-7A786E7484D7} => Key not found. 
"C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\Profiles\yqnlpmdi.default\searchplugins\securesearch.x ml" => not found.
HKLM\Software\Mozilla\Firefox\Extensions\\{C74AB308-BA97-42f6-BB20-00E0868F52FB} => value deleted successfully.
"HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf" => Key deleted successfully.
cherimoya => Service deleted successfully.
wpnfd_1_10_0_4 => Service not found.
C:\Documents and Settings\LocalService\Local Settings\Application Data\{FAECC00E-8025-47C7-94A5-DCC838C392A1} => Moved successfully.
C:\Documents and Settings\All Users\Application Data\412301046 => Moved successfully.
"C:\Program Files\shopperz" => File/Directory not found.
C:\Documents and Settings\LocalService\Local Settings\Application Data\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A} => Moved successfully.
C:\Documents and Settings\Cheryl\Local Settings\Application Data\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A} => Moved successfully.
C:\Documents and Settings\Cheryl\Application Data\Company => Moved successfully.
C:\Documents and Settings\Cheryl\Application Data\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A} => Moved successfully.
"C:\Program Files\predm" => File/Directory not found.
"C:\Documents and Settings\Cheryl\My Documents\Optimizer Pro" => File/Directory not found.
"C:\Program Files\globalUpdate" => File/Directory not found.
"C:\Documents and Settings\Cheryl\Local Settings\Application Data\globalUpdate" => File/Directory not found.
"C:\Program Files\Conduit" => File/Directory not found.
"C:\Program Files\Optimizer Pro 3.13" => File/Directory not found.
"C:\Program Files\AVG Secure Search" => File/Directory not found.

========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F =========

The operation completed successfully

========= End of Reg: =========

========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F =========

The operation completed successfully

========= End of Reg: =========

========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully

========= End of Reg: =========

========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully

========= End of Reg: =========

EmptyTemp: => Removed 2 GB temporary data.

The system needed a reboot.

==== End of Fixlog 20:39:31 ====


----------



## BrianDrab (Oct 22, 2014)

Nice job! I'll await the info from Step#3 & 4.


----------



## cherdon (Feb 10, 2009)

Step #3 contents of log..please note that when scan finished there was nothing listed to clean but I did it anyways ..this isn't the first time nothing was listed after ADwCleaner scan

# AdwCleaner v4.109 - Report created 24/01/2015 at 12:02:11
# Updated 24/01/2015 by Xplode
# Database : 2015-01-24.4 [Live]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Cheryl - CHERYL-A778CF1B
# Running from : C:\Documents and Settings\Cheryl\My Documents\Downloads\AdwCleaner (4).exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

File Deleted : C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\Profiles\yqnlpmdi.default\searchplugins\securesearch.xml

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v16.0.1 (en-US)

-\\ Google Chrome v40.0.2214.91

*************************

AdwCleaner[R2].txt - [3951 octets] - [11/01/2015 06:59:15]
AdwCleaner[R3].txt - [1354 octets] - [12/01/2015 09:20:12]
AdwCleaner[R4].txt - [1073 octets] - [12/01/2015 12:40:50]
AdwCleaner[R5].txt - [1569 octets] - [24/01/2015 09:52:39]
AdwCleaner[R6].txt - [1495 octets] - [24/01/2015 11:48:51]
AdwCleaner[S2].txt - [4106 octets] - [11/01/2015 07:03:03]
AdwCleaner[S3].txt - [1429 octets] - [12/01/2015 09:23:09]
AdwCleaner[S4].txt - [1135 octets] - [12/01/2015 12:43:27]
AdwCleaner[S5].txt - [1420 octets] - [24/01/2015 12:02:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1480 octets] ##########
# AdwCleaner v4.109 - Report created 27/01/2015 at 21:12:53
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Cheryl - CHERYL-A778CF1B
# Running from : C:\Documents and Settings\Cheryl\My Documents\Downloads\AdwCleaner (5).exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v16.0.1 (en-US)

-\\ Google Chrome v40.0.2214.93

*************************

AdwCleaner[R2].txt - [3951 octets] - [11/01/2015 06:59:15]
AdwCleaner[R3].txt - [1354 octets] - [12/01/2015 09:20:12]
AdwCleaner[R4].txt - [1073 octets] - [12/01/2015 12:40:50]
AdwCleaner[R5].txt - [2987 octets] - [24/01/2015 09:52:39]
AdwCleaner[R6].txt - [1495 octets] - [24/01/2015 11:48:51]
AdwCleaner[S2].txt - [4106 octets] - [11/01/2015 07:03:03]
AdwCleaner[S3].txt - [1429 octets] - [12/01/2015 09:23:09]
AdwCleaner[S4].txt - [1135 octets] - [12/01/2015 12:43:27]
AdwCleaner[S5].txt - [2841 octets] - [24/01/2015 12:02:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [2901 octets] ##########

PS- I cant do step #4 waiting for solution on that one.


----------



## BrianDrab (Oct 22, 2014)

I've adjusted the instructions for Step#4.

Step#4 - Fresh Set of Logs

 1. *Double click *on FRST.exe (in your Downloads folder) 
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press *Scan* button.
4. It will produce a log called *FRST.txt* in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the *Addition.txt *check box this log will be created as well. Please copy and paste this log as well.


----------



## cherdon (Feb 10, 2009)

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2015 01
Ran by Cheryl (administrator) on CHERYL-A778CF1B on 27-01-2015 21:45:50
Running from C:\Documents and Settings\Cheryl\My Documents\Downloads
Loaded Profiles: Cheryl (Available profiles: Cheryl)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Outlook Express\msimn.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:2954;https=127.0.0.1:2954;
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gfe_rd=cr&ei=jveYVIyuN4Sh8wehr4DgCg&gws_rd=ssl
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.ca/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1263.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 24.226.1.93 24.226.10.193
Tcpip\..\Interfaces\{03A1F3B4-09A7-4F3D-A3F2-2786877B1477}: [NameServer] 8.26.56.26,8.20.247.20

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\Profiles\yqnlpmdi.default
FF DefaultSearchEngine: Google
FF DefaultSearchUrl: 
FF SelectedSearchEngine: Google
FF Homepage: about:blank
FF NewTab: about:blank
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @ei.MyScrapNook_12.com/Plugin -> C:\Program Files\MyScrapNook_12EI\Installr\1.bin\NP12EISB.dll No File
FF Plugin: @java.com/DTPlugin,version=10.4.1 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @virtools.com/3DviaPlayer -> C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: MP3 Rocket Downloader - C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\Profiles\yqnlpmdi.default\Extensions\[email protected] [2013-03-11]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-06-24]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-26]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR Profile: C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-26]
CHR Extension: (Google Docs) - C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-26]
CHR Extension: (Google Drive) - C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-26]
CHR Extension: (YouTube) - C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-26]
CHR Extension: (Google Search) - C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-26]
CHR Extension: (Google Sheets) - C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-26]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-26]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-26]
CHR Extension: (Gmail) - C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-26]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-26]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-26] (AVAST Software)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-12-22] (IBM Corp.)
S4 LeapFrog Connect Device Service; "C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2015-01-26] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [73480 2015-01-26] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2015-01-26] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2015-01-26] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2015-01-26] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2015-01-26] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2015-01-26] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2015-01-26] ()
R1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrv.sys [22312 2009-02-12] (EldoS Corporation)
S3 FlyUsb; C:\WINDOWS\System32\DRIVERS\FlyUsb.sys [18560 2008-02-26] (LeapFrog)
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2009-08-06] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2009-08-06] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2009-08-06] (HP)
R3 HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [220032 2008-04-13] (Conexant Systems, Inc.)
R3 HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [1041536 2008-04-13] (Conexant Systems, Inc.)
R1 RapportCerberus_80120; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80120.sys [472792 2015-01-12] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [251640 2014-12-22] (IBM Corp.)
R0 RapportKELL; C:\WINDOWS\System32\Drivers\RapportKELL.sys [208856 2014-12-22] (IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [332696 2014-12-22] (IBM Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 USBAAPL; C:\WINDOWS\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R3 winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [685056 2008-04-13] (Conexant Systems, Inc.)
S4 IntelIde; No ImagePath
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 21:16 - 2015-01-27 21:16 - 00002981 _____ () C:\Documents and Settings\Cheryl\Desktop\AdwCleaner[S5].txt
2015-01-27 20:40 - 2015-01-27 20:40 - 06220854 _____ () C:\Documents and Settings\Cheryl\Desktop\fix.bmp
2015-01-27 20:13 - 2015-01-27 20:13 - 00004254 _____ () C:\Documents and Settings\Cheryl\Desktop\fixlist (2).txt
2015-01-27 20:03 - 2015-01-27 20:07 - 00294822 _____ () C:\Documents and Settings\Cheryl\Desktop\io 2.bmp
2015-01-27 19:54 - 2015-01-27 20:00 - 00520470 _____ () C:\Documents and Settings\Cheryl\Desktop\iobit toolbar.bmp
2015-01-27 19:46 - 2015-01-27 19:46 - 00004254 _____ () C:\Documents and Settings\Cheryl\Desktop\fixlist.txt
2015-01-27 12:46 - 2015-01-27 12:46 - 00081920 _____ () C:\WINDOWS\Minidump\Mini012715-01.dmp
2015-01-26 23:51 - 2015-01-26 23:53 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-26 23:51 - 2015-01-26 23:51 - 00001678 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
2015-01-26 23:51 - 2015-01-26 23:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2015-01-26 22:07 - 2015-01-26 22:32 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-01-26 22:07 - 2015-01-26 22:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2015-01-26 22:03 - 2015-01-27 21:18 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-26 22:03 - 2015-01-27 21:15 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-26 22:01 - 2015-01-26 22:01 - 42609232 _____ (Google Inc.) C:\Documents and Settings\Cheryl\My Documents\ChromeStandaloneSetup.exe
2015-01-26 16:02 - 2015-01-27 21:45 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-26 16:02 - 2015-01-26 21:47 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-26 16:02 - 2015-01-26 21:47 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-26 15:32 - 2015-01-26 15:32 - 00000000 ____D () C:\Program Files\Dropbox
2015-01-26 15:31 - 2015-01-26 15:31 - 00000000 ____D () C:\Documents and Settings\Cheryl\Start Menu\Programs\Dropbox
2015-01-26 15:16 - 2015-01-26 15:16 - 00001731 _____ () C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2015-01-26 15:16 - 2015-01-26 15:16 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2015-01-26 15:16 - 2015-01-26 15:16 - 00000000 ____D () C:\Documents and Settings\Cheryl\Application Data\AVAST Software
2015-01-26 15:16 - 2015-01-26 15:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2015-01-26 15:15 - 2015-01-27 21:45 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-01-26 15:14 - 2015-01-26 15:15 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-01-26 15:14 - 2015-01-26 15:15 - 00423784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-01-26 15:14 - 2015-01-26 15:15 - 00073480 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2015-01-26 15:14 - 2015-01-26 15:14 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-01-26 15:14 - 2015-01-26 15:14 - 00206248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-01-26 15:14 - 2015-01-26 15:14 - 00057928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-01-26 15:14 - 2015-01-26 15:14 - 00055240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-01-26 15:14 - 2015-01-26 15:14 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-01-26 15:14 - 2015-01-26 15:14 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-01-26 15:14 - 2015-01-26 15:14 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-01-26 15:11 - 2015-01-26 15:11 - 00000000 ____D () C:\Program Files\AVAST Software
2015-01-26 15:08 - 2015-01-26 15:08 - 132469808 _____ (AVAST Software) C:\Documents and Settings\Cheryl\My Documents\avast_free_antivirus_setup.exe
2015-01-26 13:20 - 2015-01-26 13:21 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-26 13:20 - 2015-01-26 13:20 - 00000000 ____D () C:\Program Files\Apple Software Update
2015-01-26 13:13 - 2015-01-26 13:13 - 00000000 ____D () C:\Program Files\rec_ca_1
2015-01-26 13:13 - 2015-01-26 13:13 - 00000000 ____D () C:\Documents and Settings\Cheryl\Local Settings\Application Data\rec_ca_1
2015-01-26 13:12 - 2015-01-26 13:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2015-01-26 10:45 - 2015-01-26 10:45 - 00000000 ____D () C:\Program Files\MunSoft
2015-01-26 10:44 - 2015-01-26 10:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\PokerStars.NET
2015-01-25 16:07 - 2015-01-25 16:24 - 00000000 ____D () C:\Documents and Settings\Cheryl\My Documents\01-25-2015
2015-01-24 15:30 - 2015-01-26 13:06 - 00000000 ____D () C:\Documents and Settings\Cheryl\My Documents\steps taken to fix puter.do not delete
2015-01-24 12:47 - 2015-01-26 13:11 - 00000000 ____D () C:\Program Files\Common Files\Apple(2)
2015-01-24 12:47 - 2015-01-26 13:11 - 00000000 ____D () C:\Program Files\Apple Software Update(2)
2015-01-24 12:47 - 2015-01-24 12:47 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-01-24 12:19 - 2015-01-27 20:19 - 00000512 _____ () C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 9bce06e9-557d-49bb-b8b4-9c6c26ada618.job
2015-01-24 12:19 - 2015-01-26 13:12 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware(2)
2015-01-24 12:19 - 2015-01-25 02:00 - 00000512 _____ () C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 64119d8e-e944-4819-8e65-f21bbc3e138a.job
2015-01-24 12:19 - 2015-01-24 12:19 - 00000000 ____D () C:\Documents and Settings\Cheryl\Application Data\SUPERAntiSpyware.com
2015-01-24 12:19 - 2015-01-24 12:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2015-01-24 10:12 - 2015-01-26 13:13 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-23 14:51 - 2015-01-26 13:22 - 00000000 ____D () C:\Documents and Settings\Cheryl\Application Data\AVAST Software(2)
2015-01-23 14:46 - 2015-01-26 13:22 - 00000000 ____D () C:\Program Files\AVAST Software(2)
2015-01-18 14:00 - 2009-02-12 15:11 - 00022312 _____ (EldoS Corporation) C:\WINDOWS\system32\Drivers\rsdrv.sys
2015-01-17 01:16 - 2015-01-17 01:16 - 00071279 _____ () C:\Documents and Settings\Cheryl\My Documents\image_11.jpeg
2015-01-16 13:23 - 2015-01-16 13:23 - 00001650 _____ () C:\Documents and Settings\All Users\Desktop\PokerStars.net.lnk
2015-01-12 14:07 - 2012-05-26 22:15 - 00001519 _____ () C:\Documents and Settings\Cheryl\Desktop\Notepad.lnk
2015-01-12 12:49 - 2015-01-12 12:49 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Application Data\Trusteer
2015-01-11 07:10 - 2015-01-11 07:11 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-11 07:10 - 2015-01-11 07:10 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2015-01-11 06:59 - 2015-01-27 21:12 - 00000000 ____D () C:\AdwCleaner
2015-01-10 17:47 - 2015-01-18 18:30 - 00000000 ____D () C:\Documents and Settings\Cheryl\My Documents\01-10-2015
2015-01-07 22:46 - 2015-01-07 22:46 - 00000000 ____D () C:\Documents and Settings\Cheryl\Local Settings\Application Data\Trusteer
2015-01-07 22:45 - 2015-01-26 10:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Endpoint Protection
2015-01-07 22:45 - 2015-01-07 22:45 - 00000000 ____D () C:\Program Files\Trusteer
2015-01-07 22:43 - 2015-01-07 22:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Trusteer
2015-01-05 10:55 - 2015-01-18 18:36 - 00000000 ____D () C:\Documents and Settings\Cheryl\My Documents\01-05-2015
2015-01-01 05:27 - 2015-01-18 18:31 - 00000000 ____D () C:\Documents and Settings\Cheryl\My Documents\01-01-2015

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 21:46 - 2012-05-16 15:15 - 00000000 ____D () C:\Documents and Settings\Cheryl\Local Settings\Temp
2015-01-27 21:45 - 2014-12-23 00:31 - 00000000 ____D () C:\FRST
2015-01-27 21:17 - 2012-05-16 15:11 - 01264745 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-27 21:15 - 2014-03-22 07:17 - 00000224 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-01-27 21:15 - 2012-05-16 15:14 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-27 21:15 - 2012-05-16 11:06 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-01-27 21:15 - 2012-05-16 11:06 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-01-27 21:13 - 2012-05-16 15:15 - 00000178 ___SH () C:\Documents and Settings\Cheryl\ntuser.ini
2015-01-27 21:13 - 2012-05-16 15:14 - 00032526 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-27 20:39 - 2012-05-16 15:14 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-01-27 14:35 - 2012-05-16 15:18 - 08938496 ___SH () C:\Documents and Settings\Cheryl\My Documents\Thumbs.db
2015-01-27 12:46 - 2012-09-15 10:59 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-27 01:09 - 2012-05-16 11:01 - 00000211 ___SH () C:\boot.ini
2015-01-27 01:09 - 2008-04-14 07:00 - 00000512 _____ () C:\WINDOWS\win.ini
2015-01-27 01:09 - 2008-04-14 07:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-01-26 22:05 - 2012-05-16 15:28 - 00000000 ____D () C:\Program Files\Google
2015-01-26 21:49 - 2013-09-29 13:12 - 00000000 ____D () C:\Documents and Settings\Cheryl\Local Settings\Application Data\Deployment
2015-01-26 21:46 - 2014-09-24 09:16 - 03539632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2015-01-26 16:01 - 2014-09-24 08:21 - 00000000 ____D () C:\Documents and Settings\Cheryl\Local Settings\Application Data\Adobe
2015-01-26 15:47 - 2012-05-16 15:15 - 00000000 ____D () C:\Documents and Settings\Cheryl
2015-01-26 15:11 - 2012-09-17 23:28 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2015-01-26 13:36 - 2012-05-16 15:14 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-01-26 13:36 - 2012-05-16 15:14 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-01-26 13:36 - 2012-05-16 15:09 - 00000000 ____D () C:\WINDOWS\Registration
2015-01-26 13:21 - 2012-05-16 16:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple
2015-01-26 13:19 - 2012-05-16 15:28 - 00000000 ____D () C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google
2015-01-26 13:12 - 2014-10-27 07:39 - 00000000 ____D () C:\Program Files\QuickTime
2015-01-26 13:12 - 2012-05-16 16:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple Computer
2015-01-26 10:44 - 2012-05-16 18:06 - 00000000 ____D () C:\Program Files\PokerStars.NET
2015-01-26 10:39 - 2013-07-25 16:18 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-26 10:36 - 2014-12-20 01:10 - 00000000 ____D () C:\Documents and Settings\Cheryl\My Documents\newest pics
2015-01-26 10:33 - 2014-10-27 07:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-01-26 10:14 - 2014-07-03 22:28 - 00000000 ____D () C:\Documents and Settings\Cheryl\My Documents\soph pics
2015-01-26 09:05 - 2012-05-16 15:10 - 00000000 ____D () C:\WINDOWS\system32\Restore
2015-01-26 07:39 - 2008-04-14 07:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2015-01-25 16:30 - 2012-09-24 00:01 - 11826176 ___SH () C:\Documents and Settings\Cheryl\Desktop\Thumbs.db
2015-01-24 11:36 - 2012-05-16 15:58 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2564958$
2015-01-23 20:38 - 2013-03-27 11:52 - 00000000 ____D () C:\Program Files\LeapFrog
2015-01-23 20:38 - 2013-03-27 11:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Leapfrog
2015-01-21 12:57 - 2012-05-16 19:24 - 00160768 _____ () C:\Documents and Settings\Cheryl\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-18 14:45 - 2012-09-23 12:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2015-01-14 10:07 - 2012-05-16 16:22 - 00000000 ____D () C:\WINDOWS\pss
2015-01-14 08:00 - 2012-05-16 16:04 - 110348472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-11 09:41 - 2012-05-16 15:33 - 00000000 ____D () C:\Documents and Settings\Cheryl\Local Settings\Application Data\Temp
2015-01-08 15:00 - 2014-03-22 07:17 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-01-01 11:23 - 2014-12-26 00:34 - 00000000 ____D () C:\Documents and Settings\Cheryl\My Documents\xmas Pics

==================== Files in the root of some directories =======

2014-09-01 03:18 - 2014-09-01 03:18 - 0001248 _____ () C:\Documents and Settings\Cheryl\Application Data\IKVAJ
2014-09-01 03:18 - 2014-09-01 03:18 - 0002086 _____ () C:\Documents and Settings\Cheryl\Application Data\VAJKC
2014-03-06 18:44 - 2014-03-06 18:44 - 0000044 _____ () C:\Documents and Settings\Cheryl\Application Data\WB.CFG
2012-05-16 19:24 - 2015-01-21 12:57 - 0160768 _____ () C:\Documents and Settings\Cheryl\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-21 10:12 - 2012-09-21 10:12 - 0017408 _____ () C:\Documents and Settings\Cheryl\Local Settings\Application Data\WebpageIcons.db

Some content of TEMP:
====================
C:\Documents and Settings\Cheryl\Local Settings\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-01-2015 01
Ran by Cheryl at 2015-01-27 21:47:49
Running from C:\Documents and Settings\Cheryl\My Documents\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
3DVIA player 5.0.0.20 (HKLM\...\{B01DD1A4-F4E1-4CE7-AB6E-3168C5BD5D30}) (Version: 5.0.20 - 3DVIA)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden
C510 (Version: 140.0.344.000 - Hewlett-Packard) Hidden
Canon PowerShot A3500 IS Camera User Guide (HKLM\...\CameraUserGuide-PSA3500IS) (Version: 1.0.0.1 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC) (Version: 8.10.0.16 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM\...\ImageBrowser EX) (Version: 1.4.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Destinations (Version: 140.0.167.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden
Haali Media Splitter (HKLM\...\HaaliMkx) (Version: - )
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart eStn C510 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{EEEA9020-FCB0-4E35-82B9-D0994EF267B0}) (Version: 14.0 - HP)
HP Product Detection (HKLM\...\{8A9FC225-75F6-4B5D-911C-0ED230565643}) (Version: 11.15.0009 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAppStudio (Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
IObit Toolbar v6.2 (HKLM\...\{835BCA58-EBE8-415B-8E7F-457F76F15821}) (Version: 6.2 - Spigot, Inc.) <==== ATTENTION
KODAK Share Button App (HKLM\...\{F5930CDE-2FF5-4A8D-9DBD-3177C816D4A9}) (Version: 4.05.0000.0000 - Eastman Kodak Company)
LeapFrog Connect (Version: 4.2.13.16151 - LeapFrog) Hidden
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden
PokerStars.net (HKLM\...\PokerStars.net) (Version: - PokerStars.net)
PS_AIO_07_C510_SW_Min (Version: 140.0.344.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Rapport (Version: 3.5.1404.61 - Trusteer) Hidden
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.23.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5730 - Realtek Semiconductor Corp.)
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (Version: 140.0.256.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1404.61 - Trusteer)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Cheryl\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Cheryl\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Cheryl\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Cheryl\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Cheryl\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Cheryl\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Cheryl\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Cheryl\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Cheryl\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Cheryl\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

29-10-2014 21:23:09 System Checkpoint
30-10-2014 22:16:27 System Checkpoint
31-10-2014 22:53:25 System Checkpoint
01-11-2014 23:16:19 System Checkpoint
02-11-2014 06:19:49 Removed AVG 2015
03-11-2014 08:40:52 Removed AVG 2015
03-11-2014 08:43:01 Removed AVG 2015
04-11-2014 12:40:40 System Checkpoint
05-11-2014 12:52:23 System Checkpoint
06-11-2014 12:59:04 System Checkpoint
07-11-2014 13:25:43 System Checkpoint
08-11-2014 14:00:18 System Checkpoint
09-11-2014 14:03:00 System Checkpoint
10-11-2014 15:07:08 System Checkpoint
11-11-2014 15:51:19 System Checkpoint
12-11-2014 15:54:04 System Checkpoint
13-11-2014 03:00:25 Software Distribution Service 3.0
14-11-2014 09:53:38 System Checkpoint
15-11-2014 10:11:40 System Checkpoint
16-11-2014 10:22:18 System Checkpoint
17-11-2014 11:58:31 System Checkpoint
18-11-2014 12:14:32 System Checkpoint
19-11-2014 13:44:15 System Checkpoint
20-11-2014 06:43:36 Removed Google Earth.
21-11-2014 08:27:50 System Checkpoint
22-11-2014 09:23:36 System Checkpoint
23-11-2014 10:39:24 System Checkpoint
24-11-2014 11:34:19 System Checkpoint
25-11-2014 11:56:21 System Checkpoint
26-11-2014 11:58:24 System Checkpoint
27-11-2014 12:35:33 System Checkpoint
28-11-2014 15:07:32 System Checkpoint
29-11-2014 16:22:19 System Checkpoint
30-11-2014 16:30:00 System Checkpoint
01-12-2014 16:52:27 System Checkpoint
02-12-2014 17:38:27 System Checkpoint
03-12-2014 20:57:06 System Checkpoint
04-12-2014 23:59:52 System Checkpoint
06-12-2014 11:58:03 System Checkpoint
07-12-2014 12:40:34 System Checkpoint
08-12-2014 13:03:32 System Checkpoint
09-12-2014 14:52:29 System Checkpoint
10-12-2014 15:36:53 System Checkpoint
11-12-2014 05:08:52 Software Distribution Service 3.0
12-12-2014 09:10:27 System Checkpoint
13-12-2014 09:33:01 System Checkpoint
14-12-2014 10:57:56 System Checkpoint
14-12-2014 15:59:19 Installed AVG 2015
14-12-2014 16:00:16 Installed AVG 2015
14-12-2014 18:06:43 Installed AVG PC TuneUp 2015
15-12-2014 18:28:45 System Checkpoint
15-12-2014 18:45:43 Removed AVG PC TuneUp 2015
15-12-2014 18:47:53 Removed AVG PC TuneUp 2015 (en-US)
16-12-2014 18:55:57 System Checkpoint
17-12-2014 19:02:55 System Checkpoint
18-12-2014 19:03:49 System Checkpoint
19-12-2014 19:59:32 System Checkpoint
20-12-2014 19:21:47 Installed Windows XP KB942288-v3.
20-12-2014 19:22:32 AA11
20-12-2014 19:26:04 LavasoftWeCompanion
20-12-2014 22:11:53 AA11
20-12-2014 22:26:29 LavasoftWeCompanion
21-12-2014 14:02:18 Removed AVG 2015
21-12-2014 14:04:30 Removed AVG 2015
21-12-2014 14:08:31 Removed Visual Studio 2012 x86 Redistributables
22-12-2014 20:50:04 System Checkpoint
22-12-2014 23:49:21 avast! antivirus system restore point
24-12-2014 12:10:57 System Checkpoint
25-12-2014 12:29:05 System Checkpoint
26-12-2014 12:47:38 System Checkpoint
27-12-2014 13:17:41 System Checkpoint
28-12-2014 13:23:52 System Checkpoint
29-12-2014 13:57:25 System Checkpoint
30-12-2014 13:59:34 System Checkpoint
31-12-2014 16:09:05 System Checkpoint
01-01-2015 16:55:13 System Checkpoint
02-01-2015 16:56:45 System Checkpoint
03-01-2015 17:37:02 System Checkpoint
05-01-2015 08:06:38 System Checkpoint
06-01-2015 08:56:11 System Checkpoint
07-01-2015 10:05:08 System Checkpoint
07-01-2015 22:45:36 Installed Rapport
08-01-2015 23:39:49 System Checkpoint
10-01-2015 08:49:37 System Checkpoint
11-01-2015 07:54:37 Removed iTunes
12-01-2015 08:10:17 System Checkpoint
12-01-2015 12:49:13 Installed Rapport
13-01-2015 13:05:22 System Checkpoint
14-01-2015 07:59:08 Software Distribution Service 3.0
15-01-2015 08:46:09 System Checkpoint
16-01-2015 11:04:24 System Checkpoint
17-01-2015 11:41:25 System Checkpoint
18-01-2015 13:18:23 System Checkpoint
19-01-2015 13:20:35 System Checkpoint
20-01-2015 13:58:25 System Checkpoint
21-01-2015 14:45:05 System Checkpoint
22-01-2015 15:07:36 System Checkpoint
23-01-2015 14:05:35 avast! antivirus system restore point
23-01-2015 14:46:17 avast! antivirus system restore point
23-01-2015 20:49:26 Removed Apple Application Support
23-01-2015 20:51:23 Removed Apple Mobile Device Support
23-01-2015 20:52:14 Removed Apple Software Update
24-01-2015 12:35:55 Removed QuickTime 7
24-01-2015 12:48:39 Installed QuickTime 7
25-01-2015 13:27:33 System Checkpoint
26-01-2015 11:09:23 Restore Operation
26-01-2015 12:58:26 Restore Operation
26-01-2015 14:50:12 avast! antivirus system restore point
26-01-2015 15:11:46 avast! antivirus system restore point
27-01-2015 16:53:09 System Checkpoint
27-01-2015 20:38:54 Restore Point Created by FRST

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 07:00 - 2013-06-10 13:02 - 00000019 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 64119d8e-e944-4819-8e65-f21bbc3e138a.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 9bce06e9-557d-49bb-b8b4-9c6c26ada618.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (whitelisted) =============

2015-01-27 20:47 - 2015-01-27 20:47 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012701\algo.dll
2015-01-26 15:14 - 2015-01-26 15:14 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-03-23 16:04 - 2014-03-23 16:04 - 00557056 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll
2015-01-26 22:07 - 2015-01-25 16:08 - 09170760 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.93\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A3E1F4EF

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageBrowser EX Agent.lnk => C:\WINDOWS\pss\ImageBrowser EX Agent.lnkCommon Startup

========================= Accounts: ==========================

Administrator (S-1-5-21-1214440339-1659004503-1801674531-500 - Administrator - Enabled)
Cheryl (S-1-5-21-1214440339-1659004503-1801674531-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Cheryl
Guest (S-1-5-21-1214440339-1659004503-1801674531-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1214440339-1659004503-1801674531-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1214440339-1659004503-1801674531-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: SASKUTIL
Description: SASKUTIL
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SASKUTIL
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/26/2015 04:16:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 39.0.2171.99, faulting module chrome.dll, version 39.0.2171.99, fault address 0x0051f7f8.
Processing media-specific event for [chrome.exe!ws!]

Error: (01/26/2015 04:03:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 39.0.2171.99, faulting module chrome.dll, version 39.0.2171.99, fault address 0x0051f7f8.
Processing media-specific event for [chrome.exe!ws!]

Error: (01/26/2015 04:03:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 39.0.2171.99, faulting module chrome.dll, version 39.0.2171.99, fault address 0x0051f7f8.
Processing media-specific event for [chrome.exe!ws!]

Error: (01/26/2015 03:49:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 39.0.2171.99, faulting module chrome.dll, version 39.0.2171.99, fault address 0x0051f7f8.
Processing media-specific event for [chrome.exe!ws!]

Error: (01/26/2015 03:22:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 39.0.2171.99, faulting module chrome.dll, version 39.0.2171.99, fault address 0x0051f7f8.
Processing media-specific event for [chrome.exe!ws!]

Error: (01/26/2015 03:22:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 39.0.2171.99, faulting module chrome.dll, version 39.0.2171.99, fault address 0x0051f7f8.
Processing media-specific event for [chrome.exe!ws!]

Error: (01/26/2015 03:22:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 39.0.2171.99, faulting module chrome.dll, version 39.0.2171.99, fault address 0x0051f7f8.
Processing media-specific event for [chrome.exe!ws!]

Error: (01/26/2015 03:22:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 39.0.2171.99, faulting module chrome.dll, version 39.0.2171.99, fault address 0x0051f7f8.
Processing media-specific event for [chrome.exe!ws!]

Error: (01/26/2015 02:51:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 39.0.2171.99, faulting module chrome.dll, version 39.0.2171.99, fault address 0x0051f7f8.
Processing media-specific event for [chrome.exe!ws!]

Error: (01/26/2015 02:47:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 39.0.2171.99, faulting module chrome.dll, version 39.0.2171.99, fault address 0x0051f7f8.
Processing media-specific event for [chrome.exe!ws!]

System errors:
=============
Error: (01/27/2015 09:18:04 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (01/27/2015 08:58:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error: 
%%126

Error: (01/27/2015 08:58:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error: 
%%126

Error: (01/27/2015 08:58:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error: 
%%126

Error: (01/27/2015 08:58:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error: 
%%126

Error: (01/27/2015 08:58:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error: 
%%126

Error: (01/27/2015 08:58:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error: 
%%126

Error: (01/27/2015 08:58:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error: 
%%126

Error: (01/27/2015 08:58:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error: 
%%126

Error: (01/27/2015 08:58:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error: 
%%126

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU E3200 @ 2.40GHz
Percentage of memory in use: 37%
Total physical RAM: 2038.23 MB
Available physical RAM: 1283.56 MB
Total Pagefile: 3934.63 MB
Available Pagefile: 3277.4 MB
Total Virtual: 2047.88 MB
Available Virtual: 1931.05 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:298.08 GB) (Free:247.19 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 8AB28AB2)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================


----------



## BrianDrab (Oct 22, 2014)

*Run RogueKiller*


Click *here* to go to the *RogueKiller* download page.
Scroll down on the page and click on the *Download* button for the 32-bit version.











Quit all programs and close all browsers.
Double click the *RogueKiller * icon to run the program.
*NOTE:* If this is the first time you have used the program you will need to accept the *User Agreement* and the browser will open with some information related to the program.
Wait until Prescan has finished ...This may take a few minutes, especially if it is the first time you have used the program.
Click on *Scan*
Wait for the end of the scan.
DO NOT delete anything at this time.
The report has been created on the desktop.
Please post:
All *RKreport.txt * text files located on your desktop.
*NOTE:* If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it to *winlogon.exe (or winlogon.com)* and try again


----------



## cherdon (Feb 10, 2009)

RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Cheryl [Administrator]
Mode : Scan -- Date : 01/27/2015 22:42:12

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 16 ¤¤¤
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:2954;https=127.0.0.1:2954; -> Found
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:2954;https=127.0.0.1:2954; -> Found
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 24.226.1.93 24.226.10.193 [CANADA (CA)][CANADA (CA)] -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 24.226.1.93 24.226.10.193 [CANADA (CA)][CANADA (CA)] -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 24.226.1.93 24.226.10.193 [CANADA (CA)][CANADA (CA)] -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{03A1F3B4-09A7-4F3D-A3F2-2786877B1477} | NameServer : 8.26.56.26,8.20.247.20 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{03A1F3B4-09A7-4F3D-A3F2-2786877B1477} | DhcpNameServer : 24.226.1.93 24.226.10.193 [CANADA (CA)][CANADA (CA)] -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{03A1F3B4-09A7-4F3D-A3F2-2786877B1477} | NameServer : 8.26.56.26,8.20.247.20 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{03A1F3B4-09A7-4F3D-A3F2-2786877B1477} | DhcpNameServer : 24.226.1.93 24.226.10.193 [CANADA (CA)][CANADA (CA)] -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{03A1F3B4-09A7-4F3D-A3F2-2786877B1477} | NameServer : 8.26.56.26,8.20.247.20 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{03A1F3B4-09A7-4F3D-A3F2-2786877B1477} | DhcpNameServer : 24.226.1.93 24.226.10.193 [CANADA (CA)][CANADA (CA)] -> Found
[PUM.SecurityCenter] HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | UpdatesDisableNotify : 1 -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3320613AS +++++
--- User ---
[MBR] d8631e3213d8ac03ff84bb0da667c34e
[BSP] c71ebe5e93804c1fdf2962363c62fd39 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 305234 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! NOT VALID!

+++++ PhysicalDrive1: Generic USB Storage-SMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic USB Storage-CFC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic USB Storage-MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic USB Storage-MSC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

There was nothing listed to delete..which I wasn't going to do anyways as per your instructions


----------



## BrianDrab (Oct 22, 2014)

We found some items to remove. Please do the following.


Step#1 - Run RogueKiller / Remove Entries
1. Open up *RogueKiller*.
2. Allow the pre-scan to finish and then click on *Scan*.
3. Once the scan finishes, click on the *Registry* tab and place a *check mark *in the following lines.
(These are all the lines that have have *PUM.Proxy *in the Type column.)


[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:2954;https=127.0.0.1:2954; -> Found
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:2954;https=127.0.0.1:2954; -> Found


4. Click the *Delete *button.
5. Then click on the *Report *button. A text file will open. Please copy/paste the contents of this long in your next post.
6. Reboot your machine!


----------



## cherdon (Feb 10, 2009)

RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Cheryl [Administrator]
Mode : Delete -- Date : 01/27/2015 23:43:06

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 16 ¤¤¤
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Replaced (0)
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Replaced (0)
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:2954;https=127.0.0.1:2954; -> Deleted
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:2954;https=127.0.0.1:2954; -> ERROR [2]
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 24.226.1.93 24.226.10.193 [CANADA (CA)][CANADA (CA)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 24.226.1.93 24.226.10.193 [CANADA (CA)][CANADA (CA)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 24.226.1.93 24.226.10.193 [CANADA (CA)][CANADA (CA)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{03A1F3B4-09A7-4F3D-A3F2-2786877B1477} | NameServer : 8.26.56.26,8.20.247.20 [UNITED STATES (US)][UNITED STATES (US)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{03A1F3B4-09A7-4F3D-A3F2-2786877B1477} | DhcpNameServer : 24.226.1.93 24.226.10.193 [CANADA (CA)][CANADA (CA)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{03A1F3B4-09A7-4F3D-A3F2-2786877B1477} | NameServer : 8.26.56.26,8.20.247.20 [UNITED STATES (US)][UNITED STATES (US)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{03A1F3B4-09A7-4F3D-A3F2-2786877B1477} | DhcpNameServer : 24.226.1.93 24.226.10.193 [CANADA (CA)][CANADA (CA)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{03A1F3B4-09A7-4F3D-A3F2-2786877B1477} | NameServer : 8.26.56.26,8.20.247.20 [UNITED STATES (US)][UNITED STATES (US)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{03A1F3B4-09A7-4F3D-A3F2-2786877B1477} | DhcpNameServer : 24.226.1.93 24.226.10.193 [CANADA (CA)][CANADA (CA)] -> Not selected
[PUM.SecurityCenter] HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | UpdatesDisableNotify : 1 -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 31 (Driver: Loaded) ¤¤¤
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CloseHandle : Unknown @ 0x7164003c (push dword 0x71630022|ret |jmp dword near [0x7163001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - ReadFile : Unknown @ 0x7150003c (push dword 0x714f0022|ret |jmp dword near [0x714f001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateProcessW : Unknown @ 0x714c003c (push dword 0x714b0022|ret |jmp dword near [0x714b001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - WriteFile : Unknown @ 0x715c003c (push dword 0x715b0022|ret |jmp dword near [0x715b001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - SetUnhandledExceptionFilter : Unknown @ 0x71a7003c (push dword 0x71a60022|ret |jmp dword near [0x71a6001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0x71a3003c (jmp 0xfffffffff5112b04|jmp dword near [0x71a2001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - ShowWindow : Unknown @ 0x7175003c (push dword 0x71740022|ret |jmp dword near [0x7174001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - PeekMessageW : Unknown @ 0x719f003c (push dword 0x719e0022|ret |jmp dword near [0x719e001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - TranslateMessage : Unknown @ 0x7171003c (push dword 0x71700022|ret |jmp dword near [0x7170001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWindowLongW : Unknown @ 0x7179003c (push dword 0x71780022|ret |jmp dword near [0x7178001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - CreateWindowExA : c:\program files\trusteer\rapport\bin\rooksbas.dll @ 0x509b30 (jmp dword near [0x7194001e]|jmp 0x10|jmp 0xffffffff8ebb9af0)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - CreateWindowExW : c:\program files\trusteer\rapport\bin\rooksbas.dll @ 0x5097e0 (jmp dword near [0x7198001e]|jmp 0x10|jmp 0xffffffff8eb797a0)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetParent : Unknown @ 0x717d003c (push dword 0x717c0022|ret |jmp dword near [0x717c001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - BeginPaint : Unknown @ 0x7189003c (push dword 0x71880022|ret |jmp dword near [0x7188001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CancelIo : Unknown @ 0x7160003c (push dword 0x715f0022|ret |jmp dword near [0x715f001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0x7158003c (push dword 0x71570022|ret |jmp dword near [0x7157001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - GetQueuedCompletionStatus : Unknown @ 0x7168003c (push dword 0x71670022|ret |jmp dword near [0x7167001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateIoCompletionPort : Unknown @ 0x7154003c (push dword 0x71530022|ret |jmp dword near [0x7153001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe) GDI32.dll - BitBlt : Unknown @ 0x718d003c (push dword 0x718c0022|ret |jmp dword near [0x718c001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ADVAPI32.dll - CreateProcessAsUserW : Unknown @ 0x7148003c (push dword 0x71470022|ret |jmp dword near [0x7147001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - GetClipboardData : Unknown @ 0x7183003c (push dword 0x71820022|ret |jmp dword near [0x7182001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe) CRYPT32.dll - CertVerifyCertificateChainPolicy : Unknown @ 0x7191003c (push dword 0x71900022|ret |jmp dword near [0x7190001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe) WS2_32.dll - getaddrinfo : Unknown @ 0x716d003c (jmp 0x6fe0d5b3|jmp dword near [0x716c001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe) user32.dll - BeginPaint : Unknown @ 0x7189003c (push dword 0x71880022|ret |jmp dword near [0x7188001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe) user32.dll - SetParent : Unknown @ 0x717d003c (push dword 0x717c0022|ret |jmp dword near [0x717c001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe) user32.dll - ShowWindow : Unknown @ 0x7175003c (push dword 0x71740022|ret |jmp dword near [0x7174001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe) user32.dll - GetClipboardData : Unknown @ 0x7183003c (push dword 0x71820022|ret |jmp dword near [0x7182001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe) user32.dll - SetWindowLongW : Unknown @ 0x7179003c (push dword 0x71780022|ret |jmp dword near [0x7178001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe) user32.dll - TranslateMessage : Unknown @ 0x7171003c (push dword 0x71700022|ret |jmp dword near [0x7170001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe) user32.dll - CreateWindowExW : c:\program files\trusteer\rapport\bin\rooksbas.dll @ 0x5097e0 (jmp dword near [0x7198001e]|jmp 0x10|jmp 0xffffffff8eb797a0)
[IAT:Inl(Hook.IEAT)] (chrome.exe) user32.dll - PeekMessageW : Unknown @ 0x719f003c (push dword 0x719e0022|ret |jmp dword near [0x719e001e]|jmp 0x10)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3320613AS +++++
--- User ---
[MBR] d8631e3213d8ac03ff84bb0da667c34e
[BSP] c71ebe5e93804c1fdf2962363c62fd39 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 305234 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! NOT VALID!

+++++ PhysicalDrive1: Generic USB Storage-SMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic USB Storage-CFC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic USB Storage-MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic USB Storage-MSC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

============================================
RKreport_SCN_01272015_224211.log - RKreport_SCN_01272015_233925.log


----------



## cherdon (Feb 10, 2009)

I rebooted computer and when I went into my Outlook Express to see if you had replied to above thread I got the following 

There was a problem logging onto your mail server. Your Password was rejected. Account: 'pophm.sympatico.ca ', Server: 'pophm.sympatico.ca', Protocol: POP3, Server Response: '-ERR authentication failed', Port: 995, Secure(SSL): Yes, Server Error: 0x800CCC90, Error Number: 0x800CCC92


----------



## BrianDrab (Oct 22, 2014)

Things are looking better. Please do the following.


Step#1 - Warnings
CCleaner
I see that you have CCleaner installed. This is indeed a good product but I wanted to caution you on running the registry cleaning functionality of the tool. Please avoid this as it can do more harm than good.

IOBit Toolbar
I see that this is still installed which is completely fine if you decided you wanted to keep it. Just thought I would mention it in case it wasn't intentional.

Step#2 - FRST Fix
*NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system*
1. Download attached file and save it to the *Desktop.*
*Note.* It's important that both files, *FRST* and *fixlist.txt *are in the same location or the fix will not work (in this case...the desktop).
2. Run *FRST* by *Double-Clicking *on the *FRST.exe *file.
3. Press the *Fix* button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (*Fixlog.txt*). Please post the contents of it in your reply.

Step#3 - JRT
1. Download Junkware Removal Tool to your desktop.
2. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
3, The tool will open and start scanning your system.
4. Please be patient as this can take a while to complete depending on your system's specifications.
5. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
6. *Close *the text file and *reboot *your machine.
7. After your machine is rebooted, please *re-enable *your antivirus.
8. Post the contents of *JRT.txt *into your next message.

Step#4 - Malwarebytes Scan


Download Malwarebytes *to your desktop *from here.
*Double-click *on the file that is downloaded to your *desktop*.
Select the appropriate language and click *OK*.
Click *Next*.
Select "*I accept the agreement*" and click *Next*.
Click Next
Change the install path if desired. Normally you will keep this as is. Click *Next*.
Click *Next *again.
Click *Next *again.
Click *Install*.
*Uncheck *"Enable free trial of Malwarebytes Anti-Malware Premium".
Click *Finish*
If an update is found you will be prompted to download and install. Go ahead.
Click the *Settings *button and then the *Detection and Protection *tab. Then check the box to *Scan for rootkits*. as shown below.









Click the *Scan *button at the top of the form and then click *Scan Now*.








If anything is detected, there will be an *Apply Actions *button. Please click this.
Once the scan completes click the *View detailed log *link.








Then click the *Copy to clipboard *button and paste into your next post.









Items for your next post
1. FRST Fix Log
2. Junkware Log
3. Malwarebytes Log


----------



## cherdon (Feb 10, 2009)

Thanks for the 2 tips..i wasn't aware that I shouldn't use the registry cleaning functionality of the tool so I will make sure I dont. As far as IOBit Toolbar I dont even know what this is for and no I dont want it but as one of my earlier postings indicated as shown in print screen photo, it wont let me remove it.


----------



## BrianDrab (Oct 22, 2014)

> no I dont want it but as one of my earlier postings indicated as shown in print screen photo, it wont let me remove it.


Ahhh yes you did say that. We'll be sure to get that removed later.

Also I saw your message about having issues with Outlook Express and your Email. If possible I'd like to get you malware free and then we can work on those other issues. Thanks.


----------



## BrianDrab (Oct 22, 2014)

I'm going to turn in for the evening. I'll check for the other logs (FRST Fix, Junkware & Malwarebytes) in the morning.


Good job so far. We're almost there.


----------



## cherdon (Feb 10, 2009)

Ok goodnight BrianDrab..I will continue on but wanted you to know I fixed issue in Outlook..got that warning that someone may be trying to pretend they are me so I had to verify myself and get a special code sent to another email addy, then change password. It happens often and is a real pain.


----------



## cherdon (Feb 10, 2009)

Tried to do #2 in Step 2 and now instead of being able to click on fix the following box popped up 

View attachment frst.bmp


----------



## cherdon (Feb 10, 2009)

Step #3

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Microsoft Windows XP x86
Ran by Cheryl on Wed 01/28/2015 at 0:45:39.89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611571181}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611571181}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{85A60A59-D3D8-468F-B598-FB4393789EF4}

~~~ Files

~~~ Folders

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 01/28/2015 at 0:52:10.59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


----------



## cherdon (Feb 10, 2009)

Step #4 just to let you know when I first clicked on malwarebytes link I got the following >>> mbam-setup-2.0.4.1028 (5).exeDownload error http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.4.1028.exe

Seems like lately when I am downloading a program the 1st and/or 2nd time around I get this error then finally I am able to do so on the 3rd try which is also odd. I should be able to download the 1st time each time. Below is log

Goodnight BrianDrab..I will check back after I do my banking and groceries in the morning.


----------



## BrianDrab (Oct 22, 2014)

We'll try to get your downloading consistent as well. Hang in there. Please do the following.

Step#1 - Rootkit Scan
1. Download aswMBR to your desktop.
2. Double-click on *aswMBR.exe* to run it.
3. If you get a question about *Virtualization Technology*, answer *Yes*.
4. If you see this question: Would you like to download latest Avast! virus definitions?" say "*Yes*".
5. Click the "*Scan*" button to start scan.
6. On completion of the scan click "*Save log*", save it to your *desktop *and post in your next reply.
NOTE. aswMBR will create *MBR.dat* file on your desktop. This is a copy of your MBR. Do NOT delete it.

Step#2 - ESET Online Scanner and Post Results
Before running this scan, please temporarily disable your antivirus software to avoid conflicts. You can re-enable once it's done. Instructions for doing this on many AVs are here.


Please go here and click on








*Note*: This site is optimized for Internet Explorer. Please use it for this scan. If you wish to use Firefox or Chrome you will be asked to download the ESET Smart Installer first (*esetsmartinstaller_enu.exe). *Go ahead and download and run this file.
Please accept the *ESET Online Scanner EULA *and click *Start*.
If prompted, allow the Add-On/Active X to install. If you have problems with this step please see this link.
Make sure *Enable detection of potentially unwanted applications *is selected.
Click the *Advanced Settings *link.
Make sure *Remove found threats *is NOT checked.
Make sure *Scan archives *IS checked.
Make sure *Scan for potentially unsafe applications *IS checked.
Make sure* Enable Anti-Stealth technology *IS checked









Click on Start
The *virus signature database *will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall. 
When completed, if anything was detected please click the *List of found threats *link.
*







*
Then click the *Copy to Clipboard *link and paste this information into your next reply.
*







*
Then you may click the Back button.
Check *Uninstall Application on Close *before clicking finish.

Items for your next post
1. Rootkit Scan Log
2. Contents of the ESET log file


----------



## cherdon (Feb 10, 2009)

Heading out now for a few hours..I did Rootkit scan but not sure if it was really done or not..it seemed to just sit there after last entry so I saved log and have posted. If this scan really wasn't completed, let me know and I will run again when I get home.


----------



## BrianDrab (Oct 22, 2014)

It finished successfully and is thankfully clean. You can move on to the next step. Thanks.


----------



## cherdon (Feb 10, 2009)

Well I tried running ESET using IE and wasn't able to do so. I retried a few times right clicking on install this add on for all users on this computer but of course thats not working either. Took a print screen of error that comes up. Will wait for what to try next. Guess I will try doing so using Chrome to see what happens in the meantime.

View attachment eset.bmp


----------



## BrianDrab (Oct 22, 2014)

Let me know how Chrome works. I'm unable to read the error message in the screen shot. Thanks.


----------



## cherdon (Feb 10, 2009)

C:\AdwCleaner\Quarantine\C\Program Files\shopperz\compot.dll.vir	a variant of Win32/Toolbar.BitCocktail.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\creed32.dll.vir	a variant of Win32/Toolbar.BitCocktail.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\hleb.dll.vir	a variant of Win32/Toolbar.Perion.K potentially unwanted application
C:\Documents and Settings\Cheryl\My Documents\Downloads\ccsetup501.exe	Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Documents and Settings\Cheryl\My Documents\info but no pics\APNSetup.exe	a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application
C:\Documents and Settings\Cheryl\My Documents\info but no pics\Virus & Spyware Programs\ccsetup323.exe	Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Documents and Settings\Cheryl\My Documents\info but no pics\Virus & Spyware Programs\ccsetup324.exe	Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Documents and Settings\Cheryl\My Documents\info but no pics\Virus & Spyware Programs\ccsetup325.exe	Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Documents and Settings\Cheryl\My Documents\info but no pics\Virus & Spyware Programs\video-converter-ultimate_full975.exe	Win32/OpenCandy potentially unsafe application
C:\FRST\Quarantine\C\Documents and Settings\Cheryl\Application Data\IKVAJ.xBAD	JS/Toolbar.Crossrider.C potentially unwanted application
C:\FRST\Quarantine\C\Documents and Settings\Cheryl\Application Data\VAJKC.xBAD	JS/Toolbar.Crossrider.C potentially unwanted application
C:\WINDOWS\Installer\MSI355.tmp	a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\WINDOWS\Installer\MSI359.tmp	a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\WINDOWS\Installer\MSI8A7.tmp	a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\WINDOWS\Installer\MSID96.tmp	a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application

Chrome worked..thats how I was able to run scan


----------



## BrianDrab (Oct 22, 2014)

Excellent. Please do the following and then we can start addressing any remaining issues that you have.

Step#1 - FRST Fix
*NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system*
1. Download attached file and save it to the *Desktop*.
*Note.* It's important that both files, *FRST* and *fixlist.txt *are in the same location or the fix will not work (in this case...the desktop).
2. Run *FRST* by *Double-Clicking *on the *FRST.exe *file.
3. Press the *Fix* button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (*Fixlog.txt*). Please post the contents of it in your reply.

Step#2 - FRST Registry Search

1. Run *FRST* by *Double-Clicking *on the file.
2. Copy and paste the words *IObit Toolbar *into the Search box and click the *Search Registry *button.










3. When the scan is complete a notepad window will open with the results. *Please copy and paste the contents in your next reply*. If for some reason notepad doesn't open the file should be
 saved on your desktop named *Search.txt*.

Step#3 - Security Check
1. Download *Security Check* from *here* or *here* or *here*.
2. Save it to your Desktop.
3. *Double-click *SecurityCheck.exe to run. Follow the onscreen instructions inside of the black box.
4. A Notepad document should open automatically called *checkup.txt*; please post the contents of that document.
Note: Don't be alarmed if the process runs for 10 to 15 minutes before completing. If it runs for over 30 minutes, just close the program and try running it again.
*NOTE:* If SecurityCheck aborts and you get the following message: *UNSUPPORTED OPERATING SYSTEM! ABORTED!* try rebooting the system and then run SecurityCheck again.

Step#4 - Fresh Set of Logs Needed
1. *Double click FRST.exe *to run. When the tool opens click *Yes* to disclaimer.
2. Note: Ensure that the Addition.txt check box is checked at the bottom of the form within the Optional Scan area.
3. Press *Scan* button.
4. It will produce a log called *FRST.txt* in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. The first time the tool is run it generates another log (*Addition.txt* - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.

Items for your next post
1. FRST Fix
2. FRST Registry Scan Results
3. Security Check log
4. Fresh FRST and Addition logs


----------



## cherdon (Feb 10, 2009)

When I do #3 of Step #1 I get a box saying No fixlist.txt found. I dont get it. I have copied and pasted what I got from doing #1 & #2

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2015 01
Ran by Cheryl (administrator) on CHERYL-A778CF1B on 28-01-2015 17:54:42
Running from C:\Documents and Settings\Cheryl\Desktop
Loaded Profiles: Cheryl (Available profiles: Cheryl)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:2954;https=127.0.0.1:2954;
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gfe_rd=cr&ei=jveYVIyuN4Sh8wehr4DgCg&gws_rd=ssl
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1263.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 24.226.1.93 24.226.10.193
Tcpip\..\Interfaces\{03A1F3B4-09A7-4F3D-A3F2-2786877B1477}: [NameServer] 8.26.56.26,8.20.247.20
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\Profiles\yqnlpmdi.default
FF DefaultSearchEngine: Google
FF DefaultSearchUrl: 
FF SelectedSearchEngine: Google
FF Homepage: about:blank
FF NewTab: about:blank
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.4.1 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @virtools.com/3DviaPlayer -> C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: MP3 Rocket Downloader - C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\Profiles\yqnlpmdi.default\Extensions\[email protected] [2013-03-11]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-06-24]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-26]
StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome: 
=======
CHR Profile: C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-26]
CHR Extension: (Google Docs) - C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-26]
CHR Extension: (Google Drive) - C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-26]
CHR Extension: (YouTube) - C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-26]
CHR Extension: (Google Search) - C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-26]
CHR Extension: (Google Sheets) - C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-26]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-26]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-26]
CHR Extension: (Gmail) - C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-26]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-26]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-26] (AVAST Software)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-12-22] (IBM Corp.)
S4 LeapFrog Connect Device Service; "C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2015-01-26] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [73480 2015-01-26] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2015-01-26] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2015-01-26] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2015-01-26] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2015-01-26] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2015-01-26] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2015-01-26] ()
R1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrv.sys [22312 2009-02-12] (EldoS Corporation)
S3 FlyUsb; C:\WINDOWS\System32\DRIVERS\FlyUsb.sys [18560 2008-02-26] (LeapFrog)
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2009-08-06] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2009-08-06] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2009-08-06] (HP)
R3 HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [220032 2008-04-13] (Conexant Systems, Inc.)
R3 HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [1041536 2008-04-13] (Conexant Systems, Inc.)
R1 RapportCerberus_80120; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80120.sys [472792 2015-01-12] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [251640 2014-12-22] (IBM Corp.)
R0 RapportKELL; C:\WINDOWS\System32\Drivers\RapportKELL.sys [208856 2014-12-22] (IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [332696 2014-12-22] (IBM Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 USBAAPL; C:\WINDOWS\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R3 winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [685056 2008-04-13] (Conexant Systems, Inc.)
S4 IntelIde; No ImagePath
U3 aswMBR; \??\C:\DOCUME~1\Cheryl\LOCALS~1\Temp\aswMBR.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-28 17:54 - 2015-01-28 17:55 - 00012497 _____ () C:\Documents and Settings\Cheryl\Desktop\FRST.txt
2015-01-28 17:49 - 2015-01-28 17:49 - 01121792 _____ (Farbar) C:\Documents and Settings\Cheryl\Desktop\FRST.exe
2015-01-28 12:39 - 2015-01-28 12:39 - 00000000 ____D () C:\Program Files\ESET
2015-01-28 02:12 - 2015-01-28 02:14 - 00569790 _____ () C:\Documents and Settings\Cheryl\My Documents\start up.bmp
2015-01-28 02:04 - 2015-01-28 02:04 - 00002047 _____ () C:\Documents and Settings\Cheryl\My Documents\mbam.txt
2015-01-28 01:15 - 2015-01-28 01:16 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-28 01:15 - 2015-01-28 01:15 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-28 01:14 - 2014-11-21 06:14 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-28 01:14 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-27 22:37 - 2015-01-27 23:36 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-01-27 22:37 - 2015-01-27 22:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2015-01-27 12:46 - 2015-01-27 12:46 - 00081920 _____ () C:\WINDOWS\Minidump\Mini012715-01.dmp
2015-01-26 23:51 - 2015-01-26 23:53 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-26 23:51 - 2015-01-26 23:51 - 00001678 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
2015-01-26 23:51 - 2015-01-26 23:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2015-01-26 22:07 - 2015-01-26 22:32 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-01-26 22:07 - 2015-01-26 22:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2015-01-26 22:03 - 2015-01-28 17:18 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-26 22:03 - 2015-01-28 08:45 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-26 22:01 - 2015-01-26 22:01 - 42609232 _____ (Google Inc.) C:\Documents and Settings\Cheryl\My Documents\ChromeStandaloneSetup.exe
2015-01-26 16:02 - 2015-01-28 17:45 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-26 16:02 - 2015-01-26 21:47 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-26 16:02 - 2015-01-26 21:47 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-26 15:32 - 2015-01-26 15:32 - 00000000 ____D () C:\Program Files\Dropbox
2015-01-26 15:31 - 2015-01-26 15:31 - 00000000 ____D () C:\Documents and Settings\Cheryl\Start Menu\Programs\Dropbox
2015-01-26 15:16 - 2015-01-26 15:16 - 00001731 _____ () C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2015-01-26 15:16 - 2015-01-26 15:16 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2015-01-26 15:16 - 2015-01-26 15:16 - 00000000 ____D () C:\Documents and Settings\Cheryl\Application Data\AVAST Software
2015-01-26 15:16 - 2015-01-26 15:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2015-01-26 15:15 - 2015-01-28 17:45 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-01-26 15:14 - 2015-01-26 15:15 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-01-26 15:14 - 2015-01-26 15:15 - 00423784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-01-26 15:14 - 2015-01-26 15:15 - 00073480 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2015-01-26 15:14 - 2015-01-26 15:14 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-01-26 15:14 - 2015-01-26 15:14 - 00206248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-01-26 15:14 - 2015-01-26 15:14 - 00057928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-01-26 15:14 - 2015-01-26 15:14 - 00055240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-01-26 15:14 - 2015-01-26 15:14 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-01-26 15:14 - 2015-01-26 15:14 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-01-26 15:14 - 2015-01-26 15:14 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-01-26 15:11 - 2015-01-26 15:11 - 00000000 ____D () C:\Program Files\AVAST Software
2015-01-26 15:08 - 2015-01-26 15:08 - 132469808 _____ (AVAST Software) C:\Documents and Settings\Cheryl\My Documents\avast_free_antivirus_setup.exe
2015-01-26 13:20 - 2015-01-26 13:21 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-26 13:20 - 2015-01-26 13:20 - 00000000 ____D () C:\Program Files\Apple Software Update
2015-01-26 13:12 - 2015-01-26 13:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2015-01-26 10:45 - 2015-01-26 10:45 - 00000000 ____D () C:\Program Files\MunSoft
2015-01-26 10:44 - 2015-01-26 10:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\PokerStars.NET
2015-01-25 16:07 - 2015-01-25 16:24 - 00000000 ____D () C:\Documents and Settings\Cheryl\My Documents\01-25-2015
2015-01-24 15:30 - 2015-01-26 13:06 - 00000000 ____D () C:\Documents and Settings\Cheryl\My Documents\steps taken to fix puter.do not delete
2015-01-24 12:47 - 2015-01-26 13:11 - 00000000 ____D () C:\Program Files\Common Files\Apple(2)
2015-01-24 12:47 - 2015-01-26 13:11 - 00000000 ____D () C:\Program Files\Apple Software Update(2)
2015-01-24 12:47 - 2015-01-24 12:47 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-01-24 12:19 - 2015-01-28 12:19 - 00000512 _____ () C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 9bce06e9-557d-49bb-b8b4-9c6c26ada618.job
2015-01-24 12:19 - 2015-01-28 02:00 - 00000512 _____ () C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 64119d8e-e944-4819-8e65-f21bbc3e138a.job
2015-01-24 12:19 - 2015-01-26 13:12 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware(2)
2015-01-24 12:19 - 2015-01-24 12:19 - 00000000 ____D () C:\Documents and Settings\Cheryl\Application Data\SUPERAntiSpyware.com
2015-01-24 12:19 - 2015-01-24 12:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2015-01-24 10:12 - 2015-01-28 01:15 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-23 14:51 - 2015-01-26 13:22 - 00000000 ____D () C:\Documents and Settings\Cheryl\Application Data\AVAST Software(2)
2015-01-23 14:46 - 2015-01-26 13:22 - 00000000 ____D () C:\Program Files\AVAST Software(2)
2015-01-18 14:00 - 2009-02-12 15:11 - 00022312 _____ (EldoS Corporation) C:\WINDOWS\system32\Drivers\rsdrv.sys
2015-01-17 01:16 - 2015-01-17 01:16 - 00071279 _____ () C:\Documents and Settings\Cheryl\My Documents\image_11.jpeg
2015-01-16 13:23 - 2015-01-16 13:23 - 00001650 _____ () C:\Documents and Settings\All Users\Desktop\PokerStars.net.lnk
2015-01-12 14:07 - 2012-05-26 22:15 - 00001519 _____ () C:\Documents and Settings\Cheryl\Desktop\Notepad.lnk
2015-01-12 12:49 - 2015-01-12 12:49 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Application Data\Trusteer
2015-01-11 07:10 - 2015-01-11 07:11 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-11 07:10 - 2015-01-11 07:10 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2015-01-11 06:59 - 2015-01-27 21:12 - 00000000 ____D () C:\AdwCleaner
2015-01-10 17:47 - 2015-01-18 18:30 - 00000000 ____D () C:\Documents and Settings\Cheryl\My Documents\01-10-2015
2015-01-07 22:46 - 2015-01-07 22:46 - 00000000 ____D () C:\Documents and Settings\Cheryl\Local Settings\Application Data\Trusteer
2015-01-07 22:45 - 2015-01-26 10:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Endpoint Protection
2015-01-07 22:45 - 2015-01-07 22:45 - 00000000 ____D () C:\Program Files\Trusteer
2015-01-07 22:43 - 2015-01-07 22:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Trusteer
2015-01-05 10:55 - 2015-01-18 18:36 - 00000000 ____D () C:\Documents and Settings\Cheryl\My Documents\01-05-2015
2015-01-01 05:27 - 2015-01-18 18:31 - 00000000 ____D () C:\Documents and Settings\Cheryl\My Documents\01-01-2015

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-28 17:55 - 2012-05-16 15:15 - 00000000 ____D () C:\Documents and Settings\Cheryl\Local Settings\Temp
2015-01-28 17:54 - 2014-12-23 00:31 - 00000000 ____D () C:\FRST
2015-01-28 17:45 - 2012-05-16 15:14 - 00032540 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-28 08:53 - 2012-05-16 11:06 - 00000211 _____ () C:\WINDOWS\wiadebug.log
2015-01-28 08:47 - 2012-05-16 15:11 - 01296886 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-28 08:45 - 2014-03-22 07:17 - 00000224 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-01-28 08:45 - 2012-05-16 15:14 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-28 08:45 - 2012-05-16 11:06 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-01-28 02:20 - 2012-05-16 15:15 - 00000178 ___SH () C:\Documents and Settings\Cheryl\ntuser.ini
2015-01-28 02:02 - 2013-12-11 23:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2898715$
2015-01-27 20:39 - 2012-05-16 15:14 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-01-27 14:35 - 2012-05-16 15:18 - 08938496 ___SH () C:\Documents and Settings\Cheryl\My Documents\Thumbs.db
2015-01-27 12:46 - 2012-09-15 10:59 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-27 01:09 - 2012-05-16 11:01 - 00000211 ___SH () C:\boot.ini
2015-01-27 01:09 - 2008-04-14 07:00 - 00000512 _____ () C:\WINDOWS\win.ini
2015-01-27 01:09 - 2008-04-14 07:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-01-26 22:05 - 2012-05-16 15:28 - 00000000 ____D () C:\Program Files\Google
2015-01-26 21:49 - 2013-09-29 13:12 - 00000000 ____D () C:\Documents and Settings\Cheryl\Local Settings\Application Data\Deployment
2015-01-26 21:46 - 2014-09-24 09:16 - 03539632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2015-01-26 16:01 - 2014-09-24 08:21 - 00000000 ____D () C:\Documents and Settings\Cheryl\Local Settings\Application Data\Adobe
2015-01-26 15:47 - 2012-05-16 15:15 - 00000000 ____D () C:\Documents and Settings\Cheryl
2015-01-26 15:11 - 2012-09-17 23:28 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2015-01-26 13:36 - 2012-05-16 15:14 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-01-26 13:36 - 2012-05-16 15:14 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-01-26 13:36 - 2012-05-16 15:09 - 00000000 ____D () C:\WINDOWS\Registration
2015-01-26 13:21 - 2012-05-16 16:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple
2015-01-26 13:19 - 2012-05-16 15:28 - 00000000 ____D () C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google
2015-01-26 13:12 - 2014-10-27 07:39 - 00000000 ____D () C:\Program Files\QuickTime
2015-01-26 13:12 - 2012-05-16 16:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple Computer
2015-01-26 10:44 - 2012-05-16 18:06 - 00000000 ____D () C:\Program Files\PokerStars.NET
2015-01-26 10:39 - 2013-07-25 16:18 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-26 10:36 - 2014-12-20 01:10 - 00000000 ____D () C:\Documents and Settings\Cheryl\My Documents\newest pics
2015-01-26 10:33 - 2014-10-27 07:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-01-26 10:14 - 2014-07-03 22:28 - 00000000 ____D () C:\Documents and Settings\Cheryl\My Documents\soph pics
2015-01-26 09:05 - 2012-05-16 15:10 - 00000000 ____D () C:\WINDOWS\system32\Restore
2015-01-26 07:39 - 2008-04-14 07:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2015-01-25 16:30 - 2012-09-24 00:01 - 11826176 ___SH () C:\Documents and Settings\Cheryl\Desktop\Thumbs.db
2015-01-24 11:36 - 2012-05-16 15:58 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2564958$
2015-01-23 20:38 - 2013-03-27 11:52 - 00000000 ____D () C:\Program Files\LeapFrog
2015-01-23 20:38 - 2013-03-27 11:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Leapfrog
2015-01-21 12:57 - 2012-05-16 19:24 - 00160768 _____ () C:\Documents and Settings\Cheryl\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-18 14:45 - 2012-09-23 12:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2015-01-14 10:07 - 2012-05-16 16:22 - 00000000 ____D () C:\WINDOWS\pss
2015-01-14 08:00 - 2012-05-16 16:04 - 110348472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-11 09:41 - 2012-05-16 15:33 - 00000000 ____D () C:\Documents and Settings\Cheryl\Local Settings\Application Data\Temp
2015-01-08 15:00 - 2014-03-22 07:17 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-01-01 11:23 - 2014-12-26 00:34 - 00000000 ____D () C:\Documents and Settings\Cheryl\My Documents\xmas Pics

==================== Files in the root of some directories =======

2014-03-06 18:44 - 2014-03-06 18:44 - 0000044 _____ () C:\Documents and Settings\Cheryl\Application Data\WB.CFG
2012-05-16 19:24 - 2015-01-21 12:57 - 0160768 _____ () C:\Documents and Settings\Cheryl\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-21 10:12 - 2012-09-21 10:12 - 0017408 _____ () C:\Documents and Settings\Cheryl\Local Settings\Application Data\WebpageIcons.db

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-01-2015 01
Ran by Cheryl at 2015-01-28 17:55:45
Running from C:\Documents and Settings\Cheryl\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
3DVIA player 5.0.0.20 (HKLM\...\{B01DD1A4-F4E1-4CE7-AB6E-3168C5BD5D30}) (Version: 5.0.20 - 3DVIA)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden
C510 (Version: 140.0.344.000 - Hewlett-Packard) Hidden
Canon PowerShot A3500 IS Camera User Guide (HKLM\...\CameraUserGuide-PSA3500IS) (Version: 1.0.0.1 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC) (Version: 8.10.0.16 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM\...\ImageBrowser EX) (Version: 1.4.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Destinations (Version: 140.0.167.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden
Haali Media Splitter (HKLM\...\HaaliMkx) (Version: - )
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart eStn C510 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{EEEA9020-FCB0-4E35-82B9-D0994EF267B0}) (Version: 14.0 - HP)
HP Product Detection (HKLM\...\{8A9FC225-75F6-4B5D-911C-0ED230565643}) (Version: 11.15.0009 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAppStudio (Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
IObit Toolbar v6.2 (HKLM\...\{835BCA58-EBE8-415B-8E7F-457F76F15821}) (Version: 6.2 - Spigot, Inc.) <==== ATTENTION
KODAK Share Button App (HKLM\...\{F5930CDE-2FF5-4A8D-9DBD-3177C816D4A9}) (Version: 4.05.0000.0000 - Eastman Kodak Company)
LeapFrog Connect (Version: 4.2.13.16151 - LeapFrog) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden
PokerStars.net (HKLM\...\PokerStars.net) (Version: - PokerStars.net)
PS_AIO_07_C510_SW_Min (Version: 140.0.344.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Rapport (Version: 3.5.1404.61 - Trusteer) Hidden
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.23.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5730 - Realtek Semiconductor Corp.)
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (Version: 140.0.256.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1404.61 - Trusteer)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Cheryl\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Cheryl\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Cheryl\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Cheryl\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Cheryl\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Cheryl\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Cheryl\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Cheryl\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Cheryl\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Cheryl\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

30-10-2014 22:16:27 System Checkpoint
31-10-2014 22:53:25 System Checkpoint
01-11-2014 23:16:19 System Checkpoint
02-11-2014 06:19:49 Removed AVG 2015
03-11-2014 08:40:52 Removed AVG 2015
03-11-2014 08:43:01 Removed AVG 2015
04-11-2014 12:40:40 System Checkpoint
05-11-2014 12:52:23 System Checkpoint
06-11-2014 12:59:04 System Checkpoint
07-11-2014 13:25:43 System Checkpoint
08-11-2014 14:00:18 System Checkpoint
09-11-2014 14:03:00 System Checkpoint
10-11-2014 15:07:08 System Checkpoint
11-11-2014 15:51:19 System Checkpoint
12-11-2014 15:54:04 System Checkpoint
13-11-2014 03:00:25 Software Distribution Service 3.0
14-11-2014 09:53:38 System Checkpoint
15-11-2014 10:11:40 System Checkpoint
16-11-2014 10:22:18 System Checkpoint
17-11-2014 11:58:31 System Checkpoint
18-11-2014 12:14:32 System Checkpoint
19-11-2014 13:44:15 System Checkpoint
20-11-2014 06:43:36 Removed Google Earth.
21-11-2014 08:27:50 System Checkpoint
22-11-2014 09:23:36 System Checkpoint
23-11-2014 10:39:24 System Checkpoint
24-11-2014 11:34:19 System Checkpoint
25-11-2014 11:56:21 System Checkpoint
26-11-2014 11:58:24 System Checkpoint
27-11-2014 12:35:33 System Checkpoint
28-11-2014 15:07:32 System Checkpoint
29-11-2014 16:22:19 System Checkpoint
30-11-2014 16:30:00 System Checkpoint
01-12-2014 16:52:27 System Checkpoint
02-12-2014 17:38:27 System Checkpoint
03-12-2014 20:57:06 System Checkpoint
04-12-2014 23:59:52 System Checkpoint
06-12-2014 11:58:03 System Checkpoint
07-12-2014 12:40:34 System Checkpoint
08-12-2014 13:03:32 System Checkpoint
09-12-2014 14:52:29 System Checkpoint
10-12-2014 15:36:53 System Checkpoint
11-12-2014 05:08:52 Software Distribution Service 3.0
12-12-2014 09:10:27 System Checkpoint
13-12-2014 09:33:01 System Checkpoint
14-12-2014 10:57:56 System Checkpoint
14-12-2014 15:59:19 Installed AVG 2015
14-12-2014 16:00:16 Installed AVG 2015
14-12-2014 18:06:43 Installed AVG PC TuneUp 2015
15-12-2014 18:28:45 System Checkpoint
15-12-2014 18:45:43 Removed AVG PC TuneUp 2015
15-12-2014 18:47:53 Removed AVG PC TuneUp 2015 (en-US)
16-12-2014 18:55:57 System Checkpoint
17-12-2014 19:02:55 System Checkpoint
18-12-2014 19:03:49 System Checkpoint
19-12-2014 19:59:32 System Checkpoint
20-12-2014 19:21:47 Installed Windows XP KB942288-v3.
20-12-2014 19:22:32 AA11
20-12-2014 19:26:04 LavasoftWeCompanion
20-12-2014 22:11:53 AA11
20-12-2014 22:26:29 LavasoftWeCompanion
21-12-2014 14:02:18 Removed AVG 2015
21-12-2014 14:04:30 Removed AVG 2015
21-12-2014 14:08:31 Removed Visual Studio 2012 x86 Redistributables
22-12-2014 20:50:04 System Checkpoint
22-12-2014 23:49:21 avast! antivirus system restore point
24-12-2014 12:10:57 System Checkpoint
25-12-2014 12:29:05 System Checkpoint
26-12-2014 12:47:38 System Checkpoint
27-12-2014 13:17:41 System Checkpoint
28-12-2014 13:23:52 System Checkpoint
29-12-2014 13:57:25 System Checkpoint
30-12-2014 13:59:34 System Checkpoint
31-12-2014 16:09:05 System Checkpoint
01-01-2015 16:55:13 System Checkpoint
02-01-2015 16:56:45 System Checkpoint
03-01-2015 17:37:02 System Checkpoint
05-01-2015 08:06:38 System Checkpoint
06-01-2015 08:56:11 System Checkpoint
07-01-2015 10:05:08 System Checkpoint
07-01-2015 22:45:36 Installed Rapport
08-01-2015 23:39:49 System Checkpoint
10-01-2015 08:49:37 System Checkpoint
11-01-2015 07:54:37 Removed iTunes
12-01-2015 08:10:17 System Checkpoint
12-01-2015 12:49:13 Installed Rapport
13-01-2015 13:05:22 System Checkpoint
14-01-2015 07:59:08 Software Distribution Service 3.0
15-01-2015 08:46:09 System Checkpoint
16-01-2015 11:04:24 System Checkpoint
17-01-2015 11:41:25 System Checkpoint
18-01-2015 13:18:23 System Checkpoint
19-01-2015 13:20:35 System Checkpoint
20-01-2015 13:58:25 System Checkpoint
21-01-2015 14:45:05 System Checkpoint
22-01-2015 15:07:36 System Checkpoint
23-01-2015 14:05:35 avast! antivirus system restore point
23-01-2015 14:46:17 avast! antivirus system restore point
23-01-2015 20:49:26 Removed Apple Application Support
23-01-2015 20:51:23 Removed Apple Mobile Device Support
23-01-2015 20:52:14 Removed Apple Software Update
24-01-2015 12:35:55 Removed QuickTime 7
24-01-2015 12:48:39 Installed QuickTime 7
25-01-2015 13:27:33 System Checkpoint
26-01-2015 11:09:23 Restore Operation
26-01-2015 12:58:26 Restore Operation
26-01-2015 14:50:12 avast! antivirus system restore point
26-01-2015 15:11:46 avast! antivirus system restore point
27-01-2015 16:53:09 System Checkpoint
27-01-2015 20:38:54 Restore Point Created by FRST
28-01-2015 00:06:18 Restore Point Created by FRST

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 07:00 - 2013-06-10 13:02 - 00000019 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 64119d8e-e944-4819-8e65-f21bbc3e138a.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 9bce06e9-557d-49bb-b8b4-9c6c26ada618.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (whitelisted) =============

2015-01-28 08:22 - 2015-01-28 08:22 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012800\algo.dll
2015-01-26 15:14 - 2015-01-26 15:14 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-03-23 16:04 - 2014-03-23 16:04 - 00557056 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll
2015-01-26 22:07 - 2015-01-25 16:08 - 09170760 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.93\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageBrowser EX Agent.lnk => C:\WINDOWS\pss\ImageBrowser EX Agent.lnkCommon Startup

========================= Accounts: ==========================

Administrator (S-1-5-21-1214440339-1659004503-1801674531-500 - Administrator - Enabled)
Cheryl (S-1-5-21-1214440339-1659004503-1801674531-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Cheryl
Guest (S-1-5-21-1214440339-1659004503-1801674531-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1214440339-1659004503-1801674531-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1214440339-1659004503-1801674531-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: SASKUTIL
Description: SASKUTIL
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SASKUTIL
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/26/2015 04:16:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 39.0.2171.99, faulting module chrome.dll, version 39.0.2171.99, fault address 0x0051f7f8.
Processing media-specific event for [chrome.exe!ws!]

Error: (01/26/2015 04:03:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 39.0.2171.99, faulting module chrome.dll, version 39.0.2171.99, fault address 0x0051f7f8.
Processing media-specific event for [chrome.exe!ws!]

Error: (01/26/2015 04:03:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 39.0.2171.99, faulting module chrome.dll, version 39.0.2171.99, fault address 0x0051f7f8.
Processing media-specific event for [chrome.exe!ws!]

Error: (01/26/2015 03:49:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 39.0.2171.99, faulting module chrome.dll, version 39.0.2171.99, fault address 0x0051f7f8.
Processing media-specific event for [chrome.exe!ws!]

Error: (01/26/2015 03:22:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 39.0.2171.99, faulting module chrome.dll, version 39.0.2171.99, fault address 0x0051f7f8.
Processing media-specific event for [chrome.exe!ws!]

Error: (01/26/2015 03:22:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 39.0.2171.99, faulting module chrome.dll, version 39.0.2171.99, fault address 0x0051f7f8.
Processing media-specific event for [chrome.exe!ws!]

Error: (01/26/2015 03:22:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 39.0.2171.99, faulting module chrome.dll, version 39.0.2171.99, fault address 0x0051f7f8.
Processing media-specific event for [chrome.exe!ws!]

Error: (01/26/2015 03:22:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 39.0.2171.99, faulting module chrome.dll, version 39.0.2171.99, fault address 0x0051f7f8.
Processing media-specific event for [chrome.exe!ws!]

Error: (01/26/2015 02:51:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 39.0.2171.99, faulting module chrome.dll, version 39.0.2171.99, fault address 0x0051f7f8.
Processing media-specific event for [chrome.exe!ws!]

Error: (01/26/2015 02:47:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 39.0.2171.99, faulting module chrome.dll, version 39.0.2171.99, fault address 0x0051f7f8.
Processing media-specific event for [chrome.exe!ws!]

System errors:
=============
Error: (01/28/2015 02:18:15 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (01/28/2015 09:18:23 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (01/28/2015 02:18:30 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (01/28/2015 01:18:22 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (01/28/2015 00:18:29 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (01/27/2015 11:37:39 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort3

Error: (01/27/2015 11:18:38 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (01/27/2015 10:18:53 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (01/27/2015 09:18:04 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (01/27/2015 08:58:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error: 
%%126

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU E3200 @ 2.40GHz
Percentage of memory in use: 43%
Total physical RAM: 2038.23 MB
Available physical RAM: 1145.66 MB
Total Pagefile: 3934.63 MB
Available Pagefile: 3211.92 MB
Total Virtual: 2047.88 MB
Available Virtual: 1931.01 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:298.08 GB) (Free:246.88 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 8AB28AB2)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================


----------



## cherdon (Feb 10, 2009)

Step #2 completed.

Farbar Recovery Scan Tool (x86) Version: 28-01-2015 01
Ran by Cheryl at 2015-01-28 18:04:42
Running from C:\Documents and Settings\Cheryl\Desktop
Boot Mode: Normal

================== Search Registry: "IObit Toolbar" ===========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\85ACB5388EBEB514E8F754F7671F8512]
"ProductName"="IObit Toolbar v6.2"
[HKEY_LOCAL_MACHINE\SOFTWARE\IObit]
"installDir"="C:\Program Files\IObit Toolbar\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\227891B259797954E88A157FD9F260A0]
"85ACB5388EBEB514E8F754F7671F8512"="C:\Program Files\IObit Toolbar\WidgiHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23B4B261A2ECC1943BE70631F436E48A]
"85ACB5388EBEB514E8F754F7671F8512"="C:\Program Files\IObit Toolbar\Res\Lang\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\31DCED2B089CF994E8AE06ACC68A5EE9]
"85ACB5388EBEB514E8F754F7671F8512"="C:\Program Files\IObit Toolbar\Res\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49EFEF44F9F9E174D88D2367B8D09298]
"85ACB5388EBEB514E8F754F7671F8512"="C:\Program Files\IObit Toolbar\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7F690F9F1CABCA34A98316B70CEF929B]
"85ACB5388EBEB514E8F754F7671F8512"="C:\Program Files\IObit Toolbar\IE\6.2\iobitToolbarIE.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C8B34D3806072054880CD17980F94CCF]
"85ACB5388EBEB514E8F754F7671F8512"="C:\Program Files\IObit Toolbar\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\85ACB5388EBEB514E8F754F7671F8512\InstallProperties]
"InstallLocation"="C:\Program Files\IObit Toolbar\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\85ACB5388EBEB514E8F754F7671F8512\InstallProperties]
"DisplayName"="IObit Toolbar v6.2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{835BCA58-EBE8-415B-8E7F-457F76F15821}]
"InstallLocation"="C:\Program Files\IObit Toolbar\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{835BCA58-EBE8-415B-8E7F-457F76F15821}]
"DisplayName"="IObit Toolbar v6.2"
[HKEY_USERS\S-1-5-21-1214440339-1659004503-1801674531-1004\Software\Microsoft\Search Assistant\ACMru\5603]
"003"="iobit toolbar"
[HKEY_USERS\S-1-5-21-1214440339-1659004503-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List]
"File4"="C:\Documents and Settings\Cheryl\Desktop\iobit toolbar.bmp"
[HKEY_USERS\S-1-5-21-1214440339-1659004503-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\bmp]
"a"="C:\Documents and Settings\Cheryl\Desktop\iobit toolbar.bmp"

====== End Of Search ======


----------



## cherdon (Feb 10, 2009)

Step #3 Security Check Log completed

Results of screen317's Security Check version 0.99.95 
Windows XP Service Pack 3 x86 
Internet Explorer 8 
*``````````````Antivirus/Firewall Check:``````````````* 
Windows Firewall Enabled! 
Avast Free Antivirus 
*`````````Anti-malware/Other Utilities Check:`````````* 
SUPERAntiSpyware 
CCleaner 
* Java 64-bit 8 Update 31* 
Adobe Reader XI 
Google Chrome (40.0.2214.93) 
*````````Process Check: objlist.exe by Laurent````````* 
AVAST Software Avast AvastSvc.exe 
AVAST Software Avast AvastUI.exe 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive C:: 13% *Defragment your hard drive soon! (Do NOT defrag if SSD!)*
*````````````````````End of Log``````````````````````*


----------



## cherdon (Feb 10, 2009)

I'm so confused with Step #4 I found some in google chrome downloads and when I do a search for files and folders from start menu I get the following coming up...7 in documents and settings and 3 different FRST.EXE in windows prefetch. In google chrome downloads folder theres a folder that says Frst Older Version then one that was created 12/23/2014, 4 fixlist documents, 1 FRST document and 1 fixlog document so what this comes down to is, I have no idea which one to click on and when I click on FRST scan tool there is nothing that shows >>> click Yes to disclaimer. Will wait for your response to this


----------



## BrianDrab (Oct 22, 2014)

Let's see if we can make this easier. Do only this.

I've attached a new fixlist.txt file that I would like you to use instead of the previous one.

I need you to save the file to your *Desktop*. Don't save the file to Downloads or any other folder other than your desktop.

Now, on your desktop is a file named *FRST.exe*. Double-click this file to open the program. The program may update itself which will only take a few seconds. Now click the Fix button.

Once the fix is complete your computer will reboot.

After the reboot, please open the text file on your desktop named *fixlog.txt*. Post the results. Thank you.


----------



## cherdon (Feb 10, 2009)

OMG I saved your fixlist.txt file to my desktop. I then clicked on FRST on my desktop..its the only one visible that brings up program but when i click on fix that darn box comes up again saying No fixlist.txt found. How can that be. Its on my desktop. I just dont get it.


----------



## BrianDrab (Oct 22, 2014)

I've seen this once before. The solution was to delete the FRST.exe file off of your desktop and re-download a fresh one to your desktop. The new one can be obtained from here.

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81


----------



## cherdon (Feb 10, 2009)

CreateRestorePoint:
C:\Documents and Settings\Cheryl\My Documents\info but no pics\Virus & Spyware Programs\video-converter-ultimate_full975.exe
2015-01-21 12:57 - 2012-05-16 19:24 - 00160768 _____ () C:\Documents and Settings\Cheryl\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
reg: reg delete "HKLM\SOFTWARE\Classes\Installer\Products\85ACB5388EBEB514E8F7 54F7671F8512" /F
reg: reg delete "HKLM\SOFTWARE\IObit" /F
reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\227891B259797954E88A157FD9F260A0" /F
reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\23B4B261A2ECC1943BE70631F436E48A" /F
reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\31DCED2B089CF994E8AE06ACC68A5EE9" /F
reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\49EFEF44F9F9E174D88D2367B8D09298" /F
reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\7F690F9F1CABCA34A98316B70CEF929B" /F
reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\C8B34D3806072054880CD17980F94CCF" /F
reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Products\85ACB5388EBEB514E8F754F7671F8512" /F
reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{835 BCA58-EBE8-415B-8E7F-457F76F15821}" /F
reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{835BCA58-EBE8-415B-8E7F-457F76F15821}" /F
reg: reg delete "HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\Software\Microsoft\Search Assistant\ACMru\5603" /F
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:2954;https=127.0.0.1:2954;
CMD: ipconfig /flushdns 
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt 
EmptyTemp:


----------



## BrianDrab (Oct 22, 2014)

You posted the wrong file. You need to post the contents of the fixlog.txt which should be on your desktop. You posted fixlist.txt.


----------



## cherdon (Feb 10, 2009)

The only ones on my desktop are search, addition, FRST, fixlist (4)....sorry but I dont know where the heck it could be


----------



## BrianDrab (Oct 22, 2014)

OK, then that likely means that you didn't run the fix?


Did you double-click on FRST.exe (the new one you downloaded) and then hit the Fix button?


----------



## cherdon (Feb 10, 2009)

I found this fixlog, txt in chrome downloads folder..hope this is the one your needing

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-01-2015 01
Ran by Cheryl at 2015-01-28 20:40:24 Run:3
Running from C:\Documents and Settings\Cheryl\My Documents\Downloads
Loaded Profiles: Cheryl (Available profiles: Cheryl)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CreateRestorePoint:
C:\Documents and Settings\Cheryl\My Documents\info but no pics\Virus & Spyware Programs\video-converter-ultimate_full975.exe
CMD: ipconfig /flushdns 
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt 
EmptyTemp:
*****************

Restore point was successfully created.
C:\Documents and Settings\Cheryl\My Documents\info but no pics\Virus & Spyware Programs\video-converter-ultimate_full975.exe => Moved successfully.

========= ipconfig /flushdns =========



Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the machine in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset c:\resetlog.txt =========



========= End of CMD: =========

EmptyTemp: => Removed 156.7 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 20:41:01 ====


----------



## cherdon (Feb 10, 2009)

Yes I double clicked and hit fix


----------



## BrianDrab (Oct 22, 2014)

If you did in fact hit fix then if you look in C:\FRST\Logs you will see all the fixes that we did. You should see a log that has a very current date/time. Can you check there for the log?


----------



## cherdon (Feb 10, 2009)

Ok checked and this is the most recent one

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-01-2015 01
Ran by Cheryl at 2015-01-28 20:40:24 Run:3
Running from C:\Documents and Settings\Cheryl\My Documents\Downloads
Loaded Profiles: Cheryl (Available profiles: Cheryl)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CreateRestorePoint:
C:\Documents and Settings\Cheryl\My Documents\info but no pics\Virus & Spyware Programs\video-converter-ultimate_full975.exe
CMD: ipconfig /flushdns 
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt 
EmptyTemp:
*****************

Restore point was successfully created.
C:\Documents and Settings\Cheryl\My Documents\info but no pics\Virus & Spyware Programs\video-converter-ultimate_full975.exe => Moved successfully.

========= ipconfig /flushdns =========



Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the machine in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset c:\resetlog.txt =========



========= End of CMD: =========

EmptyTemp: => Removed 156.7 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 20:41:01 ====


----------



## BrianDrab (Oct 22, 2014)

That's what I suspected. That's not the correct one. I think we need to take a step back. It appears that sometimes you are saving things to your Desktop and sometimes to your Download folder which is causing confusion. I'll attach the file that we need to use here again.

1. Please download this to your *Desktop*.
2. Ensure that the name of the file stays fixlist.txt. If it's fixlist (5).txt or any other variation it won't work.
3. Then *double-click* on *FRST.exe* (the one on the *Desktop*).
4. Click the *Fix* button. The fix will run and the computer will reboot.
5. After the reboot there will be a fixlog.txt on the *Desktop*.

Please copy/paste the contents of that file into your next post. Thanks.


----------



## cherdon (Feb 10, 2009)

Your not going to believe this BrianDrab. The FRST.exe that was on my desktop has disappeared. So I downloaded a fresh one from link you provided in an earlier posting from bleeping computer which of course automatically shows up in google chrome download..first time I got an error..2nd time it downloaded correctly. I then clicked on fixlist.txt from attached file above that you posted. It did work and there was no other variation. I then double clicked on FRST.exe (new one downloaded from bleeping computer) and hit fix. Puter did reboot but not only was there no fixlog.txt on destop but the FRST.exe is not there either, only one visible on desktop is fixlist. I just dont get why this is happening and I'm sure its driving you nuts too. Will wait to hear back from you.


----------



## BrianDrab (Oct 22, 2014)

Can you go back to C:\FRST\Logs and post the contents of the most current log again?


----------



## cherdon (Feb 10, 2009)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-01-2015 01
Ran by Cheryl at 2015-01-29 07:02:26 Run:5
Running from C:\Documents and Settings\Cheryl\My Documents\Downloads
Loaded Profiles: Cheryl (Available profiles: Cheryl)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CreateRestorePoint:
C:\Documents and Settings\Cheryl\My Documents\info but no pics\Virus & Spyware Programs\video-converter-ultimate_full975.exe
2015-01-21 12:57 - 2012-05-16 19:24 - 00160768 _____ () C:\Documents and Settings\Cheryl\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
reg: reg delete "HKLM\SOFTWARE\Classes\Installer\Products\85ACB5388EBEB514E8F7 54F7671F8512" /F
reg: reg delete "HKLM\SOFTWARE\IObit" /F
reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\227891B259797954E88A157FD9F260A0" /F
reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\23B4B261A2ECC1943BE70631F436E48A" /F
reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\31DCED2B089CF994E8AE06ACC68A5EE9" /F
reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\49EFEF44F9F9E174D88D2367B8D09298" /F
reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\7F690F9F1CABCA34A98316B70CEF929B" /F
reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\C8B34D3806072054880CD17980F94CCF" /F
reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Products\85ACB5388EBEB514E8F754F7671F8512" /F
reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{835 BCA58-EBE8-415B-8E7F-457F76F15821}" /F
reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{835BCA58-EBE8-415B-8E7F-457F76F15821}" /F
reg: reg delete "HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\Software\Microsoft\Search Assistant\ACMru\5603" /F
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:2954;https=127.0.0.1:2954;
CMD: ipconfig /flushdns 
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt 
EmptyTemp:
*****************

Restore point was successfully created.
"C:\Documents and Settings\Cheryl\My Documents\info but no pics\Virus & Spyware Programs\video-converter-ultimate_full975.exe" => File/Directory not found.
"C:\Documents and Settings\Cheryl\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini" => File/Directory not found.

========= reg delete "HKLM\SOFTWARE\Classes\Installer\Products\85ACB5388EBEB514E8F7 54F7671F8512" /F =========

Error: The system was unable to find the specified registry key or value

========= End of Reg: =========

========= reg delete "HKLM\SOFTWARE\IObit" /F =========

Error: The system was unable to find the specified registry key or value

========= End of Reg: =========

========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\227891B259797954E88A157FD9F260A0" /F =========

Error: The system was unable to find the specified registry key or value

========= End of Reg: =========

========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\23B4B261A2ECC1943BE70631F436E48A" /F =========

Error: The system was unable to find the specified registry key or value

========= End of Reg: =========

========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\31DCED2B089CF994E8AE06ACC68A5EE9" /F =========

Error: The system was unable to find the specified registry key or value

========= End of Reg: =========

========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\49EFEF44F9F9E174D88D2367B8D09298" /F =========

Error: The system was unable to find the specified registry key or value

========= End of Reg: =========

========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\7F690F9F1CABCA34A98316B70CEF929B" /F =========

Error: The system was unable to find the specified registry key or value

========= End of Reg: =========

========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\C8B34D3806072054880CD17980F94CCF" /F =========

Error: The system was unable to find the specified registry key or value

========= End of Reg: =========

========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Products\85ACB5388EBEB514E8F754F7671F8512" /F =========

Error: The system was unable to find the specified registry key or value

========= End of Reg: =========

========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{835 BCA58-EBE8-415B-8E7F-457F76F15821}" /F =========

Error: The system was unable to find the specified registry key or value

========= End of Reg: =========

========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{835BCA58-EBE8-415B-8E7F-457F76F15821}" /F =========

Error: The system was unable to find the specified registry key or value

========= End of Reg: =========

========= reg delete "HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\Software\Microsoft\Search Assistant\ACMru\5603" /F =========

Error: The system was unable to find the specified registry key or value

========= End of Reg: =========

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the machine in order to complete the reset.

========= End of CMD: =========

========= netsh int ip reset c:\resetlog.txt =========

========= End of CMD: =========

EmptyTemp: => Removed 10 MB temporary data.

The system needed a reboot.

==== End of Fixlog 07:03:01 ====

I have to take hubby for bloodwork right now..will check back when I get home. I'm back home now


----------



## BrianDrab (Oct 22, 2014)

Good!! That worked. There are still a couple things to clean up but before we do I think we are far enough along to address any concerns you have. For example you had mentioned that you were unable to remove any programs or go into msconfig. Can you see if this is still the case?


If you get an error please provide the exact error message as I can't see your screen shots that you make. Thanks.


----------



## cherdon (Feb 10, 2009)

ok will do


----------



## cherdon (Feb 10, 2009)

As far as removing 4 Canon programs from add/remove, I am still not able to do so. I no longer have that camera..here is the error i get

UniversalUninstaller.exe could not load C:\ProgramFiles\CommonFiles\Canon_Inc_IC\UniversalInstaller\Uninstall\CameraUserGuide-PSA3500IS\uninstall.xml

for the other 3 remaining, the wording is the same except where CameraUserGuide is above it was replaced with CameraWindow DC also ImageBrowserEx and finally PhotoStitch


----------



## cherdon (Feb 10, 2009)

msconfig appears to be ok now


----------



## BrianDrab (Oct 22, 2014)

OK, let's get that Canon software off. It's important to note that the best way to uninstall this software is by using the uninstaller but you obviously can't. We'll do our best to clean up the software but it may never be completely removed. If you have the software with you that you can re-install, the best way may be to re-install the software and then uninstall the software. But assuming you can't do that please follow the instructions below.

Step#1 - FRST Registry Search

 1. Run *FRST* by *Double-Clicking *on the file.
2. Copy and paste the word *Canon *into the Search box and click the *Search Registry *button.












This image has been resized. Click this bar to view the full image. The original image is sized 558x182.












3. When the scan is complete a notepad window will open with the results. *Please copy and paste the contents in your next reply*. If for some reason notepad doesn't open the file should be
 saved on your desktop named *Search.txt*.


----------



## cherdon (Feb 10, 2009)

I am still having issues when I double click on say chrome or IE..takes a bit for hourglass to appear and then when it does, it doesn't bring it right up..takes a good 30 sec and then finally it comes up...also when I go to x out stuff, it wont x out, then I try ctrl alt del and that wont even come up anymore so I try x'ing out top right corner and then sometimes i get hour glass, not responding..have to manually reboot puter is another issue, at times when I am replying to a message in say facebook the letters are not coming up immediately as they should..they are lagging behind..still download issues..mainly 1st and 2nd attempts which automatically go to chrome downloads and then finally it'll work, sometimes when I click on minimize at top, it wont minimize and then screen will freeze, and active x download does not work when i right click to allow .

I will check to see if i still have canon software but if not will do as instructed..thank you


----------



## BrianDrab (Oct 22, 2014)

As long as you're willing to stick with me I'll try to resolve all of your issues.


----------



## cherdon (Feb 10, 2009)

Cannot find Canon box so I must have thrown it out..yes I am willing to stick with you BrianDrab

I appreciate your sticking with me and all your help and patience.


----------



## cherdon (Feb 10, 2009)

Farbar Recovery Scan Tool (x86) Version: 28-01-2015 01
Ran by Cheryl at 2015-01-29 12:09:13
Running from C:\Documents and Settings\Cheryl\My Documents\Downloads
Boot Mode: Normal

================== Search Registry: "Canon" ===========

[HKEY_LOCAL_MACHINE\SOFTWARE\Canon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon\CAL]
"InstallPath"="C:\Program Files\Canon\CameraWindowLauncher\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon\CameraWindow\CameraWindowLauncher]
"InstallPath"="C:\Program Files\Canon\CameraWindowLauncher\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon\CameraWindow\CameraWindowLauncher]
"InstallExePath"="C:\Program Files\Canon\CameraWindowLauncher\CameraLauncher.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon\CameraWindow\CameraWindowMC]
"InstallPath"="C:\Program Files\Canon\CameraWindowLauncher\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon\CameraWindowDC8]
"InstLog_forUIW"="C:\Program Files\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\CameraWindowDC8\Uninst.ini"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon\CameraWindowDC8]
"InstPath_forUIW"="C:\Program Files\Canon\CameraWindowDC8"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon\CameraWindowDVC6]
"InstLog_forUIW"="C:\Program Files\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\CameraWindowDVC6\Uninst.ini"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon\CameraWindowDVC6]
"InstPath_forUIW"="C:\Program Files\Canon\CameraWindowLauncher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon\CameraWindowLauncher]
"InstLog_forUIW"="C:\Program Files\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\CameraWindowLauncher\Uninst.ini"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon\CameraWindowLauncher]
"InstPath_forUIW"="C:\Program Files\Canon\CameraWindowLauncher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon\Canon MOV Decoder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon\Canon MOV Decoder]
"InstLog_forUIW"="C:\Program Files\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\Canon MOV Decoder\Uninst.ini"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon\Canon MOV Decoder]
"InstPath_forUIW"="C:\Program Files\Canon\Canon MOV Decoder\1111"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon\Canon MOV Encoder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon\Canon MOV Encoder]
"InstLog_forUIW"="C:\Program Files\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\Canon MOV Encoder\Uninst.ini"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon\Canon MOV Encoder]
"InstPath_forUIW"="C:\Program Files\Canon\Canon MOV Encoder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon\PhotoStitch]
"ViewerPath"="C:\Program Files\Canon\PhotoStitch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon\PhotoStitch]
"360ViewerPath"="C:\Program Files\Canon\PhotoStitch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon\PhotoStitch]
"StitchPath"="C:\Program Files\Canon\PhotoStitch\Stitch.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon\PhotoStitch]
"InstLog_forUIW"="C:\Program Files\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\PhotoStitch\Uninst.ini"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon\PhotoStitch]
"InstPath_forUIW"="C:\Program Files\Canon\PhotoStitch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon\ZoomBrowser EX Memory Card Utility]
"InstLog_forUIW"="C:\Program Files\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\ZoomBrowser EX Memory Card Utility\Uninst.ini"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon\ZoomBrowser EX Memory Card Utility]
"InstPath_forUIW"="C:\Program Files\Canon\ImageBrowser EX"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC]
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\Auto Update Service]
"InstLog_forUIW"="C:\Program Files\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\Auto Update Service\Uninst.ini"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\Auto Update Service]
"InstPath_forUIW"="C:\Program Files\Canon\Auto Update Service"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\Auto Update Service Shared\Install]
"Update Checker exe path"="C:\Program Files\Canon\Auto Update Service\UpdateChecker.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\Auto Update Service Shared\Install]
"Diff Updater exe path"="C:\Program Files\Canon\Auto Update Service\DiffUpdater.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\Auto Update Service Shared\Install]
"AUWrapper exe path"="C:\Program Files\Canon\Auto Update Service\UpdateInstaller.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\CameraWindow\CameraWindowDC8]
"InstallPath"="C:\Program Files\Canon\CameraWindowDC8\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\CameraWindow\CameraWindowLauncher]
"InstallPath"="C:\Program Files\Canon\CameraWindowLauncher\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\CameraWindow\CameraWindowLauncher]
"InstallExePath"="C:\Program Files\Canon\CameraWindowLauncher\CameraLauncher.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\CameraWindow\CameraWindowMC]
"InstallPath"="C:\Program Files\Canon\CameraWindowLauncher\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\CameraWindow\MovieUploaderForYouTube]
"ExePath"="C:\Program Files\Canon\Movie Uploader for YouTube\MovieUploaderForYouTube.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\CameraWindow\MovieUploaderForYouTube]
"SupportInfoPath"="C:\Program Files\Canon\Movie Uploader for YouTube\SupportInfo.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\CameraWindowDC8]
"InstLog_forUIW"="C:\Program Files\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\CameraWindowDC8\Uninst.ini"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\CameraWindowDC8]
"InstPath_forUIW"="C:\Program Files\Canon\CameraWindowDC8"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\CameraWindowDC8 Shared]
"ExePath"="C:\Program Files\Canon\CameraWindowDC8\CameraWindowDC8.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\CameraWindowDVC6]
"InstLog_forUIW"="C:\Program Files\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\CameraWindowDVC6\Uninst.ini"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\CameraWindowDVC6]
"InstPath_forUIW"="C:\Program Files\Canon\CameraWindowLauncher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\CameraWindowLauncher]
"InstLog_forUIW"="C:\Program Files\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\CameraWindowLauncher\Uninst.ini"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\CameraWindowLauncher]
"InstPath_forUIW"="C:\Program Files\Canon\CameraWindowLauncher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\Canon MOV Decoder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\Canon MOV Decoder]
"InstLog_forUIW"="C:\Program Files\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\Canon MOV Decoder\Uninst.ini"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\Canon MOV Decoder]
"InstPath_forUIW"="C:\Program Files\Canon\Canon MOV Decoder\1111"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\Canon MOV Encoder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\Canon MOV Encoder]
"InstLog_forUIW"="C:\Program Files\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\Canon MOV Encoder\Uninst.ini"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\Canon MOV Encoder]
"InstPath_forUIW"="C:\Program Files\Canon\Canon MOV Encoder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX\PrintEditEmail Task\Color Management]
"AdobeRGBPath"="C:\Program Files\Canon\ImageBrowser EX\AdobeRGB1998.icc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX\PrintEditEmail Task\Color Management]
"sRGBPath"="C:\Program Files\Canon\ImageBrowser EX\sRGB Color Space Profile.icm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX\PrintEditEmail Task\Install]
"ZBTask.exe Path"="C:\Program Files\Canon\ImageBrowser EX\ZBTask.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\Install]
"ExePath"="C:\Program Files\Canon\ImageBrowser EX\ImageBrowserEX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\Install]
"PreIBXuninstallerPath"="C:\Program Files\Canon\ImageBrowser EX\PreIBXuist.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Camera]
"IconPathN"="C:\Program Files\Canon\ImageBrowser EX\camera_N.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Camera]
"IconPathO"="C:\Program Files\Canon\ImageBrowser EX\camera_O.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Camera]
"IconPathC"="C:\Program Files\Canon\ImageBrowser EX\camera_C.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Camera]
"IconPathH"="C:\Program Files\Canon\ImageBrowser EX\camera_H.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Camera]
"IconPathG"="C:\Program Files\Canon\ImageBrowser EX\camera_G.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Camera\{2A788E50-8D9A-4a2a-BA96-31173D35D2E1}]
"AppPath"="C:\Program Files\Canon\ImageBrowser EX\MCULauncher_UL.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Camera\{303649CD-1DBE-4374-BD53-CB6839E0C08D}]
"AppPath"="C:\Program Files\Canon\ImageBrowser EX\MCULauncher.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Camera\{E69C7D4D-62B4-4b5e-8B65-CD58FCA19C0F}]
"AppPath"="C:\Program Files\Canon\CameraWindowDC8\..\CameraWindowLauncher\CameraLauncher.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\CiG]
"IconPathN"="C:\Program Files\Canon\ImageBrowser EX\CIG_N.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\CiG]
"IconPathO"="C:\Program Files\Canon\ImageBrowser EX\CIG_O.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\CiG]
"IconPathC"="C:\Program Files\Canon\ImageBrowser EX\CIG_C.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\CiG]
"IconPathH"="C:\Program Files\Canon\ImageBrowser EX\CIG_H.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\CiG]
"IconPathG"="C:\Program Files\Canon\ImageBrowser EX\CIG_G.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\CiG]
"ButtonName"="CANON iMAGE\r\nGATEWAY"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\CiG\{2F7C465A-F217-4e84-8973-5C6F7F10060C}]
"AppPath"="C:\Program Files\Canon\Uploader for CANON iMAGE GATEWAY\UploaderForCiG.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\CiG\{3A8A07F7-4D2C-4a9e-801B-E374CBE1F6EC}]
"AppPath"="C:\Program Files\Canon\Uploader for CANON iMAGE GATEWAY\UploaderForCiG.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\CiG\{7F2E990F-BFFE-47f7-B246-DE1373E5316F}]
"AppPath"="C:\Program Files\Canon\Uploader for CANON iMAGE GATEWAY\UploaderForCiG.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Edit]
"IconPathN"="C:\Program Files\Canon\ImageBrowser EX\edit_N.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Edit]
"IconPathO"="C:\Program Files\Canon\ImageBrowser EX\edit_O.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Edit]
"IconPathC"="C:\Program Files\Canon\ImageBrowser EX\edit_C.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Edit]
"IconPathH"="C:\Program Files\Canon\ImageBrowser EX\edit_H.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Edit]
"IconPathG"="C:\Program Files\Canon\ImageBrowser EX\edit_G.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Edit\{110AC930-498E-466f-AFFF-9BF6B78A7076}]
"AppPath"="C:\Program Files\Canon\PhotoStitch\Stitch.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Edit\{1A4A9456-D8AD-4ff3-AAD1-54F5B3BF5C04}]
"AppPath"="C:\Program Files\Canon\ImageBrowser EX\RedEyeCorrectionTask.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Edit\{73E7E4D1-933F-4dae-82C6-B36772FBD60F}]
"AppPath"="C:\Program Files\Canon\ImageBrowser EX\AutoAdjustmentTask.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Edit\{8F06BE04-768A-429b-BF60-86E36292710B}]
"AppPath"="C:\Program Files\Canon\ImageBrowser EX\ColorBrightnessAdjustmentTask.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Edit\{97BBCDF3-761E-4752-9155-7045EB8CF002}]
"AppPath"="C:\Program Files\Canon\ImageBrowser EX\TrimmingTask.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Edit\{C907605D-7705-46b0-930D-BF52FDACB01A}]
"AppPath"="C:\Program Files\Canon\ImageBrowser EX\MovieEditTask.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Edit\{CA897BDE-882F-43e8-AD36-0328C9086451}]
"AppPath"="C:\Program Files\Canon\ImageBrowser EX\InsertTextTask.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Edit\{E4BCA265-633F-42a8-B31C-638600F92CFE}]
"AppPath"="C:\Program Files\Canon\ImageBrowser EX\SharpnessTask.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Edit\{F8D9B793-52F8-4e9d-9F09-66B0B199C290}]
"AppPath"="C:\Program Files\Canon\ImageBrowser EX\MovieFrameTask.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Map]
"IconPathN"="C:\Program Files\Canon\ImageBrowser EX\map_N.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Map]
"IconPathO"="C:\Program Files\Canon\ImageBrowser EX\map_O.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Map]
"IconPathC"="C:\Program Files\Canon\ImageBrowser EX\map_C.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Map]
"IconPathH"="C:\Program Files\Canon\ImageBrowser EX\map_H.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Map]
"IconPathG"="C:\Program Files\Canon\ImageBrowser EX\map_G.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Map\{B550F966-F071-4043-8777-2D8E96BD3453}]
"AppPath"="C:\Program Files\Canon\MapUtility\MapUtility.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Print]
"IconPathN"="C:\Program Files\Canon\ImageBrowser EX\print_N.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Print]
"IconPathO"="C:\Program Files\Canon\ImageBrowser EX\print_O.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Print]
"IconPathC"="C:\Program Files\Canon\ImageBrowser EX\print_C.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Print]
"IconPathH"="C:\Program Files\Canon\ImageBrowser EX\print_H.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Print]
"IconPathG"="C:\Program Files\Canon\ImageBrowser EX\print_G.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Print\{0F80AC36-B2E0-4aeb-ACD6-40156C863ACB}]
"AppPath"="C:\Program Files\Canon\ImageBrowser EX\IndexPrintTask.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Print\{55888719-7FE5-4a68-9938-8332854FA540}]
"AppPath"="C:\Program Files\Canon\ImageBrowser EX\OnePagePrintTask.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Share]
"IconPathN"="C:\Program Files\Canon\ImageBrowser EX\share_N.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Share]
"IconPathO"="C:\Program Files\Canon\ImageBrowser EX\share_O.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Share]
"IconPathC"="C:\Program Files\Canon\ImageBrowser EX\share_C.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Share]
"IconPathH"="C:\Program Files\Canon\ImageBrowser EX\share_H.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Share]
"IconPathG"="C:\Program Files\Canon\ImageBrowser EX\share_G.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Share\{A9F587FD-133A-41cd-9EB6-47A60B5E92F3}]
"AppPath"="C:\Program Files\Canon\Movie Uploader for YouTube\MovieUploaderForYouTube.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Share\{B67AE357-4F5B-4142-B4D5-D5F96C7205C4}]
"AppPath"="C:\Program Files\Canon\ImageBrowser EX\SendEmailTask.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Share\{F3C1A7E7-9CC2-49e6-96F3-FBE9F15FB32F}]
"AppPath"="C:\Program Files\Canon\ImageBrowser EX\UploaderForFacebook.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Share\{F3C1A7E7-9CC2-49e6-96F3-FBE9F15FB32F}]
"IconPathN"="C:\Program Files\Canon\ImageBrowser EX\fb.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Share\{F3C1A7E7-9CC2-49e6-96F3-FBE9F15FB32F}]
"IconPathO"="C:\Program Files\Canon\ImageBrowser EX\fb.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Share\{F3C1A7E7-9CC2-49e6-96F3-FBE9F15FB32F}]
"IconPathC"="C:\Program Files\Canon\ImageBrowser EX\fb.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Share\{F3C1A7E7-9CC2-49e6-96F3-FBE9F15FB32F}]
"IconPathH"="C:\Program Files\Canon\ImageBrowser EX\fb.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Share\{F3C1A7E7-9CC2-49e6-96F3-FBE9F15FB32F}]
"IconPathG"="C:\Program Files\Canon\ImageBrowser EX\fb.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Share\{F79A0301-19CE-4916-B526-CA14FD975424}]
"AppPath"="C:\Program Files\Canon\ImageBrowser EX\UploaderForFacebook.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Share\{F79A0301-19CE-4916-B526-CA14FD975424}]
"IconPathN"="C:\Program Files\Canon\ImageBrowser EX\fb.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Share\{F79A0301-19CE-4916-B526-CA14FD975424}]
"IconPathO"="C:\Program Files\Canon\ImageBrowser EX\fb.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Share\{F79A0301-19CE-4916-B526-CA14FD975424}]
"IconPathC"="C:\Program Files\Canon\ImageBrowser EX\fb.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Share\{F79A0301-19CE-4916-B526-CA14FD975424}]
"IconPathH"="C:\Program Files\Canon\ImageBrowser EX\fb.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Share\{F79A0301-19CE-4916-B526-CA14FD975424}]
"IconPathG"="C:\Program Files\Canon\ImageBrowser EX\fb.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Slideshow]
"IconPathN"="C:\Program Files\Canon\ImageBrowser EX\slideshow_N.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Slideshow]
"IconPathO"="C:\Program Files\Canon\ImageBrowser EX\slideshow_O.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Slideshow]
"IconPathC"="C:\Program Files\Canon\ImageBrowser EX\slideshow_C.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Slideshow]
"IconPathH"="C:\Program Files\Canon\ImageBrowser EX\slideshow_H.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea\Slideshow]
"IconPathG"="C:\Program Files\Canon\ImageBrowser EX\slideshow_G.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ImageBrowser EX Shared\LauncherButtonArea_ImageBrowserEXGuide]
"ImageBrowserEXGuide"="C:\Program Files\Canon\ImageBrowser EX\Canon_IBX_E.pdf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\MapUtility]
"InstallPath"="C:\Program Files\Canon\MapUtility\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\MapUtility]
"InstLog_forUIW"="C:\Program Files\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\MapUtility\Uninst.ini"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\MapUtility]
"InstPath_forUIW"="C:\Program Files\Canon\MapUtility"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\MapUtility Shared]
"ExePath"="C:\Program Files\Canon\MapUtility\MapUtility.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\MapUtility Shared]
"InstallPath"="C:\Program Files\Canon\MapUtility\MapUtility.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\MapUtility Shared]
"ImporterExePath"="C:\Program Files\Canon\MapUtility\GpsLogFileImporter.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\MovieUploaderForYouTube]
"InstallPath"="C:\Program Files\Canon\Movie Uploader for YouTube\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\MovieUploaderForYouTube]
"InstLog_forUIW"="C:\Program Files\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\MovieUploaderForYouTube\Uninst.ini"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\MovieUploaderForYouTube]
"InstPath_forUIW"="C:\Program Files\Canon\Movie Uploader for YouTube"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\MovieUploaderForYouTube Shared]
"ExePath"="C:\Program Files\Canon\Movie Uploader for YouTube\MovieUploaderForYouTube.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\MovieUploaderForYouTube Shared]
"SupportInfoPath"="C:\Program Files\Canon\Movie Uploader for YouTube\SupportInfo.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\PhotoStitch]
"InstLog_forUIW"="C:\Program Files\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\PhotoStitch\Uninst.ini"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\PhotoStitch]
"InstPath_forUIW"="C:\Program Files\Canon\PhotoStitch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\Uploader for CANON iMAGE GATEWAY]
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\UploaderForFacebook]
"InstallPath"="C:\Program Files\Canon\ImageBrowser EX\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ZoomBrowser EX Memory Card Utility]
"MCUPath"="C:\Program Files\Canon\ImageBrowser EX\MCULauncher.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ZoomBrowser EX Memory Card Utility]
"MCUULPath"="C:\Program Files\Canon\ImageBrowser EX\MCULauncher_UL.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ZoomBrowser EX Memory Card Utility]
"InstLog_forUIW"="C:\Program Files\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\ZoomBrowser EX Memory Card Utility\Uninst.ini"
[HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC\ZoomBrowser EX Memory Card Utility]
"InstPath_forUIW"="C:\Program Files\Canon\ImageBrowser EX"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{0BF4EAFC-9308-4E49-955C-519039709EA3}]
"FriendlyName"="Canon Mp4 File Parser Filter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{0CD5E78B-7D33-4F26-AAAC-ECC57AAE5102}]
"FriendlyName"="Canon Custom Resizer SaveMode"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{126FA7D9-572E-467D-8103-76455CC01A35}]
"FriendlyName"="Canon Motion-JPEG Decoder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{43930096-2A9C-4125-916A-3E34F6A2357F}]
"FriendlyName"="Canon Resizer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{442D8A41-3935-474F-B8ED-E5EE1EDB0D35}]
"FriendlyName"="Canon MDP Motion-JPEG Decoder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{4D9F3406-535E-42B0-96B7-3FD914DC4D68}]
"FriendlyName"="Canon Mov File Parser Filter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{50E1E441-A173-4D26-990B-6419A4F25E77}]
"FriendlyName"="Canon Text Source Filter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{66F4AD44-3DE0-4086-88FA-EAA53351D9D0}]
"FriendlyName"="Canon WAV Dest"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{8717B86D-7812-4C24-8321-A279B6F5AC91}]
"FriendlyName"="Canon AAC Dec Wrapper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{88BF3C2B-D712-41C2-841D-3258B0591360}]
"FriendlyName"="Canon Image Rotation Filter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{90704251-0BE8-4FA9-B5B6-AFA1188E7C43}]
"FriendlyName"="Canon Actual Data Length Setter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{9ECD9CD7-84B1-44AE-BCFE-C7FD93228F7F}]
"FriendlyName"="Canon Mov File Parser Filter2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{9FEB4341-3348-4C2E-9484-6340C4D5FCD8}]
"FriendlyName"="Canon Motion-JPEG Encoder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{B7215EE3-AF54-433F-9D2F-2264916984F6}]
"FriendlyName"="Canon H.264 Decode Filter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{C894C63B-292B-4A2A-B5E1-75AC3D68FB03}]
"FriendlyName"="Canon H.264 Encoder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DXImageTransform.Canon.CanonMETEffect]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DXImageTransform.Canon.CanonMETEffect]
""="Canon MovieEdit Task Effect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DXImageTransform.Canon.CanonMETEffect\CurVer]
""="DXImageTransform.Canon.CanonMETEffect.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DXImageTransform.Canon.CanonMETEffect.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DXImageTransform.Canon.CanonMETEffect.1]
""="Canon MovieEdit Task Effect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F048854A-3E3F-4EFE-9B55-5A91650ED84B}]
""="ICanonMETTFX"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1684D9F0-D4F9-444B-918D-9D4E2566BB0E}\1.0\0\win32]
""="C:\Program Files\Canon\CameraWindowLauncher\CamerawindowCommand.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1684D9F0-D4F9-444B-918D-9D4E2566BB0E}\1.0\HELPDIR]
""="C:\Program Files\Canon\CameraWindowLauncher\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{435C76F9-D1BC-4CA9-B37F-DADCBF66C111}\1.0\0\win32]
""="C:\Program Files\Canon\ImageBrowser EX\TCADmd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{435C76F9-D1BC-4CA9-B37F-DADCBF66C111}\1.0\HELPDIR]
""="C:\Program Files\Canon\ImageBrowser EX\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4B23C663-C8A4-4A19-BDD0-50CFE538296C}\1.0\0\win32]
""="C:\Program Files\Canon\ImageBrowser EX\TCADmv.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4B23C663-C8A4-4A19-BDD0-50CFE538296C}\1.0\HELPDIR]
""="C:\Program Files\Canon\ImageBrowser EX\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6EAB2C93-1189-4CDC-B9AB-09F62C8727D5}\1.1\0\win32]
""="C:\Program Files\Canon\MDP\MDP.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6EAB2C93-1189-4CDC-B9AB-09F62C8727D5}\1.1\HELPDIR]
""="C:\Program Files\Canon\MDP\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7FF194D9-FBBC-4946-86DF-149CA10456AE}\1.0\0\win32]
""="C:\Program Files\Canon\ImageBrowser EX\TCACore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7FF194D9-FBBC-4946-86DF-149CA10456AE}\1.0\HELPDIR]
""="C:\Program Files\Canon\ImageBrowser EX\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{93D9978A-EF61-4D41-AC95-5EAEC1DBA772}\1.0]
""="Canon MovieEdit Task Effects Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{93D9978A-EF61-4D41-AC95-5EAEC1DBA772}\1.0\0\win32]
""="C:\Program Files\Canon\MDL40\CanonMETTFX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{93D9978A-EF61-4D41-AC95-5EAEC1DBA772}\1.0\HELPDIR]
""="C:\Program Files\Canon\MDL40\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A7B83846-828D-4144-9EC3-5243359C489B}\1.0\0\win32]
""="C:\Program Files\Canon\ImageBrowser EX\TCA_ZBUI_TaskView.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A7B83846-828D-4144-9EC3-5243359C489B}\1.0\HELPDIR]
""="C:\Program Files\Canon\ImageBrowser EX\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B1D24F49-75B9-4501-8E73-70269536873C}\1.0\0\win32]
""="C:\Program Files\Canon\ImageBrowser EX\TCACoreManagers.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B1D24F49-75B9-4501-8E73-70269536873C}\1.0\HELPDIR]
""="C:\Program Files\Canon\ImageBrowser EX\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D5E4BD2B-A783-4E1E-A3DF-F5FD9C4ADAA6}\1.0\0\win32]
""="C:\Program Files\Canon\ImageBrowser EX\TCA_zb_ui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D5E4BD2B-A783-4E1E-A3DF-F5FD9C4ADAA6}\1.0\HELPDIR]
""="C:\Program Files\Canon\ImageBrowser EX\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E6D48B2C-8804-4B06-8148-6C0D385BC535}\1.0\0\win32]
""="C:\Program Files\Canon\ImageBrowser EX\TCADmu.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E6D48B2C-8804-4B06-8148-6C0D385BC535}\1.0\HELPDIR]
""="C:\Program Files\Canon\ImageBrowser EX\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FC56C823-8B7F-46F1-9B93-77A402E0D90D}\1.0\0\win32]
""="C:\Program Files\Canon\ImageBrowser EX\TCAUI_Commands.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FC56C823-8B7F-46F1-9B93-77A402E0D90D}\1.0\HELPDIR]
""="C:\Program Files\Canon\ImageBrowser EX\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageBrowser EX Agent.lnk]
"command"="C:\PROGRA~1\Canon\IMAGEB~1\MFMANA~1.EXE "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\ShowPicturesOnArrival]
"CanonZB4PicturesOnArrival"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\CanonZB4PicturesOnArrival]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\CanonZB4PicturesOnArrival]
"DefaultIcon"="C:\Program Files\Canon\ImageBrowser EX\MCULauncher.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\CanonZB4PicturesOnArrival]
"Provider"="Canon ImageBrowser EX"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\ia-scanonline.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\protectwinscanonline.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\StillImage\Registered Applications]
"Canon CameraWindow"="C:\Program Files\Canon\CameraWindowLauncher\CameraLauncher.exe /StiDevice:%1 /StiEvent:%2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\StillImage\Registered Applications]
"Canon CameraWindow"="C:\Program Files\Canon\CameraWindowLauncher\CameraLauncher.exe /StiDevice:%1 /StiEvent:%2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CameraUserGuide-PSA3500IS]
"DisplayName"="Canon PowerShot A3500 IS Camera User Guide"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CameraUserGuide-PSA3500IS]
"DisplayIcon"="C:\Program Files\Canon\CameraUserGuide\GUIDE.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CameraUserGuide-PSA3500IS]
"InstallLocation"="C:\Program Files\Canon\CameraUserGuide"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CameraUserGuide-PSA3500IS]
"Publisher"="Canon Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CameraUserGuide-PSA3500IS]
"UninstallString"=""C:\Program Files\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\UnInstaller\UniversalUnInstaller.exe" "C:\Program Files\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\CameraUserGuide-PSA3500IS\uninstall.xml""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CameraWindowDC]
"DisplayName"="Canon Utilities CameraWindow DC 8"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CameraWindowDC]
"DisplayIcon"="C:\Program Files\Canon\CameraWindowDC8\CameraWindowDC8.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CameraWindowDC]
"InstallLocation"="C:\Program Files\Canon\CameraWindowDC8"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CameraWindowDC]
"Publisher"="Canon Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CameraWindowDC]
"UninstallString"=""C:\Program Files\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\UnInstaller\UniversalUnInstaller.exe" "C:\Program Files\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\CameraWindowDC\uninstall.xml""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ImageBrowser EX]
"DisplayName"="Canon Utilities ImageBrowser EX"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ImageBrowser EX]
"DisplayIcon"="C:\Program Files\Canon\ImageBrowser EX\ImageBrowserEX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ImageBrowser EX]
"InstallLocation"="C:\Program Files\Canon\ImageBrowser EX"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ImageBrowser EX]
"Publisher"="Canon Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ImageBrowser EX]
"UninstallString"=""C:\Program Files\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\UnInstaller\UniversalUnInstaller.exe" "C:\Program Files\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\ImageBrowser EX\uninstall.xml""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PhotoStitch]
"DisplayName"="Canon Utilities PhotoStitch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PhotoStitch]
"DisplayIcon"="C:\Program Files\Canon\PhotoStitch\Stitch.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PhotoStitch]
"InstallLocation"="C:\Program Files\Canon\PhotoStitch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PhotoStitch]
"Publisher"="Canon Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PhotoStitch]
"UninstallString"=""C:\Program Files\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\UnInstaller\UniversalUnInstaller.exe" "C:\Program Files\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\PhotoStitch\uninstall.xml""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}\0001]
"DriverDesc"="Canon PowerShot SD1400 IS"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}\0001]
"FriendlyName"="Canon PowerShot SD1400 IS"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}\0004]
"DriverDesc"="Canon PowerShot A3500 IS"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}\0004]
"FriendlyName"="Canon PowerShot A3500 IS #2"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\StillImage\Events\STIProxyEvent\{F33544BA-EAF0-416C-9B41-9A30850902C8}]
"Name"="Canon CameraWindow"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\StillImage\Events\STIProxyEvent\{F33544BA-EAF0-416C-9B41-9A30850902C8}]
"Desc"="Downloads Images From Canon Camera"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\StillImage\Events\STIProxyEvent\{F33544BA-EAF0-416C-9B41-9A30850902C8}]
"Cmdline"="C:\Program Files\Canon\CameraWindowLauncher\CameraLauncher.exe /StiDevice:%1 /StiEvent:%2"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USB\Vid_04a9&Pid_31f3\7583094790A7459AB10854231FC288C6]
"LocationInformation"="Canon Digital Camera"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USB\Vid_04a9&Pid_31f3\7583094790A7459AB10854231FC288C6]
"FriendlyName"="Canon PowerShot SD1400 IS"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USB\Vid_04a9&Pid_3261\188BF52FD120472F811835FBE30AF0F7]
"LocationInformation"="Canon Digital Camera"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USB\Vid_04a9&Pid_3261\188BF52FD120472F811835FBE30AF0F7]
"FriendlyName"="Canon PowerShot A3500 IS #2"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}\0001]
"DriverDesc"="Canon PowerShot SD1400 IS"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}\0001]
"FriendlyName"="Canon PowerShot SD1400 IS"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}\0004]
"DriverDesc"="Canon PowerShot A3500 IS"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}\0004]
"FriendlyName"="Canon PowerShot A3500 IS #2"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\StillImage\Events\STIProxyEvent\{F33544BA-EAF0-416C-9B41-9A30850902C8}]
"Name"="Canon CameraWindow"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\StillImage\Events\STIProxyEvent\{F33544BA-EAF0-416C-9B41-9A30850902C8}]
"Desc"="Downloads Images From Canon Camera"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\StillImage\Events\STIProxyEvent\{F33544BA-EAF0-416C-9B41-9A30850902C8}]
"Cmdline"="C:\Program Files\Canon\CameraWindowLauncher\CameraLauncher.exe /StiDevice:%1 /StiEvent:%2"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\USB\Vid_04a9&Pid_31f3\7583094790A7459AB10854231FC288C6]
"LocationInformation"="Canon Digital Camera"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\USB\Vid_04a9&Pid_31f3\7583094790A7459AB10854231FC288C6]
"FriendlyName"="Canon PowerShot SD1400 IS"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\USB\Vid_04a9&Pid_3261\188BF52FD120472F811835FBE30AF0F7]
"LocationInformation"="Canon Digital Camera"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\USB\Vid_04a9&Pid_3261\188BF52FD120472F811835FBE30AF0F7]
"FriendlyName"="Canon PowerShot A3500 IS #2"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}\0001]
"DriverDesc"="Canon PowerShot SD1400 IS"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}\0001]
"FriendlyName"="Canon PowerShot SD1400 IS"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}\0004]
"DriverDesc"="Canon PowerShot A3500 IS"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}\0004]
"FriendlyName"="Canon PowerShot A3500 IS #2"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StillImage\Events\STIProxyEvent\{F33544BA-EAF0-416C-9B41-9A30850902C8}]
"Name"="Canon CameraWindow"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StillImage\Events\STIProxyEvent\{F33544BA-EAF0-416C-9B41-9A30850902C8}]
"Desc"="Downloads Images From Canon Camera"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StillImage\Events\STIProxyEvent\{F33544BA-EAF0-416C-9B41-9A30850902C8}]
"Cmdline"="C:\Program Files\Canon\CameraWindowLauncher\CameraLauncher.exe /StiDevice:%1 /StiEvent:%2"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB\Vid_04a9&Pid_31f3\7583094790A7459AB10854231FC288C6]
"LocationInformation"="Canon Digital Camera"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB\Vid_04a9&Pid_31f3\7583094790A7459AB10854231FC288C6]
"FriendlyName"="Canon PowerShot SD1400 IS"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB\Vid_04a9&Pid_3261\188BF52FD120472F811835FBE30AF0F7]
"LocationInformation"="Canon Digital Camera"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB\Vid_04a9&Pid_3261\188BF52FD120472F811835FBE30AF0F7]
"FriendlyName"="Canon PowerShot A3500 IS #2"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ia-scanonline.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\protectwinscanonline.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\ia-scanonline.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\protectwinscanonline.com]
[HKEY_USERS\S-1-5-21-1214440339-1659004503-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
"LastKey"="My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Canon"
[HKEY_USERS\S-1-5-21-1214440339-1659004503-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Canon Utilities]
[HKEY_USERS\S-1-5-21-1214440339-1659004503-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\ia-scanonline.com]
[HKEY_USERS\S-1-5-21-1214440339-1659004503-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\protectwinscanonline.com]
[HKEY_USERS\S-1-5-21-1214440339-1659004503-1801674531-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\UnInstaller\UniversalUnInstaller.exe"="Universal Installer Windows"
[HKEY_USERS\S-1-5-21-1214440339-1659004503-1801674531-1004\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}]
"NonCanonicalData"=""
[HKEY_USERS\S-1-5-21-1214440339-1659004503-1801674531-1004\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}]
"NonCanonicalData"=""
[HKEY_USERS\S-1-5-21-1214440339-1659004503-1801674531-1004_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{3f471841-eef2-47d6-89c0-d028f03a4ad5}]
"NonCanonicalData"=""
[HKEY_USERS\S-1-5-21-1214440339-1659004503-1801674531-1004_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}]
"NonCanonicalData"=""
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ia-scanonline.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\protectwinscanonline.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\ia-scanonline.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\protectwinscanonline.com]

====== End Of Search ======


----------



## cherdon (Feb 10, 2009)

Just to let you know, I just double clicked on my outlook express to see if I had any new messages from you and since double clicking the first time didn't bring it up nor did it show hourglass, i did it a second time and counted to see how long it took to come up and it was 66 seconds which isn't right..it use to come up immediately.


----------



## BrianDrab (Oct 22, 2014)

No problem, I'll do my best to resolve all issues. Let's start with the following. Let me know when you have completed.

Step#1 - Clear Application & System Event Logs
1. *Click *your Start button.
2. *Right-Click *on My Computer and *select *Manage.









3. Computer Management will open. *Expand *the Event Viewer and *click *on Application.
4. *Right-click *on Application and select *Clear all Events*.









5. When asked if you wish to save before clearing, please *click *No.
6. Repeat steps 3-5 for the System log.
7. *Close *the Computer Management window.


----------



## cherdon (Feb 10, 2009)

My computer is not listed off my start menu..I assume I can right click off desktop one?


----------



## cherdon (Feb 10, 2009)

Step #1 has been completed


----------



## BrianDrab (Oct 22, 2014)

OK, now let's check the disk to ensure it's in good condition.

Step#1 - ChkDsk Scan
1. Click your Start button and choose Run.
2. Type *cmd *in the Run box and hit enter on the keyboard.
3. You should now have a black window open that you can type in to.
4. Please type *chkdsk /R* and then press enter.
5. You may get a message that says the volume is locked and that you need to reboot for this to work. Type Y on your keyboard and then reboot your computer.
 Note: This may take awhile to run. Let it finish.
6. Download ListChkdskResult.exe by SleepyDude and save it on your desktop.
7. Double-click this file and a text file will open (and also be saved on the desktop as ListChkdskResult.txt). *Please copy the contents of this file and paste into your next post.*


----------



## cherdon (Feb 10, 2009)

chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts Y or N

I did type Y and is now rebooting


----------



## BrianDrab (Oct 22, 2014)

Good. That's all expected. When you reboot your machine the chkdsk will run.


----------



## cherdon (Feb 10, 2009)

chkdsk is finally done...wow that sure takes hours


----------



## cherdon (Feb 10, 2009)

I wasn't able to save ListChkdskResult.exe to my desktop because when I clicked on it, it went right to chrome downloads and the only option was for me to click run or cancel, so I clicked run and this appeared on my desktop

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013

------< Log generate on 1/29/2015 6:13:21 PM >------
Category: 0
Computer Name: CHERYL-A778CF1B
Event Code: 1001
Record Number: 1
Source Name: Winlogon
Time Written: 01-29-2015 @ 18:05:38
Event Type: information
User: 
Message: Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk. 
Cleaning up minor inconsistencies on the drive.
Cleaning up 33 unused index entries from index $SII of file 0x9.
Cleaning up 33 unused index entries from index $SDH of file 0x9.
Cleaning up 33 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.

312560608 KB total disk space.
53465208 KB in 127075 files.
50696 KB in 7982 indexes.
0 KB in bad sectors.
528148 KB in use by the system.
65536 KB occupied by the log file.
258516556 KB available on disk.

4096 bytes in each allocation unit.
78140152 total allocation units on disk.
64629139 allocation units available on disk.

Internal Info:
c0 17 02 00 9d 0f 02 00 f1 64 03 00 00 00 00 00 .........d......
89 15 00 00 02 00 00 00 19 04 00 00 00 00 00 00 ................
00 38 9c 1c 00 00 00 00 12 83 4f 7a 00 00 00 00 .8........Oz....
c0 ec 4f 1c 00 00 00 00 56 ed 6d 26 23 00 00 00 ..O.....V.m&#...
d4 64 83 19 07 00 00 00 8c bd b2 73 2b 00 00 00 .d.........s+...
c0 62 a8 8e 00 00 00 00 18 3d 07 00 63 f0 01 00 .b.......=..c...
00 00 00 00 00 e0 41 bf 0c 00 00 00 2e 1f 00 00 ......A.........

Windows has finished checking your disk.
Please wait while your computer restarts.

-----------------------------------------------------------------------


----------



## BrianDrab (Oct 22, 2014)

Perfect, thanks. If you want to change the default location of your Chrome downloads to go to your desktop you can do the following to make things easier.








Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.







Choose *Settings*. at the bottom of the screen click the
"*Show advanced settings...*" link. Scroll down to find the Downloads section and click the *Change... *button. Select your desktop and click OK.

OK, let's remove the Canon software now. Please do the following and let me know when done.
Step#1 - Registry Cleanup - Canon
Note: This registry fix is specific to this machine only. It should not be applied to any other machine.

1. Download this file to your Desktop.
2. *Double-click *on the downloaded file which should be named regfix.reg.
3. You will get a message box asking if you are sure you want to do this. Please click *Yes*.
4. If all goes well you will get another message that says this was successful. Please click *OK*.
5. Verify that the Canon software is gone from Add/Remove programs and let me know.


----------



## cherdon (Feb 10, 2009)

Changed download settings in chrome to desktop..tks a bunch

Now when i doubleclick on file you told me to download to desktop, this is what comes up automatically

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Canon]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Canon_Inc_IC]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DXImageTransform.Canon.CanonMETEffect]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DXImageTransform.Canon.CanonMETEffect.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F048854A-3E3F-4EFE-9B55-5A91650ED84B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1684D9F0-D4F9-444B-918D-9D4E2566BB0E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{435C76F9-D1BC-4CA9-B37F-DADCBF66C111}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4B23C663-C8A4-4A19-BDD0-50CFE538296C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6EAB2C93-1189-4CDC-B9AB-09F62C8727D5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7FF194D9-FBBC-4946-86DF-149CA10456AE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{93D9978A-EF61-4D41-AC95-5EAEC1DBA772}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A7B83846-828D-4144-9EC3-5243359C489B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B1D24F49-75B9-4501-8E73-70269536873C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D5E4BD2B-A783-4E1E-A3DF-F5FD9C4ADAA6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E6D48B2C-8804-4B06-8148-6C0D385BC535}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FC56C823-8B7F-46F1-9B93-77A402E0D90D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageBrowser EX Agent.lnk]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Autop layHandlers\EventHandlers\ShowPicturesOnArrival]
"CanonZB4PicturesOnArrival"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\ShowPicturesOnArrival]
"CanonZB4PicturesOnArrival"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Autop layHandlers\Handlers\CanonZB4PicturesOnArrival]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\CanonZB4PicturesOnArrival]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\ia-scanonline.com]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\protectwinscanonline.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\StillImage\Reg istered Applications]
"Canon CameraWindow"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\StillImage\Registered Applications]
"Canon CameraWindow"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Came raUserGuide-PSA3500IS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CameraUserGuide-PSA3500IS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Came raWindowDC]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CameraWindowDC]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Imag eBrowser EX]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ImageBrowser EX]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Phot oStitch]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PhotoStitch]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\StillImage\Events\STIProxyE vent\{F33544BA-EAF0-416C-9B41-9A30850902C8}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\StillImage\Events\STIProxyEvent\{F33544BA-EAF0-416C-9B41-9A30850902C8}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USB\Vid_04a9&Pid_31f3\75830947 90A7459AB10854231FC288C6]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USB\Vid_04a9&Pid_31f3\7583094790A7459AB10854231FC288C6]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USB\Vid_04a9&Pid_3261\188BF52F D120472F811835FBE30AF0F7]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USB\Vid_04a9&Pid_3261\188BF52FD120472F811835FBE30AF0F7]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\StillImage\Events\STIProxyE vent\{F33544BA-EAF0-416C-9B41-9A30850902C8}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\StillImage\Events\STIProxyEvent\{F33544BA-EAF0-416C-9B41-9A30850902C8}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\USB\Vid_04a9&Pid_31f3\75830947 90A7459AB10854231FC288C6]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\USB\Vid_04a9&Pid_31f3\7583094790A7459AB10854231FC288C6]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\USB\Vid_04a9&Pid_3261\188BF52F D120472F811835FBE30AF0F7]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\USB\Vid_04a9&Pid_3261\188BF52FD120472F811835FBE30AF0F7]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StillImage\Events\STIPr oxyEvent\{F33544BA-EAF0-416C-9B41-9A30850902C8}]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StillImage\Events\STIProxyEvent\{F33544BA-EAF0-416C-9B41-9A30850902C8}]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB\Vid_04a9&Pid_31f3\7583 094790A7459AB10854231FC288C6]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB\Vid_04a9&Pid_31f3\7583094790A7459AB10854231FC288C6]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB\Vid_04a9&Pid_3261\188B F52FD120472F811835FBE30AF0F7]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB\Vid_04a9&Pid_3261\188BF52FD120472F811835FBE30AF0F7]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ia-scanonline.com]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\protectwinscanonline.com]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\ia-scanonline.com]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\protectwinscanonline.com]
[-HKEY_USERS\S-1-5-21-1214440339-1659004503-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Canon Utilities]
[-HKEY_USERS\S-1-5-21-1214440339-1659004503-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\ia-scanonline.com]
[-HKEY_USERS\S-1-5-21-1214440339-1659004503-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\protectwinscanonline.com]
[-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ia-scanonline.com]
[-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\protectwinscanonline.com]
[-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\ia-scanonline.com]
[-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\protectwinscanonline.com]


----------



## BrianDrab (Oct 22, 2014)

I see. You should be able to *Right-Click* on the link and select *Save Link As*... and then save to your desktop. Then once it's on your desktop you can double-click it.


----------



## cherdon (Feb 10, 2009)

Your not going to believe this. I just changed download in chrome to go to my desktop, well when i right clicked on your link and clicked on save link as, at bottom in file name box it actually said regfix but yet on my desktop its named unconfirmed 284717.crdownload (if i click on it it says this program doesn't have a file associated with it) then it reverts over to chrome downloads again and once again another error regfix.regDownload error
https://dl.dropboxusercontent.com/u/6063925/GeeksToGo/Logs/1139638/regfix.reg
Remove from list


----------



## cherdon (Feb 10, 2009)

Checked add/remove..all 4 Canon programs are GONE...hooray


----------



## BrianDrab (Oct 22, 2014)

> its named unconfirmed 284717.crdownload


That just means it didn't fully download. Try it again. As you mentioned you sometimes have to do it two or three times before it downloads correctly. The file has to be regfix.reg when it is complete. Then you can double-click on it.

No need to look in Add/Remove programs until you can run the fix.


----------



## cherdon (Feb 10, 2009)

You must have missed reading my post above yours..I did download again and run the fix. It worked..Canon is bye bye


----------



## BrianDrab (Oct 22, 2014)

Ahhh..yes I missed the *hooray*. Now that the registry is cleaned up with regards to the Canon stuff we need to clean up the file system now. Please do the following.

Step#1 - File Identification
1. Run *FRST.exe* by *Double-Clicking *on the file.
2. Type the word Canon into the* Search box *of the FRST window.
3. Click the *Search Files *button.
4. When the search is done it will open a notepad window with the results. Can you copy/paste the contents of this window into your next post?


----------



## cherdon (Feb 10, 2009)

Farbar Recovery Scan Tool (x86) Version: 28-01-2015 01
Ran by Cheryl at 2015-01-29 19:53:29
Running from C:\Documents and Settings\Cheryl\Desktop
Boot Mode: Normal

================== Search: "Canon" ===================

=== End Of Search ===

Just taking a 10 min break


----------



## BrianDrab (Oct 22, 2014)

Awesome. Now do the exact same thing but this time type in **Canon** for the search term. That's an asterisk before and after the word Canon. Thanks.


----------



## cherdon (Feb 10, 2009)

Farbar Recovery Scan Tool (x86) Version: 28-01-2015 01
Ran by Cheryl at 2015-01-29 20:09:02
Running from C:\Documents and Settings\Cheryl\Desktop
Boot Mode: Normal

================== Search: "*Canon*" ===================

C:\Documents and Settings\Cheryl\Application Data\Canon_Inc_IC\ServiceLog\AutoUpdateService\Canon_ACT_SERVICELOG_20131229093215.txt
[2013-12-29 09:32][2013-12-29 09:32] 0798693 ____A () d4a50b89529f552e21b9ec244f2c87d7

C:\Documents and Settings\All Users\Application Data\Canon_Inc_IC\UniversalInstaller\ServiceLog\CANON_UIX_SERVICELOG_20131229092250.TXT
[2013-12-29 09:22][2013-12-29 09:34] 0163111 ____A () feb4d459fa766a02dbcfee5318378bbc

C:\Documents and Settings\All Users\Application Data\Canon_Inc_IC\UniversalInstaller\ServiceLog\CANON_UIX_SERVICELOG_20150123204053.TXT
[2015-01-23 20:40][2015-01-23 20:40] 0001937 ____A () 621af1b87b67e0c0638c92b34a5362b5

C:\Documents and Settings\All Users\Application Data\Canon_Inc_IC\UniversalInstaller\ServiceLog\CANON_UIX_SERVICELOG_20150123204104.TXT
[2015-01-23 20:41][2015-01-23 20:41] 0011190 ____A () 7ae54d6b0fd5c734476bbd314b8a12b2

C:\Documents and Settings\All Users\Application Data\Canon_Inc_IC\UniversalInstaller\ServiceLog\CANON_UIX_SERVICELOG_20150123204124.TXT
[2015-01-23 20:41][2015-01-23 20:43] 0075743 ____A () f0c0655cc1bb4574b9f4c807badb0c75

C:\Documents and Settings\All Users\Application Data\Canon_Inc_IC\UniversalInstaller\ServiceLog\CANON_UIX_SERVICELOG_20150123204315.TXT
[2015-01-23 20:43][2015-01-23 20:43] 0006076 ____A () d21e8275140a18e3ecf59eec8d45ae59

C:\Documents and Settings\All Users\Application Data\Canon_Inc_IC\UniversalInstaller\ServiceLog\CANON_UIX_SERVICELOG_20150126161134.TXT
[2015-01-26 16:11][2015-01-26 16:11] 0000154 ____A () 73629235ebfa2fc1ba5b3b07022ebb55

C:\Documents and Settings\All Users\Application Data\Canon_Inc_IC\UniversalInstaller\ServiceLog\CANON_UIX_SERVICELOG_20150126161142.TXT
[2015-01-26 16:11][2015-01-26 16:11] 0000154 ____A () f712dbd40bd773048a859ffb2b67fbce

C:\Documents and Settings\All Users\Application Data\Canon_Inc_IC\UniversalInstaller\ServiceLog\CANON_UIX_SERVICELOG_20150126161146.TXT
[2015-01-26 16:11][2015-01-26 16:11] 0000154 ____A () 71d51d5c65f57dc250aebbdfd4834669

C:\Documents and Settings\All Users\Application Data\Canon_Inc_IC\UniversalInstaller\ServiceLog\CANON_UIX_SERVICELOG_20150126161155.TXT
[2015-01-26 16:11][2015-01-26 16:11] 0000154 ____A () 33f53c5e66974edc2b896edea8b0f0f0

C:\Documents and Settings\All Users\Application Data\Canon_Inc_IC\UniversalInstaller\ServiceLog\CANON_UIX_SERVICELOG_20150126161622.TXT
[2015-01-26 16:16][2015-01-26 16:16] 0000154 ____A () bd8a5e7ede2162700416783d3acff010

C:\Documents and Settings\All Users\Application Data\Canon_Inc_IC\UniversalInstaller\ServiceLog\CANON_UIX_SERVICELOG_20150126234036.TXT
[2015-01-26 23:40][2015-01-26 23:40] 0000154 ____A () fad68ccd62aa3fa13c087d62b04ff9e5

C:\Documents and Settings\All Users\Application Data\Canon_Inc_IC\UniversalInstaller\ServiceLog\CANON_UIX_SERVICELOG_20150126234054.TXT
[2015-01-26 23:40][2015-01-26 23:40] 0000154 ____A () 79893c76179dff6b71581b68f26a1ff5

C:\Documents and Settings\All Users\Application Data\Canon_Inc_IC\UniversalInstaller\ServiceLog\CANON_UIX_SERVICELOG_20150127144554.TXT
[2015-01-27 14:45][2015-01-27 14:45] 0000154 ____A () 54d115ab25d0427c37d3c4581b6da23b

C:\Documents and Settings\All Users\Application Data\Canon_Inc_IC\UniversalInstaller\ServiceLog\CANON_UIX_SERVICELOG_20150127144703.TXT
[2015-01-27 14:47][2015-01-27 14:47] 0000154 ____A () 2590ca2ef9a89b9309e422af91a1c77a

C:\Documents and Settings\All Users\Application Data\Canon_Inc_IC\UniversalInstaller\ServiceLog\CANON_UIX_SERVICELOG_20150129110858.TXT
[2015-01-29 11:08][2015-01-29 11:09] 0000154 ____A () 961ba584f2f6445c68893dc4b72cc416

C:\Documents and Settings\All Users\Application Data\Canon_Inc_IC\UniversalInstaller\ServiceLog\CANON_UIX_SERVICELOG_20150129111210.TXT
[2015-01-29 11:12][2015-01-29 11:12] 0000154 ____A () b1522390baca44e8c9b0539fb02d0446

C:\Documents and Settings\All Users\Application Data\Canon_Inc_IC\UniversalInstaller\ServiceLog\CANON_UIX_SERVICELOG_20150129111243.TXT
[2015-01-29 11:12][2015-01-29 11:12] 0000154 ____A () 07e8bc65d1f00bb1b16ef2c671978d77

C:\Documents and Settings\All Users\Application Data\Canon_Inc_IC\UniversalInstaller\ServiceLog\CANON_UIX_SERVICELOG_20150129111258.TXT
[2015-01-29 11:12][2015-01-29 11:12] 0000154 ____A () 08d71793047601176b1bd56e2b5f8db8

=== End Of Search ===


----------



## BrianDrab (Oct 22, 2014)

Good job. While I'm preparing that fix please do the following.

Step#1 - Mini Toolbox
1. Please download MiniToolBox, save it to your *desktop *and run it.
2. Ensure your internet browsers are *closed*.
3. Click the "*Select All*" checkbox at the top of the form.
4. Click the *Go *button.
5. Notepad will open with the log once it completes. *Post the result *(Result.txt). A copy of *Result.txt *will be saved in the same directory the tool is run.


----------



## cherdon (Feb 10, 2009)

MiniToolBox by Farbar Version: 30-11-2014
Ran by Cheryl (administrator) on 29-01-2015 at 20:14:23
Running from "C:\Documents and Settings\Cheryl\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
127.0.0.1 localhost
127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC = Local Area Connection (Connected)

# ---------------------------------- 
# Interface IP Configuration 
# ---------------------------------- 
pushd interface ip

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp 
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

popd
# End of interface IP configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : cheryl-a778cf1b

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

 Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-25-22-18-87-FE

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.4

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 24.226.1.93

24.226.10.193

Lease Obtained. . . . . . . . . . : Thursday, January 29, 2015 8:05:39 PM

Lease Expires . . . . . . . . . . : Thursday, January 29, 2015 9:05:39 PM

Server: ns3.cgocable.net
Address: 24.226.1.93

Name: google.com
Addresses: 173.194.43.73, 173.194.43.65, 173.194.43.72, 173.194.43.70
173.194.43.66, 173.194.43.78, 173.194.43.67, 173.194.43.68, 173.194.43.64
173.194.43.71, 173.194.43.69

Pinging google.com [173.194.43.67] with 32 bytes of data:

Reply from 173.194.43.67: bytes=32 time=14ms TTL=57

Reply from 173.194.43.67: bytes=32 time=24ms TTL=57

Ping statistics for 173.194.43.67:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 14ms, Maximum = 24ms, Average = 19ms

Server: ns3.cgocable.net
Address: 24.226.1.93

Name: yahoo.com
Addresses: 206.190.36.45, 98.138.253.109, 98.139.183.24

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:

Reply from 98.138.253.109: bytes=32 time=108ms TTL=46

Reply from 98.138.253.109: bytes=32 time=98ms TTL=46

Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 98ms, Maximum = 108ms, Average = 103ms

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 25 22 18 87 fe ...... Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.4 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.4 192.168.0.4 20
192.168.0.4 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.4 192.168.0.4 20
224.0.0.0 240.0.0.0 192.168.0.4 192.168.0.4 20
255.255.255.255 255.255.255.255 192.168.0.4 192.168.0.4 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================

System errors:
=============
Error: (01/29/2015 06:18:10 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
3DVIA player 5.0.0.20 (HKLM\...\{B01DD1A4-F4E1-4CE7-AB6E-3168C5BD5D30}) (Version: 5.0.20 - 3DVIA)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden
C510 (Version: 140.0.344.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Destinations (Version: 140.0.167.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden
Haali Media Splitter (HKLM\...\HaaliMkx) (Version: - )
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart eStn C510 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{EEEA9020-FCB0-4E35-82B9-D0994EF267B0}) (Version: 14.0 - HP)
HP Product Detection (HKLM\...\{8A9FC225-75F6-4B5D-911C-0ED230565643}) (Version: 11.15.0009 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAppStudio (Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
KODAK Share Button App (HKLM\...\{F5930CDE-2FF5-4A8D-9DBD-3177C816D4A9}) (Version: 4.05.0000.0000 - Eastman Kodak Company)
LeapFrog Connect (Version: 4.2.13.16151 - LeapFrog) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version: - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden
PokerStars.net (HKLM\...\PokerStars.net) (Version: - PokerStars.net)
PS_AIO_07_C510_SW_Min (Version: 140.0.344.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Rapport (Version: 3.5.1404.61 - Trusteer) Hidden
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.23.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5730 - Realtek Semiconductor Corp.)
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (Version: 140.0.256.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1404.61 - Trusteer)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)

========================= Devices: ================================

Name: SASKUTIL
Description: SASKUTIL
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SASKUTIL
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

========================= Memory info: ===================================

Percentage of memory in use: 25%
Total physical RAM: 2038.23 MB
Available physical RAM: 1510.41 MB
Total Pagefile: 3934.63 MB
Available Pagefile: 3565.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.55 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:298.08 GB) (Free:246.42 GB) NTFS

========================= Users: ========================================

User accounts for \\CHERYL-A778CF1B

Administrator Cheryl Guest 
HelpAssistant SUPPORT_388945a0

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini012715-01.dmp
========================= Restore Points ==================================

01-11-2014 03:53:25 System Checkpoint
02-11-2014 04:16:19 System Checkpoint
02-11-2014 11:19:49 Removed AVG 2015
03-11-2014 13:40:52 Removed AVG 2015
03-11-2014 13:43:01 Removed AVG 2015
04-11-2014 17:40:40 System Checkpoint
05-11-2014 17:52:23 System Checkpoint
06-11-2014 17:59:04 System Checkpoint
07-11-2014 18:25:43 System Checkpoint
08-11-2014 19:00:18 System Checkpoint
09-11-2014 19:03:00 System Checkpoint
10-11-2014 20:07:08 System Checkpoint
11-11-2014 20:51:19 System Checkpoint
12-11-2014 20:54:04 System Checkpoint
13-11-2014 08:00:25 Software Distribution Service 3.0
14-11-2014 14:53:38 System Checkpoint
15-11-2014 15:11:40 System Checkpoint
16-11-2014 15:22:18 System Checkpoint
17-11-2014 16:58:31 System Checkpoint
18-11-2014 17:14:32 System Checkpoint
19-11-2014 18:44:15 System Checkpoint
20-11-2014 11:43:36 Removed Google Earth.
21-11-2014 13:27:50 System Checkpoint
22-11-2014 14:23:36 System Checkpoint
23-11-2014 15:39:24 System Checkpoint
24-11-2014 16:34:19 System Checkpoint
25-11-2014 16:56:21 System Checkpoint
26-11-2014 16:58:24 System Checkpoint
27-11-2014 17:35:33 System Checkpoint
28-11-2014 20:07:32 System Checkpoint
29-11-2014 21:22:19 System Checkpoint
30-11-2014 21:30:00 System Checkpoint
01-12-2014 21:52:27 System Checkpoint
02-12-2014 22:38:27 System Checkpoint
04-12-2014 01:57:06 System Checkpoint
05-12-2014 04:59:52 System Checkpoint
06-12-2014 16:58:03 System Checkpoint
07-12-2014 17:40:34 System Checkpoint
08-12-2014 18:03:32 System Checkpoint
09-12-2014 19:52:29 System Checkpoint
10-12-2014 20:36:53 System Checkpoint
11-12-2014 10:08:52 Software Distribution Service 3.0
12-12-2014 14:10:27 System Checkpoint
13-12-2014 14:33:01 System Checkpoint
14-12-2014 15:57:56 System Checkpoint
14-12-2014 20:59:19 Installed AVG 2015
14-12-2014 21:00:16 Installed AVG 2015
14-12-2014 23:06:43 Installed AVG PC TuneUp 2015
15-12-2014 23:28:45 System Checkpoint
15-12-2014 23:45:43 Removed AVG PC TuneUp 2015
15-12-2014 23:47:53 Removed AVG PC TuneUp 2015 (en-US)
16-12-2014 23:55:57 System Checkpoint
18-12-2014 00:02:55 System Checkpoint
19-12-2014 00:03:49 System Checkpoint
20-12-2014 00:59:32 System Checkpoint
21-12-2014 00:21:47 Installed Windows XP KB942288-v3.
21-12-2014 00:22:32 AA11
21-12-2014 00:26:04 LavasoftWeCompanion
21-12-2014 03:11:53 AA11
21-12-2014 03:26:29 LavasoftWeCompanion
21-12-2014 19:02:18 Removed AVG 2015
21-12-2014 19:04:30 Removed AVG 2015
21-12-2014 19:08:31 Removed Visual Studio 2012 x86 Redistributables
23-12-2014 01:50:04 System Checkpoint
23-12-2014 04:49:21 avast! antivirus system restore point
24-12-2014 17:10:57 System Checkpoint
25-12-2014 17:29:05 System Checkpoint
26-12-2014 17:47:38 System Checkpoint
27-12-2014 18:17:41 System Checkpoint
28-12-2014 18:23:52 System Checkpoint
29-12-2014 18:57:25 System Checkpoint
30-12-2014 18:59:34 System Checkpoint
31-12-2014 21:09:05 System Checkpoint
01-01-2015 21:55:13 System Checkpoint
02-01-2015 21:56:45 System Checkpoint
03-01-2015 22:37:02 System Checkpoint
05-01-2015 13:06:38 System Checkpoint
06-01-2015 13:56:11 System Checkpoint
07-01-2015 15:05:08 System Checkpoint
08-01-2015 03:45:36 Installed Rapport
09-01-2015 04:39:49 System Checkpoint
10-01-2015 13:49:37 System Checkpoint
11-01-2015 12:54:37 Removed iTunes
12-01-2015 13:10:17 System Checkpoint
12-01-2015 17:49:13 Installed Rapport
13-01-2015 18:05:22 System Checkpoint
14-01-2015 12:59:08 Software Distribution Service 3.0
15-01-2015 13:46:09 System Checkpoint
16-01-2015 16:04:24 System Checkpoint
17-01-2015 16:41:25 System Checkpoint
18-01-2015 18:18:23 System Checkpoint
19-01-2015 18:20:35 System Checkpoint
20-01-2015 18:58:25 System Checkpoint
21-01-2015 19:45:05 System Checkpoint
22-01-2015 20:07:36 System Checkpoint
23-01-2015 19:05:35 avast! antivirus system restore point
23-01-2015 19:46:17 avast! antivirus system restore point
24-01-2015 01:49:26 Removed Apple Application Support
24-01-2015 01:51:23 Removed Apple Mobile Device Support
24-01-2015 01:52:14 Removed Apple Software Update
24-01-2015 17:35:55 Removed QuickTime 7
24-01-2015 17:48:39 Installed QuickTime 7
25-01-2015 18:27:33 System Checkpoint
26-01-2015 16:09:23 Restore Operation
26-01-2015 17:58:26 Restore Operation
26-01-2015 19:50:12 avast! antivirus system restore point
26-01-2015 20:11:46 avast! antivirus system restore point
27-01-2015 21:53:09 System Checkpoint
28-01-2015 01:38:54 Restore Point Created by FRST
28-01-2015 05:06:18 Restore Point Created by FRST
29-01-2015 01:40:40 Restore Point Created by FRST
29-01-2015 11:44:49 Restore Point Created by FRST
29-01-2015 12:02:41 Restore Point Created by FRST

**** End of log ****


----------



## BrianDrab (Oct 22, 2014)

You're getting good at this (smile). While I review that log here's the final fix for the Canon cleanup.

Step#1 - FRST Fix
*NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system*
1. Download attached file and save it to the *Desktop*.
*Note.* It's important that both files, *FRST* and *fixlist.txt *are in the same location or the fix will not work (in this case...the desktop).
2. Run *FRST* by *Double-Clicking *on FRST.exe.
3. Press the *Fix* button just once and wait.
4. When finished FRST will generate a log on the Desktop (*Fixlog.txt*). Please post the contents of it in your reply.


----------



## cherdon (Feb 10, 2009)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-01-2015 01
Ran by Cheryl at 2015-01-29 20:19:20 Run:6
Running from C:\Documents and Settings\Cheryl\Desktop
Loaded Profiles: Cheryl (Available profiles: Cheryl)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Documents and Settings\Cheryl\Application Data\Canon_Inc_IC
C:\Documents and Settings\All Users\Application Data\Canon_Inc_IC

*****************

C:\Documents and Settings\Cheryl\Application Data\Canon_Inc_IC => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Canon_Inc_IC => Moved successfully.

==== End of Fixlog 20:19:20 ====


----------



## BrianDrab (Oct 22, 2014)

Excellent! Now go to Add/Remove programs and remove SUPERAntiSpyware. It's driver is showing an issue. If this is something you wish to use I would suggest you wait until we declare you all clean before re-installing. Let me know how it goes.


----------



## cherdon (Feb 10, 2009)

SUPERAntiSpyware has been removed from add/remove


----------



## BrianDrab (Oct 22, 2014)

That's good.

OK, we need to check for any broken services.

1. Please download *Farbar Service Scanner* to your desktop.
2. Make sure that ALL the options are checked:
3. Press "*Scan*".
4. It will create a log (FSS.txt) in the same directory the tool is run.
5. Please copy and paste the log to your reply.


----------



## cherdon (Feb 10, 2009)

Farbar Service Scanner Version: 17-01-2015
Ran by Cheryl (administrator) on 29-01-2015 at 20:33:30
Running from "C:\Documents and Settings\Cheryl\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Policy: 
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
C:\WINDOWS\system32\netman.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\srsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
C:\WINDOWS\system32\qmgr.dll => File is digitally signed
C:\WINDOWS\system32\es.dll => File is digitally signed
C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed

Extra List:
=======
aswTdi(13) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) 
0x0D0000000500000003000000040000000D0000000C0000000B0000000A000000090000000800000007000000010000000200000006000000
IpSec Tag value is correct.

**** End of log ****


----------



## BrianDrab (Oct 22, 2014)

Perfect. I would like to have you Uninstall Google Chrome from Add/Remove programs and then re-download and install the program. This will hopefully eliminate the final few errors I am seeing.


Before you do though, do you have many bookmarks that you need to keep?


----------



## cherdon (Feb 10, 2009)

I have 9 bookmarks I want to keep oh and would the best way to re install google chrome be via internet explorer or should i google chrome downloads?


----------



## BrianDrab (Oct 22, 2014)

OK, in my experience, uninstalling and re-installing Chrome doesn't get rid of your bookmarks but I like to make a backup just the same.

*Export bookmarks from Chrome*


In the top-right corner of the browser window, click the Chrome menu







.
Select *Bookmarks* > *Bookmark Manager*.
Click the "Organize" menu in the manager.
Select *Export bookmarks *and save the .html file to your desktop.

Then go ahead and remove Google Chrome from Add/Remove programs. When you do this you will be asked if you wish to remove Browsing data. Don't.

After it's uninstalled, go back to http://www.google.com/chrome and download/install your browser. Verify your bookmarks are there.


----------



## cherdon (Feb 10, 2009)

Exported bookmarks
Removed Chrome from add/remove...did not put a check next to browsing data
Clicked on your link to re install and of course it didn't work once again..before when i use to uninstall and reinstall, it would come right up no problem..heres the error i got >>> Cannot continue. The application is improperly formatted. Contact the application vendor for assistance. 
PLATFORM VERSION INFO
Windows : 5.1.2600.196608 (Win32NT)
Common Language Runtime : 2.0.50727.3655
System.Deployment.dll : 2.0.50727.3053 (netfxsp.050727-3000)
mscorwks.dll : 2.0.50727.3655 (GDR.050727-3600)
dfdll.dll : 2.0.50727.3053 (netfxsp.050727-3000)
dfshim.dll : 4.0.31106.0 (Main.031106-0000)
SOURCES
Deployment url : https://dl.google.com/update2/1.3.25.11/GoogleInstaller_en.application?appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7B4C5B0011-523B-4FD3-5E1B-B40362CD2CDB%7D%26lang%3Den%26browser%3D2%26usagestats%3D0%26appname%3DGoogle%2520Chrome%26needsadmin%3Dprefers%26installdataindex%3Ddefaultbrowser
Server : downloads
ERROR SUMMARY
Below is a summary of the errors, details of these errors are listed later in the log.
* Activation of https://dl.google.com/update2/1.3.2...admin=prefers&installdataindex=defaultbrowser resulted in exception. Following failure messages were detected:
+ Your Web browser settings do not allow you to run unsigned applications.
COMPONENT STORE TRANSACTION FAILURE SUMMARY
No transaction error was detected.
WARNINGS
There were no warnings during this operation.
OPERATION PROGRESS STATUS
* [1/29/2015 8:51:07 PM] : Activation of https://dl.google.com/update2/1.3.2...admin=prefers&installdataindex=defaultbrowser has started.
ERROR DETAILS
Following errors were detected during this operation.
* [1/29/2015 8:51:09 PM] System.Deployment.Application.InvalidDeploymentException (Manifest)
- Your Web browser settings do not allow you to run unsigned applications.
- Source: System.Deployment
- Stack trace:
at System.Deployment.Application.ApplicationActivator.BrowserSettings.Validate(String manifestPath)
at System.Deployment.Application.ApplicationActivator.PerformDeploymentActivation(Uri activationUri, Boolean isShortcut, String textualSubId, String deploymentProviderUrlFromExtension, BrowserSettings browserSettings, String& errorPageUrl)
at System.Deployment.Application.ApplicationActivator.ActivateDeploymentWorker(Object state)
COMPONENT STORE TRANSACTION DETAILS
No transaction information is available.


----------



## BrianDrab (Oct 22, 2014)

That's what I kind of suspected. The Google Chrome install didn't look quite right. While I'm reviewing this please do the following so I can see what else may be broke.

Step#1 - Retrieve Event Log Messages
1. *Download *Event Viewer Tool  by Vino Rosso to your Desktop
2. *Double-click *on the file (*VEW.exe*) to open.
3. *Check *the options as shown below and put *20 *in for the number of events.
4. Click *Run*. After a few moments, notepad will open with the contents of the Event Logs. Please *copy and paste* these in your next post. Thank you.


----------



## cherdon (Feb 10, 2009)

While waiting for your response, I decided to access facebook via IE and got this stop running this script .. a script on this page is causing IE to run slowly. If it continues to run your computer might become unresponsive and then when I clicked out of that and tried to x out, i couldn't computer froze again..had to wait to finally get back in here. Ok checking out what you just posted..but wanted to let you know this because this isn't the first time ive gotten that script error


----------



## cherdon (Feb 10, 2009)

Vino's Event Viewer v01c run on Windows XP in English
Report run at 29/01/2015 9:04:24 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 29/01/2015 6:18:10 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


----------



## BrianDrab (Oct 22, 2014)

Cool. I need to put my kids to bed so will be back in 30 minutes. Just thought I would let you know.


----------



## cherdon (Feb 10, 2009)

No problem..I will be around...maybe I will take another break myself..thanks for letting me know BrianDrab


----------



## BrianDrab (Oct 22, 2014)

OK, let's try to reset Internet Explorer and then see if you can install Chrome.

Reset IE
1. Open Internet Explorer.
2. Click the *Tools* menu and select *Internet Options*
3. Click the *Advanced* tab.
4. Click the *Reset*... button near the bottom of the screen.
5. Leave Delete personal settings unchecked and click the *Reset* button.
6. Once it's done you can click the Close button.
7. You will get a message telling you that you need to reboot your computer. Just answer OK.
8. Reboot your machine.

Now try to go to http://www.google.com/chrome and install again. Let me know.


----------



## cherdon (Feb 10, 2009)

Ok I did what you said as far as resetting IE but when I clicked ok for it to reboot the blue line across bottom was going real slow and then it stopped so I had to x out and reboot off start menu..hopefully that was ok, only choice I had..then when desktop came up, I clicked on outlook express and it still took rather long to come up, not to mention I got hourglass and it froze arghhhh..then I clicked on IE and IE 8 box came up with next or ask me later so I just chose ask me later..Now I will click on your chrome link to see if it will install


----------



## cherdon (Feb 10, 2009)

Ok got my Google Chrome back and my 9 bookmarks..i guess my big mistake when I deleted it last time was deleting browsing .. I didn't know in doing so I would be deleting my close to 100 bookmarks..


----------



## BrianDrab (Oct 22, 2014)

Glad it's back. Your Disk is fragmented so we need to Defrag your disk as well. Once this is done we can start addressing any remaining issues that you have.

Defrag Your Disk


Open My Computer.
Right-click the local disk volume that you want to defragment, and then click *Properties*.
On the *Tools* tab, click *Defragment Now*.
Click *Defragment*.


----------



## cherdon (Feb 10, 2009)

ok BrianDrab..sounds like a plan..will do it now..I'm sure this is going to take awhile. Just letting you know now depending on when this finishes, if its too late, i will have to wait until tomorrow to do the rest but I have to have hubby at hospital for 8am for blood transfusion.


----------



## BrianDrab (Oct 22, 2014)

No problem. Good evening and talk to you tomorrow.


----------



## cherdon (Feb 10, 2009)

At 1:24 am it was only at 48%..when i woke up this morning it had completed...here is the log below...im heading to hospital now

Volume (C
Volume size = 298 GB
Cluster size = 4 KB
Used space = 51.64 GB
Free space = 246 GB
Percent free space = 82 %

Volume fragmentation
Total fragmentation = 0 %
File fragmentation = 0 %
Free space fragmentation = 0 %

File fragmentation
Total files = 127,680
Average file size = 621 KB
Total fragmented files = 0
Total excess fragments = 527
Average fragments per file = 1.00

Pagefile fragmentation
Pagefile size = 2.00 GB
Total fragments = 1

Folder fragmentation
Total folders = 7,980
Fragmented folders = 1
Excess folder fragments = 0

Master File Table (MFT) fragmentation
Total MFT size = 134 MB
MFT record count = 137,679
Percent MFT in use = 99 %
Total MFT fragments = 3

--------------------------------------------------------------------------------
Fragments File Size Files that cannot be defragmented
None


----------



## BrianDrab (Oct 22, 2014)

Thanks. Please provide a fresh set of logs.


Step#1 - Fresh Set of Logs Needed
1. Double-click on FRST.exe to open.
3. Note: Ensure that the Addition.txt check box is checked at the bottom of the form within the Optional Scan area.
4. Press *Scan* button.
5. It will produce a log called *FRST.txt* in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. Another log (*Addition.txt* - also located in the same directory as FRST.exe) will be created. Please also paste that along with the FRST.txt into your reply.


----------



## cherdon (Feb 10, 2009)

Odd..the FRST notepad came up empty..see below

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-01-2015 01
Ran by Cheryl at 2015-01-30 11:11:26
Running from C:\Documents and Settings\Cheryl\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
3DVIA player 5.0.0.20 (HKLM\...\{B01DD1A4-F4E1-4CE7-AB6E-3168C5BD5D30}) (Version: 5.0.20 - 3DVIA)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden
C510 (Version: 140.0.344.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Destinations (Version: 140.0.167.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden
Haali Media Splitter (HKLM\...\HaaliMkx) (Version: - )
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart eStn C510 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{EEEA9020-FCB0-4E35-82B9-D0994EF267B0}) (Version: 14.0 - HP)
HP Product Detection (HKLM\...\{8A9FC225-75F6-4B5D-911C-0ED230565643}) (Version: 11.15.0009 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAppStudio (Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
KODAK Share Button App (HKLM\...\{F5930CDE-2FF5-4A8D-9DBD-3177C816D4A9}) (Version: 4.05.0000.0000 - Eastman Kodak Company)
LeapFrog Connect (Version: 4.2.13.16151 - LeapFrog) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden
PokerStars.net (HKLM\...\PokerStars.net) (Version: - PokerStars.net)
PS_AIO_07_C510_SW_Min (Version: 140.0.344.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Rapport (Version: 3.5.1404.61 - Trusteer) Hidden
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.23.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5730 - Realtek Semiconductor Corp.)
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (Version: 140.0.256.000 - Hewlett-Packard) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1404.61 - Trusteer)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Cheryl\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Cheryl\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Cheryl\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Cheryl\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Cheryl\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Cheryl\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Cheryl\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Cheryl\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Cheryl\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-1659004503-1801674531-1004_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Cheryl\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

01-11-2014 23:16:19 System Checkpoint
02-11-2014 06:19:49 Removed AVG 2015
03-11-2014 08:40:52 Removed AVG 2015
03-11-2014 08:43:01 Removed AVG 2015
04-11-2014 12:40:40 System Checkpoint
05-11-2014 12:52:23 System Checkpoint
06-11-2014 12:59:04 System Checkpoint
07-11-2014 13:25:43 System Checkpoint
08-11-2014 14:00:18 System Checkpoint
09-11-2014 14:03:00 System Checkpoint
10-11-2014 15:07:08 System Checkpoint
11-11-2014 15:51:19 System Checkpoint
12-11-2014 15:54:04 System Checkpoint
13-11-2014 03:00:25 Software Distribution Service 3.0
14-11-2014 09:53:38 System Checkpoint
15-11-2014 10:11:40 System Checkpoint
16-11-2014 10:22:18 System Checkpoint
17-11-2014 11:58:31 System Checkpoint
18-11-2014 12:14:32 System Checkpoint
19-11-2014 13:44:15 System Checkpoint
20-11-2014 06:43:36 Removed Google Earth.
21-11-2014 08:27:50 System Checkpoint
22-11-2014 09:23:36 System Checkpoint
23-11-2014 10:39:24 System Checkpoint
24-11-2014 11:34:19 System Checkpoint
25-11-2014 11:56:21 System Checkpoint
26-11-2014 11:58:24 System Checkpoint
27-11-2014 12:35:33 System Checkpoint
28-11-2014 15:07:32 System Checkpoint
29-11-2014 16:22:19 System Checkpoint
30-11-2014 16:30:00 System Checkpoint
01-12-2014 16:52:27 System Checkpoint
02-12-2014 17:38:27 System Checkpoint
03-12-2014 20:57:06 System Checkpoint
04-12-2014 23:59:52 System Checkpoint
06-12-2014 11:58:03 System Checkpoint
07-12-2014 12:40:34 System Checkpoint
08-12-2014 13:03:32 System Checkpoint
09-12-2014 14:52:29 System Checkpoint
10-12-2014 15:36:53 System Checkpoint
11-12-2014 05:08:52 Software Distribution Service 3.0
12-12-2014 09:10:27 System Checkpoint
13-12-2014 09:33:01 System Checkpoint
14-12-2014 10:57:56 System Checkpoint
14-12-2014 15:59:19 Installed AVG 2015
14-12-2014 16:00:16 Installed AVG 2015
14-12-2014 18:06:43 Installed AVG PC TuneUp 2015
15-12-2014 18:28:45 System Checkpoint
15-12-2014 18:45:43 Removed AVG PC TuneUp 2015
15-12-2014 18:47:53 Removed AVG PC TuneUp 2015 (en-US)
16-12-2014 18:55:57 System Checkpoint
17-12-2014 19:02:55 System Checkpoint
18-12-2014 19:03:49 System Checkpoint
19-12-2014 19:59:32 System Checkpoint
20-12-2014 19:21:47 Installed Windows XP KB942288-v3.
20-12-2014 19:22:32 AA11
20-12-2014 19:26:04 LavasoftWeCompanion
20-12-2014 22:11:53 AA11
20-12-2014 22:26:29 LavasoftWeCompanion
21-12-2014 14:02:18 Removed AVG 2015
21-12-2014 14:04:30 Removed AVG 2015
21-12-2014 14:08:31 Removed Visual Studio 2012 x86 Redistributables
22-12-2014 20:50:04 System Checkpoint
22-12-2014 23:49:21 avast! antivirus system restore point
24-12-2014 12:10:57 System Checkpoint
25-12-2014 12:29:05 System Checkpoint
26-12-2014 12:47:38 System Checkpoint
27-12-2014 13:17:41 System Checkpoint
28-12-2014 13:23:52 System Checkpoint
29-12-2014 13:57:25 System Checkpoint
30-12-2014 13:59:34 System Checkpoint
31-12-2014 16:09:05 System Checkpoint
01-01-2015 16:55:13 System Checkpoint
02-01-2015 16:56:45 System Checkpoint
03-01-2015 17:37:02 System Checkpoint
05-01-2015 08:06:38 System Checkpoint
06-01-2015 08:56:11 System Checkpoint
07-01-2015 10:05:08 System Checkpoint
07-01-2015 22:45:36 Installed Rapport
08-01-2015 23:39:49 System Checkpoint
10-01-2015 08:49:37 System Checkpoint
11-01-2015 07:54:37 Removed iTunes
12-01-2015 08:10:17 System Checkpoint
12-01-2015 12:49:13 Installed Rapport
13-01-2015 13:05:22 System Checkpoint
14-01-2015 07:59:08 Software Distribution Service 3.0
15-01-2015 08:46:09 System Checkpoint
16-01-2015 11:04:24 System Checkpoint
17-01-2015 11:41:25 System Checkpoint
18-01-2015 13:18:23 System Checkpoint
19-01-2015 13:20:35 System Checkpoint
20-01-2015 13:58:25 System Checkpoint
21-01-2015 14:45:05 System Checkpoint
22-01-2015 15:07:36 System Checkpoint
23-01-2015 14:05:35 avast! antivirus system restore point
23-01-2015 14:46:17 avast! antivirus system restore point
23-01-2015 20:49:26 Removed Apple Application Support
23-01-2015 20:51:23 Removed Apple Mobile Device Support
23-01-2015 20:52:14 Removed Apple Software Update
24-01-2015 12:35:55 Removed QuickTime 7
24-01-2015 12:48:39 Installed QuickTime 7
25-01-2015 13:27:33 System Checkpoint
26-01-2015 11:09:23 Restore Operation
26-01-2015 12:58:26 Restore Operation
26-01-2015 14:50:12 avast! antivirus system restore point
26-01-2015 15:11:46 avast! antivirus system restore point
27-01-2015 16:53:09 System Checkpoint
27-01-2015 20:38:54 Restore Point Created by FRST
28-01-2015 00:06:18 Restore Point Created by FRST
28-01-2015 20:40:40 Restore Point Created by FRST
29-01-2015 06:44:49 Restore Point Created by FRST
29-01-2015 07:02:41 Restore Point Created by FRST
29-01-2015 21:55:37 Software Distribution Service 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 07:00 - 2013-06-10 13:02 - 00000019 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2015-01-30 10:53 - 2015-01-30 10:53 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15013000\algo.dll
2015-01-26 15:14 - 2015-01-26 15:14 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-03-23 16:04 - 2014-03-23 16:04 - 00557056 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll
2008-04-14 07:00 - 2008-04-14 07:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 07:00 - 2008-04-14 07:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2015-01-29 22:01 - 2015-01-26 22:44 - 09171272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.94\pdf.dll
2015-01-29 22:01 - 2015-01-26 22:44 - 14913864 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.94\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

========================= Accounts: ==========================

Administrator (S-1-5-21-1214440339-1659004503-1801674531-500 - Administrator - Enabled)
Cheryl (S-1-5-21-1214440339-1659004503-1801674531-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Cheryl
Guest (S-1-5-21-1214440339-1659004503-1801674531-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1214440339-1659004503-1801674531-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1214440339-1659004503-1801674531-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (01/29/2015 06:18:10 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU E3200 @ 2.40GHz
Percentage of memory in use: 37%
Total physical RAM: 2038.23 MB
Available physical RAM: 1277.89 MB
Total Pagefile: 3934.63 MB
Available Pagefile: 3213.33 MB
Total Virtual: 2047.88 MB
Available Virtual: 1930.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:298.08 GB) (Free:246.25 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 8AB28AB2)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================


----------



## BrianDrab (Oct 22, 2014)

I do need that one so try running it again. Don't worry about checking the Addition checkbox since we have that already.


----------



## cherdon (Feb 10, 2009)

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2015 01
Ran by Cheryl (administrator) on CHERYL-A778CF1B on 30-01-2015 11:35:15
Running from C:\Documents and Settings\Cheryl\Desktop
Loaded Profiles: Cheryl (Available profiles: Cheryl)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:2954;https=127.0.0.1:2954;
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gfe_rd=cr&ei=jveYVIyuN4Sh8wehr4DgCg&gws_rd=ssl
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1263.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 24.226.1.93 24.226.10.193
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\Profiles\yqnlpmdi.default
FF DefaultSearchEngine: Google
FF DefaultSearchUrl: 
FF SelectedSearchEngine: Google
FF Homepage: about:blank
FF NewTab: about:blank
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.4.1 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @virtools.com/3DviaPlayer -> C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: MP3 Rocket Downloader - C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\Profiles\yqnlpmdi.default\Extensions\[email protected] [2013-03-11]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-06-24]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-26]
StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome: 
=======
CHR Profile: C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-26]
CHR Extension: (Google Docs) - C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-26]
CHR Extension: (Google Drive) - C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-26]
CHR Extension: (YouTube) - C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-26]
CHR Extension: (Google Search) - C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-26]
CHR Extension: (Google Sheets) - C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-26]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-26]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-26]
CHR Extension: (Gmail) - C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-26]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-26]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-26] (AVAST Software)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-12-22] (IBM Corp.)
S4 LeapFrog Connect Device Service; "C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2015-01-26] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [73480 2015-01-26] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2015-01-26] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2015-01-26] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2015-01-26] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2015-01-26] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2015-01-26] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2015-01-26] ()
R1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrv.sys [22312 2009-02-12] (EldoS Corporation)
S3 FlyUsb; C:\WINDOWS\System32\DRIVERS\FlyUsb.sys [18560 2008-02-26] (LeapFrog)
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2009-08-06] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2009-08-06] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2009-08-06] (HP)
R3 HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [220032 2008-04-13] (Conexant Systems, Inc.)
R3 HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [1041536 2008-04-13] (Conexant Systems, Inc.)
R1 RapportCerberus_80120; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80120.sys [472792 2015-01-12] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [251640 2014-12-22] (IBM Corp.)
R0 RapportKELL; C:\WINDOWS\System32\Drivers\RapportKELL.sys [208856 2014-12-22] (IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [332696 2014-12-22] (IBM Corp.)
S3 USBAAPL; C:\WINDOWS\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R3 winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [685056 2008-04-13] (Conexant Systems, Inc.)
S4 IntelIde; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-30 11:11 - 2015-01-30 11:35 - 00011866 _____ () C:\Documents and Settings\Cheryl\Desktop\FRST.txt
2015-01-30 11:11 - 2015-01-30 11:11 - 00019432 _____ () C:\Documents and Settings\Cheryl\Desktop\Addition.txt
2015-01-30 11:10 - 2015-01-30 11:11 - 00000000 ____D () C:\Documents and Settings\Cheryl\Desktop\log 3
2015-01-29 22:01 - 2015-01-29 22:01 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-01-29 22:01 - 2015-01-29 22:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2015-01-29 21:58 - 2015-01-30 11:03 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-29 21:58 - 2015-01-30 06:50 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-29 21:57 - 2015-01-29 21:57 - 00003808 _____ () C:\WINDOWS\KB2964358-IE8.log
2015-01-29 21:55 - 2015-01-29 21:57 - 00003646 _____ () C:\WINDOWS\KB2936068-IE8.log
2015-01-29 21:04 - 2015-01-29 21:04 - 00000817 _____ () C:\VEW.txt
2015-01-29 20:48 - 2015-01-29 20:48 - 00000803 _____ () C:\Documents and Settings\Cheryl\Start Menu\Programs\Internet Explorer.lnk
2015-01-29 19:52 - 2015-01-29 19:52 - 01121792 _____ (Farbar) C:\Documents and Settings\Cheryl\Desktop\FRST.exe
2015-01-29 18:52 - 2015-01-29 18:55 - 00000000 ____D () C:\Documents and Settings\Cheryl\My Documents\01-29-2015
2015-01-29 06:36 - 2015-01-29 19:13 - 00000000 ____D () C:\Documents and Settings\Cheryl\Desktop\logs 2
2015-01-28 02:12 - 2015-01-28 02:14 - 00569790 _____ () C:\Documents and Settings\Cheryl\My Documents\start up.bmp
2015-01-28 02:04 - 2015-01-28 02:04 - 00002047 _____ () C:\Documents and Settings\Cheryl\My Documents\mbam.txt
2015-01-28 01:15 - 2015-01-28 01:16 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-28 01:15 - 2015-01-28 01:15 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-28 01:14 - 2014-11-21 06:14 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-28 01:14 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-27 22:37 - 2015-01-27 23:36 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-01-27 22:37 - 2015-01-27 22:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2015-01-27 12:46 - 2015-01-27 12:46 - 00081920 _____ () C:\WINDOWS\Minidump\Mini012715-01.dmp
2015-01-26 22:01 - 2015-01-26 22:01 - 42609232 _____ (Google Inc.) C:\Documents and Settings\Cheryl\My Documents\ChromeStandaloneSetup.exe
2015-01-26 16:02 - 2015-01-30 10:45 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-26 16:02 - 2015-01-26 21:47 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-26 16:02 - 2015-01-26 21:47 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-26 15:32 - 2015-01-26 15:32 - 00000000 ____D () C:\Program Files\Dropbox
2015-01-26 15:31 - 2015-01-26 15:31 - 00000000 ____D () C:\Documents and Settings\Cheryl\Start Menu\Programs\Dropbox
2015-01-26 15:16 - 2015-01-26 15:16 - 00001731 _____ () C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2015-01-26 15:16 - 2015-01-26 15:16 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2015-01-26 15:16 - 2015-01-26 15:16 - 00000000 ____D () C:\Documents and Settings\Cheryl\Application Data\AVAST Software
2015-01-26 15:16 - 2015-01-26 15:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2015-01-26 15:15 - 2015-01-30 11:21 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-01-26 15:14 - 2015-01-26 15:15 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-01-26 15:14 - 2015-01-26 15:15 - 00423784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-01-26 15:14 - 2015-01-26 15:15 - 00073480 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2015-01-26 15:14 - 2015-01-26 15:14 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-01-26 15:14 - 2015-01-26 15:14 - 00206248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-01-26 15:14 - 2015-01-26 15:14 - 00057928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-01-26 15:14 - 2015-01-26 15:14 - 00055240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-01-26 15:14 - 2015-01-26 15:14 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-01-26 15:14 - 2015-01-26 15:14 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-01-26 15:14 - 2015-01-26 15:14 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-01-26 15:11 - 2015-01-26 15:11 - 00000000 ____D () C:\Program Files\AVAST Software
2015-01-26 15:08 - 2015-01-26 15:08 - 132469808 _____ (AVAST Software) C:\Documents and Settings\Cheryl\My Documents\avast_free_antivirus_setup.exe
2015-01-26 13:20 - 2015-01-26 13:21 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-26 13:20 - 2015-01-26 13:20 - 00000000 ____D () C:\Program Files\Apple Software Update
2015-01-26 13:12 - 2015-01-26 13:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2015-01-26 10:45 - 2015-01-26 10:45 - 00000000 ____D () C:\Program Files\MunSoft
2015-01-26 10:44 - 2015-01-26 10:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\PokerStars.NET
2015-01-25 16:07 - 2015-01-25 16:24 - 00000000 ____D () C:\Documents and Settings\Cheryl\My Documents\01-25-2015
2015-01-24 15:30 - 2015-01-26 13:06 - 00000000 ____D () C:\Documents and Settings\Cheryl\My Documents\steps taken to fix puter.do not delete
2015-01-24 12:47 - 2015-01-26 13:11 - 00000000 ____D () C:\Program Files\Common Files\Apple(2)
2015-01-24 12:47 - 2015-01-26 13:11 - 00000000 ____D () C:\Program Files\Apple Software Update(2)
2015-01-24 12:47 - 2015-01-24 12:47 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-01-24 12:19 - 2015-01-26 13:12 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware(2)
2015-01-24 10:12 - 2015-01-28 01:15 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-23 14:51 - 2015-01-26 13:22 - 00000000 ____D () C:\Documents and Settings\Cheryl\Application Data\AVAST Software(2)
2015-01-23 14:46 - 2015-01-26 13:22 - 00000000 ____D () C:\Program Files\AVAST Software(2)
2015-01-18 14:00 - 2009-02-12 15:11 - 00022312 _____ (EldoS Corporation) C:\WINDOWS\system32\Drivers\rsdrv.sys
2015-01-17 01:16 - 2015-01-17 01:16 - 00071279 _____ () C:\Documents and Settings\Cheryl\My Documents\image_11.jpeg
2015-01-16 13:23 - 2015-01-16 13:23 - 00001650 _____ () C:\Documents and Settings\All Users\Desktop\PokerStars.net.lnk
2015-01-12 14:07 - 2012-05-26 22:15 - 00001519 _____ () C:\Documents and Settings\Cheryl\Desktop\Notepad.lnk
2015-01-12 12:49 - 2015-01-12 12:49 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Application Data\Trusteer
2015-01-11 07:10 - 2015-01-11 07:11 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-11 07:10 - 2015-01-11 07:10 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2015-01-11 06:59 - 2015-01-27 21:12 - 00000000 ____D () C:\AdwCleaner
2015-01-10 17:47 - 2015-01-18 18:30 - 00000000 ____D () C:\Documents and Settings\Cheryl\My Documents\01-10-2015
2015-01-07 22:46 - 2015-01-07 22:46 - 00000000 ____D () C:\Documents and Settings\Cheryl\Local Settings\Application Data\Trusteer
2015-01-07 22:45 - 2015-01-26 10:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Endpoint Protection
2015-01-07 22:45 - 2015-01-07 22:45 - 00000000 ____D () C:\Program Files\Trusteer
2015-01-07 22:43 - 2015-01-07 22:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Trusteer
2015-01-05 10:55 - 2015-01-18 18:36 - 00000000 ____D () C:\Documents and Settings\Cheryl\My Documents\01-05-2015
2015-01-01 05:27 - 2015-01-18 18:31 - 00000000 ____D () C:\Documents and Settings\Cheryl\My Documents\01-01-2015

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-30 11:35 - 2014-12-23 00:31 - 00000000 ____D () C:\FRST
2015-01-30 11:35 - 2012-05-16 15:15 - 00000000 ____D () C:\Documents and Settings\Cheryl\Local Settings\Temp
2015-01-30 06:52 - 2012-05-16 15:11 - 01383007 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-30 06:51 - 2012-05-16 11:06 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-01-30 06:50 - 2014-03-22 07:17 - 00000224 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-01-30 06:50 - 2012-05-16 15:14 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-30 06:50 - 2012-05-16 11:06 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-01-30 06:48 - 2012-05-16 15:15 - 00000178 ___SH () C:\Documents and Settings\Cheryl\ntuser.ini
2015-01-30 06:48 - 2012-05-16 15:14 - 00032510 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-29 22:00 - 2012-05-16 15:28 - 00000000 ____D () C:\Program Files\Google
2015-01-29 21:58 - 2013-09-29 13:12 - 00000000 ____D () C:\Documents and Settings\Cheryl\Local Settings\Application Data\Deployment
2015-01-29 19:04 - 2012-09-24 00:01 - 11868712 ___SH () C:\Documents and Settings\Cheryl\Desktop\Thumbs.db
2015-01-29 18:36 - 2012-05-16 15:18 - 08941950 ___SH () C:\Documents and Settings\Cheryl\My Documents\Thumbs.db
2015-01-29 11:27 - 2012-05-16 11:01 - 00000211 ___SH () C:\boot.ini
2015-01-29 11:27 - 2008-04-14 07:00 - 00000512 _____ () C:\WINDOWS\win.ini
2015-01-29 11:27 - 2008-04-14 07:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-01-28 02:02 - 2013-12-11 23:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2898715$
2015-01-27 20:39 - 2012-05-16 15:14 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-01-27 12:46 - 2012-09-15 10:59 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-26 21:46 - 2014-09-24 09:16 - 03539632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2015-01-26 16:01 - 2014-09-24 08:21 - 00000000 ____D () C:\Documents and Settings\Cheryl\Local Settings\Application Data\Adobe
2015-01-26 15:47 - 2012-05-16 15:15 - 00000000 ____D () C:\Documents and Settings\Cheryl
2015-01-26 15:11 - 2012-09-17 23:28 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2015-01-26 13:36 - 2012-05-16 15:14 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-01-26 13:36 - 2012-05-16 15:14 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-01-26 13:36 - 2012-05-16 15:09 - 00000000 ____D () C:\WINDOWS\Registration
2015-01-26 13:21 - 2012-05-16 16:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple
2015-01-26 13:19 - 2012-05-16 15:28 - 00000000 ____D () C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google
2015-01-26 13:12 - 2014-10-27 07:39 - 00000000 ____D () C:\Program Files\QuickTime
2015-01-26 13:12 - 2012-05-16 16:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple Computer
2015-01-26 10:44 - 2012-05-16 18:06 - 00000000 ____D () C:\Program Files\PokerStars.NET
2015-01-26 10:39 - 2013-07-25 16:18 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-26 10:36 - 2014-12-20 01:10 - 00000000 ____D () C:\Documents and Settings\Cheryl\My Documents\newest pics
2015-01-26 10:33 - 2014-10-27 07:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-01-26 10:14 - 2014-07-03 22:28 - 00000000 ____D () C:\Documents and Settings\Cheryl\My Documents\soph pics
2015-01-26 09:05 - 2012-05-16 15:10 - 00000000 ____D () C:\WINDOWS\system32\Restore
2015-01-26 07:39 - 2008-04-14 07:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2015-01-24 11:36 - 2012-05-16 15:58 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2564958$
2015-01-23 20:38 - 2013-03-27 11:52 - 00000000 ____D () C:\Program Files\LeapFrog
2015-01-23 20:38 - 2013-03-27 11:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Leapfrog
2015-01-18 14:45 - 2012-09-23 12:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2015-01-14 10:07 - 2012-05-16 16:22 - 00000000 ____D () C:\WINDOWS\pss
2015-01-14 08:00 - 2012-05-16 16:04 - 110348472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-11 09:41 - 2012-05-16 15:33 - 00000000 ____D () C:\Documents and Settings\Cheryl\Local Settings\Application Data\Temp
2015-01-08 15:00 - 2014-03-22 07:17 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-01-01 11:23 - 2014-12-26 00:34 - 00000000 ____D () C:\Documents and Settings\Cheryl\My Documents\xmas Pics

==================== Files in the root of some directories =======

2014-03-06 18:44 - 2014-03-06 18:44 - 0000044 _____ () C:\Documents and Settings\Cheryl\Application Data\WB.CFG
2012-09-21 10:12 - 2012-09-21 10:12 - 0017408 _____ () C:\Documents and Settings\Cheryl\Local Settings\Application Data\WebpageIcons.db

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================


----------



## BrianDrab (Oct 22, 2014)

Good job. Let's do another Fix and get another log.

Step#1 - FRST Fix
*NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system*
1. Download attached file and save it to the *Desktop*.
*Note.* It's important that both files, *FRST* and *fixlist.txt *are in the same location or the fix will not work (in this case...the desktop).
2. Run *FRST* by *Double-Clicking *on FRST.exe.
3. Press the *Fix* button just once and wait. Your machine will reboot once done.
4. When finished FRST will generate a log on the Desktop (*Fixlog.txt*). Please post the contents of it in your reply.

Step#2 - Fresh FRST Log only
 1. Double-click on FRST.exe to open.
2. Press *Scan* button.
3. It will produce a log called *FRST.txt* in the same directory the tool is run from (which should now be the desktop)
4. Please copy and paste log back here.

Items for your next post
1. FRST Fix log
2. Fresh FRST log


----------



## cherdon (Feb 10, 2009)

Hospital just cld me...have to pick up hubby in 10 min so I will do this when I get home.


----------



## cherdon (Feb 10, 2009)

I have a problem BrianDrab...When I clicked on FRST and hit fix..a few moments later I got the message FRST.exe has encountered a problem and needs to close..dont know why that would happen all of a sudden..it worked before.


----------



## BrianDrab (Oct 22, 2014)

Try again and see if you get the same issue.


----------



## cherdon (Feb 10, 2009)

Yes, same thing just happened


----------



## BrianDrab (Oct 22, 2014)

OK, try rebooting and then run the tool

If that doesn't work, then download a new one and overwrite the one that is on your desktop and then try it.
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81


----------



## BrianDrab (Oct 22, 2014)

In an interesting turn of events, I need to leave and take Wifey to the hospital. I'll be leaving in a few minutes and will check in when we get back.


----------



## cherdon (Feb 10, 2009)

Hope everything is ok. I rebooted puter, then a message appeared on a totally blue screen and said The publisher could not be verified, are you sure you want to run this software..so I clicked yes and just FRST appeared, still on totally blue screen, no desktop icons and then I got FRST.exe has encounteredd a problem and needs to close..so now I will download a new one and try again.


----------



## cherdon (Feb 10, 2009)

Well the new one I downloaded isn't working either..getting FRST.exe has encountered a problem and needs to close..will wait for your return and see what to do next.


----------



## BrianDrab (Oct 22, 2014)

OK, I'm back. Sorry for the wait. I'd like to restore your system back to right before we tried the fix since that's when your troubles began. Please follow the instructions exactly and stop and ask if you have any questions while doing it.

Step#1 - Perform System Restore
1. Click *Start*, point to *All Programs*, point to *Accessories*, point to *System Tools*, and then click *System Restore*. (The screen shot for this step is listed below).










2. On the *Welcome to System Restore* page, click to select the *Restore my computer to an earlier time *option, and then click *Next*. (The screen shot for this step is listed below).










3. On the *Select a Restore Point* page, click the most *recent system *restore point in the *On this list, click a restore point* list. Note: Before clicking next please post back with the times that are listed for restore points for today. Don't continue past this bullet until I provide further instructions. I need to see the times.

*Note* A System Restore message may appear that lists configuration changes that System Restore will make. Click *OK*. (The screen shot for this step is listed below).










4. On the *Confirm Restore Point Selection* page, click *Next*. System Restore restores the previous Windows XP configuration, and then restarts the computer.









5. Once the restore is complete you will be notified by a message box as follows. You may have to log in to your machine before you see it however. Click OK on the message.


----------



## cherdon (Feb 10, 2009)

ok im back and reading up on your posts


----------



## cherdon (Feb 10, 2009)

3:00:09 PM restore point created by FRST
2:47:17 PM restore point created by FRST
2:39:29 PM restore point created by FRST


----------



## BrianDrab (Oct 22, 2014)

That's what I suspected. Please select the *2:39:29 PM* one and continue with the steps to do the restore.


----------



## cherdon (Feb 10, 2009)

ok will do


----------



## cherdon (Feb 10, 2009)

system restore was successful...waiting for the next step from you


----------



## BrianDrab (Oct 22, 2014)

Excellent. Now I would like to verify if you see a proxy being set.

Step#1 - Verify Proxy
1. Open up *Internet Explorer*. Don't use Google Chrome for this one.
2. Click the *Tools* menu and choose *Internet Options*.
3. Click the *Connections* tab.
4. Click the *LAN Settings* button at the bottom of the screen.

Are there any values in this screen? Is anything checked? Let me know exactly what you see. Thanks.


----------



## cherdon (Feb 10, 2009)

Nothing is checked beside automatically detect settings,, and one below that nothing checked under proxy server either


----------



## BrianDrab (Oct 22, 2014)

OK that's good news. You're machine is malware free. Before I provide information to clean up our tools and send you on your marry way, do you have any issues that remain?


----------



## cherdon (Feb 10, 2009)

so your saying there shouldn't be a checkmark next to automatically detect settings? Just want to make sure that everything under Lan settings is suppose to be blank. The major issue left really is the freezing up when i want to minimize a program or when i click on outlook express and click on say a thread youve sent me..it doesn't go to site right away..now it doesn't happen all the time but say I haven't used puter for a bit and then go to click on chrome or IE or outlook, then it feels like it did back in dial up days, had that active x download issue when i go to right click to allow download i would get an error..dont know if thats fixed or not..trying to remember the few other issues I posted earlier on, was also getting stop running this script


----------



## cherdon (Feb 10, 2009)

I need to know if its ok for me to delete all those fixlists, fixlogs, all programs I downloaded such as FRST, FSS, VEW, MiniToolBox, and text documents
Im very happy its malware free...since we deleted superspyware you had said awhile back if I wanted something to replace it you could suggest something..I want to try my best to keep this puter malware, trojan, virus free and working at a good speed so if you have any recommendations, it would be greatly appreciated. Currently I have cc cleaner, avast free antivirus and malwarebytes but if theres something better, im game


----------



## BrianDrab (Oct 22, 2014)

Correct, nothing should be checked. I'm not sure what else can be done about the freezing issues you are having but let's try a couple things.



> I need to know if its ok for me to delete all those fixlists, fixlogs, all programs I downloaded such as FRST, FSS, VEW, MiniToolBox, and text documents


I'll provide instructions to clean all of this up when we are done.

Do you have your Windows XP CD handy?

Also please provide the following logs.

*OTL Logs*


Download OTL.exe from here and save this to your *desktop*.
Double-click on OTL.exe and ensure you check the options that I have outlined in Red below.









Click the *"Run Scan"* button.
When the scan completes, it will open OTL.Txt on the desktop. There is *another file named Extras.txt *that will be minimized on the taskbar. We need the contents of *both *files. These files are also saved in the same location as you are running OTL from.
Please *copy the contents* of the OTL.Txt and Extras.Txt file and paste it into your reply. Paste OTL.Txt first and then Paste Extras.txt.


----------



## cherdon (Feb 10, 2009)

No, when i got this computer in 2000 it was just put on ...no cd was given to me


----------



## cherdon (Feb 10, 2009)

OTL logfile created on: 1/30/2015 8:41:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Cheryl\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.91% Memory free
3.84 Gb Paging File | 3.21 Gb Available in Paging File | 83.44% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 245.67 Gb Free Space | 82.42% Space Free | Partition Type: NTFS

Computer Name: CHERYL-A778CF1B | User Name: Cheryl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015/01/30 20:40:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cheryl\Desktop\OTL.exe
PRC - [2015/01/26 22:44:13 | 000,843,592 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2015/01/26 15:16:08 | 005,227,112 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2015/01/26 15:14:00 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/12/22 17:52:34 | 001,919,256 | ---- | M] (IBM Corp.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2014/12/22 17:52:32 | 002,623,768 | ---- | M] (IBM Corp.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2015/01/30 10:53:55 | 002,913,280 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\15013000\algo.dll
MOD - [2015/01/26 22:44:10 | 009,171,272 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\40.0.2214.94\pdf.dll
MOD - [2015/01/26 15:14:21 | 038,562,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/03/23 16:04:20 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2008/04/14 07:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 07:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2015/01/26 21:47:30 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/01/26 15:14:00 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/12/22 17:52:34 | 001,919,256 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2015/01/26 15:15:52 | 000,073,480 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmonflt.sys -- (aswMonFlt)
DRV - [2015/01/26 15:15:49 | 000,787,800 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsnx.sys -- (aswSnx)
DRV - [2015/01/26 15:15:42 | 000,423,784 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsp.sys -- (aswSP)
DRV - [2015/01/26 15:14:25 | 000,206,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2015/01/26 15:14:25 | 000,057,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2015/01/26 15:14:25 | 000,055,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2015/01/26 15:14:25 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2015/01/26 15:14:25 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2015/01/12 12:52:10 | 000,472,792 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80120.sys -- (RapportCerberus_80120)
DRV - [2014/12/22 17:52:42 | 000,332,696 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2014/12/22 17:52:42 | 000,251,640 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2014/12/22 17:52:42 | 000,208,856 | ---- | M] (IBM Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2012/05/16 15:22:48 | 004,942,336 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2012/05/16 15:17:30 | 000,120,064 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/02/12 15:11:24 | 000,022,312 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rsdrv.sys -- (ElRawDisk)
DRV - [2008/02/26 18:33:46 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:2954;https=127.0.0.1:2954;

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:2954;https=127.0.0.1:2954;

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gfe_rd=cr&ei=jveYVIyuN4Sh8wehr4DgCg&gws_rd=ssl
IE - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/01/26 15:14:32 | 000,000,000 | ---D | M]

[2012/10/19 18:41:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cheryl\Application Data\Mozilla\Extensions
[2014/12/14 15:52:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\Profiles\yqnlpmdi.default\extensions
[2013/03/11 10:45:22 | 000,679,123 | ---- | M] () (No name found) -- C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\Profiles\yqnlpmdi.default\extensions\[email protected]
[2014/12/20 22:26:08 | 000,003,027 | ---- | M] () -- C:\Documents and Settings\Cheryl\Application Data\Mozilla\Firefox\Profiles\yqnlpmdi.default\searchplugins\google.xml

========== Chrome ==========

CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: No name found = C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: No name found = C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2502.149_0\
CHR - Extension: No name found = C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Documents and Settings\Cheryl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/06/10 13:02:04 | 000,000,019 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe File not found
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1342092933781 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1263.cab (GMNRev Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.226.1.93 24.226.10.193
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03A1F3B4-09A7-4F3D-A3F2-2786877B1477}: DhcpNameServer = 24.226.1.93 24.226.10.193
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/05/16 15:11:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2015/01/30 20:40:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cheryl\Desktop\OTL.exe
[2015/01/30 20:09:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Desktop\more logs
[2015/01/30 11:50:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Desktop\last set of logs
[2015/01/30 11:10:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Desktop\log 3
[2015/01/30 06:48:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Cheryl\Start Menu\Programs\Administrative Tools
[2015/01/29 22:01:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2015/01/29 18:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\My Documents\01-29-2015
[2015/01/29 06:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Desktop\logs 2
[2015/01/28 01:15:56 | 000,114,904 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2015/01/28 01:14:48 | 000,054,360 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2015/01/28 01:14:48 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2015/01/27 22:37:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RogueKiller
[2015/01/27 22:36:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Desktop\logs
[2015/01/26 22:01:40 | 042,609,232 | ---- | C] (Google Inc.) -- C:\Documents and Settings\Cheryl\My Documents\ChromeStandaloneSetup.exe
[2015/01/26 16:02:47 | 000,701,616 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2015/01/26 16:02:47 | 000,071,344 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2015/01/26 15:47:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Cheryl\Recent
[2015/01/26 15:32:33 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2015/01/26 15:31:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Start Menu\Programs\Dropbox
[2015/01/26 15:16:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Application Data\AVAST Software
[2015/01/26 15:16:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\jumpshot.com
[2015/01/26 15:16:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
[2015/01/26 15:14:55 | 000,057,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2015/01/26 15:14:54 | 000,423,784 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsp.sys
[2015/01/26 15:14:52 | 000,073,480 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmonflt.sys
[2015/01/26 15:14:51 | 000,055,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2015/01/26 15:14:49 | 000,787,800 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsnx.sys
[2015/01/26 15:14:38 | 000,291,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2015/01/26 15:14:22 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2015/01/26 15:11:46 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2015/01/26 15:08:15 | 132,469,808 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Cheryl\My Documents\avast_free_antivirus_setup.exe
[2015/01/26 13:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2015/01/26 13:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2015/01/26 13:12:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2015/01/26 10:45:17 | 000,000,000 | ---D | C] -- C:\Program Files\MunSoft
[2015/01/26 10:44:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PokerStars.NET
[2015/01/26 09:11:49 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2015/01/25 16:07:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\My Documents\01-25-2015
[2015/01/24 15:30:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\My Documents\steps taken to fix puter.do not delete
[2015/01/24 12:47:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple(2)
[2015/01/24 12:47:06 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update(2)
[2015/01/24 12:19:02 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware(2)
[2015/01/24 10:12:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2015/01/23 14:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Application Data\AVAST Software(2)
[2015/01/23 14:46:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software(2)
[2015/01/18 14:00:51 | 000,022,312 | ---- | C] (EldoS Corporation) -- C:\WINDOWS\System32\drivers\rsdrv.sys
[2015/01/11 07:10:46 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2015/01/11 06:59:07 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/01/10 17:47:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\My Documents\01-10-2015
[2015/01/07 22:46:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Local Settings\Application Data\Trusteer
[2015/01/07 22:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Endpoint Protection
[2015/01/07 22:45:42 | 000,000,000 | ---D | C] -- C:\Program Files\Trusteer
[2015/01/07 22:43:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2015/01/05 10:55:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\My Documents\01-05-2015
[2015/01/01 05:27:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\My Documents\01-01-2015
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2015/01/30 20:45:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2015/01/30 20:40:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cheryl\Desktop\OTL.exe
[2015/01/30 20:37:02 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2015/01/30 20:06:58 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/30 20:06:58 | 000,000,224 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2015/01/30 20:06:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015/01/30 20:03:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/30 06:50:48 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Cheryl\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/01/29 22:01:57 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2015/01/29 20:48:22 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Cheryl\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2015/01/29 19:04:09 | 000,005,695 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\00l0l_aDpmShvG3zW_300x300.jpg
[2015/01/29 18:56:21 | 000,052,866 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\lr55.JPG
[2015/01/29 18:55:23 | 000,054,003 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\lr33.JPG
[2015/01/29 18:54:49 | 000,056,310 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\lr22.JPG
[2015/01/29 18:53:48 | 000,056,168 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\lr.JPG
[2015/01/29 11:27:38 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2015/01/28 02:14:44 | 000,569,790 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\start up.bmp
[2015/01/28 01:16:40 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2015/01/28 01:15:05 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2015/01/27 23:36:15 | 000,035,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2015/01/26 22:01:52 | 042,609,232 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Cheryl\My Documents\ChromeStandaloneSetup.exe
[2015/01/26 21:47:24 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2015/01/26 21:47:23 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2015/01/26 21:46:01 | 003,539,632 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2015/01/26 15:16:20 | 000,001,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
[2015/01/26 15:15:52 | 000,073,480 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmonflt.sys
[2015/01/26 15:15:49 | 000,787,800 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsnx.sys
[2015/01/26 15:15:42 | 000,423,784 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsp.sys
[2015/01/26 15:14:25 | 000,206,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2015/01/26 15:14:25 | 000,057,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2015/01/26 15:14:25 | 000,055,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2015/01/26 15:14:25 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2015/01/26 15:14:25 | 000,024,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2015/01/26 15:14:22 | 000,291,352 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2015/01/26 15:14:22 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2015/01/26 15:08:56 | 132,469,808 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Cheryl\My Documents\avast_free_antivirus_setup.exe
[2015/01/26 14:19:35 | 000,180,037 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\scropt error.JPG
[2015/01/26 14:10:31 | 000,075,244 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\print screen chrome error.JPG
[2015/01/26 07:39:01 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2015/01/24 12:47:13 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2015/01/18 17:09:20 | 000,000,264 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\GIVEAWAY BONUS CODES.rtf
[2015/01/18 11:44:32 | 000,012,825 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\images (4).jpg
[2015/01/18 11:37:51 | 000,066,694 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\3654e8e7aaff87971ee217487ffa9d94.jpg
[2015/01/18 01:24:54 | 000,006,028 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\images (3).jpg
[2015/01/18 01:24:34 | 000,010,882 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\b86a3aad0dfd6bd8f32bc42bba7412c5.jpg
[2015/01/18 01:18:24 | 000,005,840 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\download.jpg
[2015/01/18 01:13:52 | 000,004,895 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\images (2).jpg
[2015/01/18 01:12:03 | 000,005,669 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\images (1).jpg
[2015/01/18 00:51:28 | 000,030,074 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\7b5c314c73590cc2e77093065f9cf01a.jpg
[2015/01/18 00:48:24 | 000,116,710 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\stewie-karma.jpg
[2015/01/18 00:24:48 | 000,004,251 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\what was posted on kris fb page.rtf
[2015/01/17 18:26:37 | 000,010,540 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\images.jpg
[2015/01/17 11:17:18 | 000,008,605 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\48d81407bf8dbd3a2a24c64e4354757f.jpg
[2015/01/17 11:14:42 | 000,012,142 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\bcccd407195992899c1de16597aba796.jpg
[2015/01/17 11:13:58 | 000,010,279 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\aa8485c0ff5e80027464fad41edeae2c.jpg
[2015/01/17 10:30:55 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\janet.rtf
[2015/01/17 01:52:34 | 000,013,879 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\mm.JPG
[2015/01/17 01:51:55 | 000,013,755 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\1ac47bde4338e10f92d625faa3078b21.jpg
[2015/01/17 01:16:55 | 000,071,279 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\image_11.jpeg
[2015/01/17 01:13:33 | 000,018,966 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\0f101457.jpg
[2015/01/17 01:11:51 | 000,020,190 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\e3384e342ecff9a1e1b072de42408dc6.jpg
[2015/01/16 13:23:08 | 000,001,668 | ---- | M] () -- C:\Documents and Settings\Cheryl\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.net.lnk
[2015/01/16 13:23:08 | 000,001,650 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PokerStars.net.lnk
[2015/01/11 07:10:59 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2015/01/08 15:00:00 | 000,000,218 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2015/01/05 11:33:32 | 000,061,456 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\WELLTRANS.PDF
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2015/01/29 22:01:57 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\Cheryl\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/01/29 22:01:57 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2015/01/29 21:58:29 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/29 21:58:28 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/29 20:48:21 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Cheryl\Start Menu\Programs\Internet Explorer.lnk
[2015/01/29 19:04:09 | 000,005,695 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\00l0l_aDpmShvG3zW_300x300.jpg
[2015/01/29 18:56:21 | 000,052,866 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\lr55.JPG
[2015/01/29 18:55:23 | 000,054,003 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\lr33.JPG
[2015/01/29 18:54:49 | 000,056,310 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\lr22.JPG
[2015/01/29 18:53:48 | 000,056,168 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\lr.JPG
[2015/01/28 02:12:26 | 000,569,790 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\start up.bmp
[2015/01/28 01:15:05 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2015/01/27 22:37:11 | 000,035,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2015/01/26 16:02:57 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2015/01/26 15:16:20 | 000,001,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
[2015/01/26 15:15:36 | 000,000,364 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2015/01/26 15:14:54 | 000,206,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2015/01/26 15:14:53 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2015/01/26 15:14:51 | 000,024,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2015/01/26 14:19:35 | 000,180,037 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\scropt error.JPG
[2015/01/26 14:10:31 | 000,075,244 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\print screen chrome error.JPG
[2015/01/24 12:47:13 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2015/01/18 11:44:32 | 000,012,825 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\images (4).jpg
[2015/01/18 11:37:49 | 000,066,694 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\3654e8e7aaff87971ee217487ffa9d94.jpg
[2015/01/18 01:24:53 | 000,006,028 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\images (3).jpg
[2015/01/18 01:24:34 | 000,010,882 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\b86a3aad0dfd6bd8f32bc42bba7412c5.jpg
[2015/01/18 01:18:28 | 000,005,840 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\download.jpg
[2015/01/18 01:13:52 | 000,004,895 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\images (2).jpg
[2015/01/18 01:12:03 | 000,005,669 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\images (1).jpg
[2015/01/18 00:51:27 | 000,030,074 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\7b5c314c73590cc2e77093065f9cf01a.jpg
[2015/01/18 00:48:23 | 000,116,710 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\stewie-karma.jpg
[2015/01/17 19:55:02 | 000,004,251 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\what was posted on kris fb page.rtf
[2015/01/17 18:26:36 | 000,010,540 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\images.jpg
[2015/01/17 11:17:18 | 000,008,605 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\48d81407bf8dbd3a2a24c64e4354757f.jpg
[2015/01/17 11:14:42 | 000,012,142 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\bcccd407195992899c1de16597aba796.jpg
[2015/01/17 11:13:57 | 000,010,279 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\aa8485c0ff5e80027464fad41edeae2c.jpg
[2015/01/17 10:30:55 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\janet.rtf
[2015/01/17 01:52:34 | 000,013,879 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\mm.JPG
[2015/01/17 01:51:54 | 000,013,755 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\1ac47bde4338e10f92d625faa3078b21.jpg
[2015/01/17 01:16:55 | 000,071,279 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\image_11.jpeg
[2015/01/17 01:13:33 | 000,018,966 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\0f101457.jpg
[2015/01/17 01:11:50 | 000,020,190 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\e3384e342ecff9a1e1b072de42408dc6.jpg
[2015/01/16 13:23:08 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\Cheryl\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.net.lnk
[2015/01/16 13:23:08 | 000,001,650 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PokerStars.net.lnk
[2015/01/12 14:07:19 | 000,001,519 | ---- | C] () -- C:\Documents and Settings\Cheryl\Desktop\Notepad.lnk
[2015/01/11 08:57:37 | 000,000,264 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\GIVEAWAY BONUS CODES.rtf
[2015/01/11 07:10:59 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2015/01/05 11:33:31 | 000,061,456 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\WELLTRANS.PDF
[2014/12/21 00:16:26 | 000,156,240 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2014/12/20 19:27:27 | 000,004,072 | ---- | C] () -- C:\WINDOWS\System32\LavasoftTcpService.ini
[2014/12/20 19:27:27 | 000,002,088 | ---- | C] () -- C:\WINDOWS\System32\LavasoftTcpServiceOff.ini
[2014/06/12 23:04:21 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/06/12 13:46:00 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2014/06/12 13:46:00 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\40BBAB803B.sys
[2014/03/06 18:44:39 | 000,000,044 | ---- | C] () -- C:\Documents and Settings\Cheryl\Application Data\WB.CFG
[2013/09/23 13:15:07 | 000,230,554 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1379960007.bdinstall.bin
[2013/09/07 18:48:06 | 000,767,220 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1378596919.bdinstall.bin
[2012/09/21 10:12:29 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Cheryl\Local Settings\Application Data\WebpageIcons.db

========== ZeroAccess Check ==========

[2013/06/23 18:40:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 07:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/10/27 07:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2015/01/26 15:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/12/14 18:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
[2012/09/20 13:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2014/10/20 00:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg_Update_1014avt
[2015/01/26 10:33:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
[2013/09/07 18:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BDLogging
[2012/09/18 21:26:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/09/20 13:46:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2012/05/26 22:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ErrorEND
[2013/06/10 13:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/05/25 00:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2015/01/23 20:38:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2014/12/22 19:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/12/03 23:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegInOut
[2012/05/16 19:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2015/01/27 22:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RogueKiller
[2015/01/18 14:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2015/01/07 22:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2012/07/25 10:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2012/05/27 10:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\xml_param
[2014/10/21 17:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZalmanInstaller_52330
[2014/06/12 23:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\29442
[2015/01/26 15:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\AVAST Software
[2015/01/26 13:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\AVAST Software(2)
[2014/12/14 18:11:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\AVG
[2013/12/29 09:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\canon
[2014/12/23 00:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Dropbox
[2012/05/27 11:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\EasiestSoft
[2012/09/21 22:12:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\ESET
[2012/07/25 00:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\IObit
[2014/06/20 17:59:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\LibreOffice
[2014/10/20 02:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\MP3Rocket
[2012/05/16 15:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Oracle
[2013/09/07 18:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\QuickScan
[2012/09/18 21:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\TuneUp Software
[2012/07/25 10:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Visan
[2012/05/27 10:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Wondershare Video Converter Ultimate
[2014/10/30 07:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
[2014/12/14 18:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG
[2013/09/09 07:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\QuickScan

========== Purity Check ==========

< End of report >


----------



## cherdon (Feb 10, 2009)

Your not going to believe this..I got to thinking heck maybe I do have a windows cd..sure enough I do I have an original windows xp home edition and a windows xp home SP3 that was burnt on a cd..dont ask me why, I have no idea, its been so long


----------



## cherdon (Feb 10, 2009)

I have to leave here for app 10 min sorry but i will be right back


----------



## cherdon (Feb 10, 2009)

im back


----------



## BrianDrab (Oct 22, 2014)

OK, please do the following.

Step#1 - OTL Fix
1. Double click on OTL.exe to open the program.
2. Copy all the code below and paste it into the *Custom Scans/Fixes *section at the very bottom of the OTL program.Commands
[CreateRestorePoint]

:OTL
SRV - File not found [Disabled | Stopped] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:2954;https=127.0.0.1:2954;
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:2954;https=127.0.0.1:2954;
FF - user.js - File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe File not found
[2015/01/26 15:08:15 | 132,469,808 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Cheryl\My Documents\avast_free_antivirus_setup.exe
[2014/12/20 19:27:27 | 000,004,072 | ---- | C] () -- C:\WINDOWS\System32\LavasoftTcpService.ini
[2014/12/20 19:27:27 | 000,002,088 | ---- | C] () -- C:\WINDOWS\System32\LavasoftTcpServiceOff.ini
[2012/05/25 00:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2012/07/25 00:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\IObit

Commands:
[EmptyTemp]​3. Click the Run Fix button. OTL will ask to reboot the machine. Please do so when asked.
4. After the reboot a log file should open. Copy/Paste the contents of the log that opens and post in your next reply. If for some reason the log file does not appear then you can
open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter **.log* and press the Enter key, navigate to the *C:\_OTL\MovedFiles* folder,
and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


----------



## cherdon (Feb 10, 2009)

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service LeapFrog Connect Device Service stopped successfully!
Service LeapFrog Connect Device Service deleted successfully!
File C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe not found.
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
File %SystemRoot%\System32\appmgmts.dll not found.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}\ not found.
C:\Documents and Settings\Cheryl\My Documents\avast_free_antivirus_setup.exe moved successfully.
C:\WINDOWS\system32\LavasoftTcpService.ini moved successfully.
C:\WINDOWS\system32\LavasoftTcpServiceOff.ini moved successfully.
C:\Documents and Settings\All Users\Application Data\IObit\Advanced SystemCare V5 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\IObit folder moved successfully.
C:\Documents and Settings\Cheryl\Application Data\IObit\temp folder moved successfully.
C:\Documents and Settings\Cheryl\Application Data\IObit\res folder moved successfully.
C:\Documents and Settings\Cheryl\Application Data\IObit\IObit Uninstaller folder moved successfully.
C:\Documents and Settings\Cheryl\Application Data\IObit\Advanced SystemCare V5\Toolbox folder moved successfully.
C:\Documents and Settings\Cheryl\Application Data\IObit\Advanced SystemCare V5\PrivacySweeper folder moved successfully.
C:\Documents and Settings\Cheryl\Application Data\IObit\Advanced SystemCare V5\Log folder moved successfully.
C:\Documents and Settings\Cheryl\Application Data\IObit\Advanced SystemCare V5\DiskCheck folder moved successfully.
C:\Documents and Settings\Cheryl\Application Data\IObit\Advanced SystemCare V5\Boottime folder moved successfully.
C:\Documents and Settings\Cheryl\Application Data\IObit\Advanced SystemCare V5\Backup folder moved successfully.
C:\Documents and Settings\Cheryl\Application Data\IObit\Advanced SystemCare V5 folder moved successfully.
C:\Documents and Settings\Cheryl\Application Data\IObit folder moved successfully.
File ptyTemp] not found.

OTL by OldTimer - Version 3.2.69.0 log created on 01302015_211647

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


----------



## BrianDrab (Oct 22, 2014)

Since you have an XP SP3 CD, let's try the following.

Step#1 - System File Checker

1. Click the *Start *button in the lower left of your computer and choose *Run*.
2. Type *cmd.exe *and click *OK*.
3. You should now have a black window open that you can type in to.
4. Type sfc /scannow and hit *enter *to start the scan. Please notice the space between sfc and /scannow.

You may be prompted for your CD. Use the XP SP3 CD if you are prompted.


----------



## cherdon (Feb 10, 2009)

ok hope this goes well cause ive never done this before


----------



## cherdon (Feb 10, 2009)

ok cd in and now its asking me what i what to do from the following list..what am i suppose to pick
install windows xp
learn more about set up process
install optional windows components
perform additional tasks
check system compatibility <<<< is this the one I am suppose to click on ? Need to know 

and is there going to be anything else coming up that I will need to know what to choose?


----------



## cherdon (Feb 10, 2009)

while im waiting for an answer from you windows file protections is scanning to verify that all protected windows files are intact and in their original versions..hope i am going to hear back from you real soon


----------



## cherdon (Feb 10, 2009)

Well since your offline, Im removing cd because I need to know what to choose ..dont want to guess my way through this


----------



## BrianDrab (Oct 22, 2014)

You shouldn't put the CD in unless the process that is running asks for it. Hopefully it won't ask you at all.


----------



## cherdon (Feb 10, 2009)

Thats the only reason I put CD in...a box came up and told me too


----------



## BrianDrab (Oct 22, 2014)

Understood. When you put the CD in and that screen came up asking you what you wanted to do (i.e. Install, etc.) you can just close that window. The System File Checker (SFC) process will get files it needs off of the CD.


----------



## BrianDrab (Oct 22, 2014)

I'm going to turn in for the evening but look forward to the results tomorrow. Thank you.


----------



## cherdon (Feb 10, 2009)

I guess you missed this post of mine from previous page >>> windows file protections is scanning to verify that all protected windows files are intact and in their original versions

I didn't remove CD until the scan had completed and disappeared. So was this infact the SFC process you were referring to above? I dont know where the results would be located..dont see anything on desktop. Goodnight BrianDrab


----------



## BrianDrab (Oct 22, 2014)

Cool, then you are done with the process. Yes that was the SFC process I was talking about. There is very little information that Windows XP provides on the process. We could however look in the System Event Log and see if there are any entries.

Step#1 - Retrieve Event Log Messages
1. *Double-click *on the file (*VEW.exe*) on your desktop to open. (If you need to re-download for some reason you can get it here Event Viewer Tool )
2. *Check *the options as shown below and put *20 *in for the number of events.
3. Click *Run*. After a few moments, notepad will open with the contents of the Event Logs. Please *copy and paste* these in your next post. Thank you.


----------



## cherdon (Feb 10, 2009)

Vino's Event Viewer v01c run on Windows XP in English
Report run at 31/01/2015 11:10:01 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 29/01/2015 6:18:10 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 31/01/2015 11:08:55 AM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The RapportIaso service was successfully sent a start control. 

Log: 'System' Date/Time: 31/01/2015 11:08:54 AM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The RapportIaso service was successfully sent a start control. 

Log: 'System' Date/Time: 31/01/2015 11:08:53 AM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The RapportIaso service was successfully sent a start control. 

Log: 'System' Date/Time: 31/01/2015 11:08:51 AM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The RapportIaso service was successfully sent a start control. 

Log: 'System' Date/Time: 31/01/2015 11:08:39 AM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The RapportIaso service was successfully sent a start control. 

Log: 'System' Date/Time: 31/01/2015 11:08:38 AM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The RapportIaso service was successfully sent a start control. 

Log: 'System' Date/Time: 31/01/2015 11:08:37 AM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The RapportIaso service was successfully sent a start control. 

Log: 'System' Date/Time: 31/01/2015 11:08:35 AM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The RapportIaso service was successfully sent a start control. 

Log: 'System' Date/Time: 31/01/2015 11:08:34 AM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The RapportIaso service was successfully sent a start control. 

Log: 'System' Date/Time: 31/01/2015 11:08:33 AM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The RapportIaso service was successfully sent a start control. 

Log: 'System' Date/Time: 31/01/2015 11:08:32 AM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The RapportIaso service was successfully sent a start control. 

Log: 'System' Date/Time: 31/01/2015 11:08:31 AM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The RapportIaso service was successfully sent a start control. 

Log: 'System' Date/Time: 31/01/2015 11:08:30 AM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The RapportIaso service was successfully sent a start control. 

Log: 'System' Date/Time: 31/01/2015 11:08:29 AM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The RapportIaso service was successfully sent a start control. 

Log: 'System' Date/Time: 31/01/2015 11:08:25 AM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The RapportIaso service was successfully sent a start control. 

Log: 'System' Date/Time: 31/01/2015 11:08:23 AM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The RapportIaso service was successfully sent a start control. 

Log: 'System' Date/Time: 31/01/2015 11:03:29 AM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Google Update Service (gupdate) service entered the stopped state. 

Log: 'System' Date/Time: 31/01/2015 11:03:18 AM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Google Update Service (gupdate) service entered the running state. 

Log: 'System' Date/Time: 31/01/2015 11:03:18 AM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The Google Update Service (gupdate) service was successfully sent a start control. 

Log: 'System' Date/Time: 31/01/2015 11:02:42 AM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The IMAPI CD-Burning COM Service service entered the stopped state. 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 31/01/2015 11:05:41 AM
Type: warning Category: 0
Event: 20 Source: Print
Printer Driver HP Photosmart eStn C510 series for Windows NT x86 Version-3 was added or updated. Files:- UNIDRV.DLL, UNIDRVUI.DLL, hpoc5103.gpd, UNIDRV.HLP, hpoc5103.vdf, hpoc5103.xml, hpfsc101.dtd, hpfhl101.cab, hpfsm101.gpd, hpf3m101.gpd, STDNAMES.GPD, hpoc510a.ini, hpfst101.dll, hpfui101.dll, hpfvu101.dll, hpoc5103.dll, hpfev101.dll, hpf3r101.dll, hpfrs101.dll, hpfie101.dll, UNIRES.DLL, hpfpr101.dll, hpfpa101.vdf, hpfpa101.dll. 

Log: 'System' Date/Time: 30/01/2015 11:13:04 PM
Type: warning Category: 0
Event: 3 Source: Print
Printer HP Photosmart eStn C510 series was deleted. 

Log: 'System' Date/Time: 30/01/2015 11:12:52 PM
Type: warning Category: 0
Event: 4 Source: Print
Printer HP Photosmart eStn C510 series is pending deletion. 

Log: 'System' Date/Time: 30/01/2015 9:22:06 PM
Type: warning Category: 0
Event: 20 Source: Print
Printer Driver HP Photosmart eStn C510 series for Windows NT x86 Version-3 was added or updated. Files:- UNIDRV.DLL, UNIDRVUI.DLL, hpoc5103.gpd, UNIDRV.HLP, hpoc5103.vdf, hpoc5103.xml, hpfsc101.dtd, hpfhl101.cab, hpfsm101.gpd, hpf3m101.gpd, STDNAMES.GPD, hpoc510a.ini, hpfst101.dll, hpfui101.dll, hpfvu101.dll, hpoc5103.dll, hpfev101.dll, hpf3r101.dll, hpfrs101.dll, hpfie101.dll, UNIRES.DLL, hpfpr101.dll, hpfpa101.vdf, hpfpa101.dll. 

Log: 'System' Date/Time: 30/01/2015 8:53:08 PM
Type: warning Category: 0
Event: 3 Source: Print
Printer HP Photosmart eStn C510 series was deleted. 

Log: 'System' Date/Time: 30/01/2015 8:52:54 PM
Type: warning Category: 0
Event: 4 Source: Print
Printer HP Photosmart eStn C510 series is pending deletion.


----------



## cherdon (Feb 10, 2009)

Also, I checked to see if my ctrl alt del is now working and nothing comes up. I have a question. Whenever I use to put in a CD it use to automatically come up, but for awhile now I've had to go into My Computer in order to bring up whats on CD..is there a way to have it automatically come up? Once again if I haven't been on computer and start it up and go to click on something, it takes a while for it to click in and take effect..after however if I am using it alot, its ok..i dont get why that should be the case. Everything should come up right away whether you've been on computer for hours or are just logging on.


----------



## BrianDrab (Oct 22, 2014)

See if this fixes your Autorun and CTRL-ALT-DEL issue.

Step#1 - OTL Fix
 1. Double click on OTL.exe to open the program.
2. Copy all the code below and paste it into the *Custom Scans/Fixes *section at the very bottom of the OTL program.:Commands
[CreateRestorePoint]


:OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

Commands:
[EmptyTemp]
​3. Click the Run Fix button. OTL will ask to reboot the machine. Please do so when asked.
4. After the reboot a log file should open. Copy/Paste the contents of the log that opens and post in your next reply. If for some reason the log file does not appear then you can
open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter **.log* and press the Enter key, navigate to the *C:\_OTL\MovedFiles* folder,
and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


----------



## cherdon (Feb 10, 2009)

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\SoftwareSASGeneration deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1214440339-1659004503-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
File ptyTemp] not found.

OTL by OldTimer - Version 3.2.69.0 log created on 01312015_113330

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


----------



## cherdon (Feb 10, 2009)

So I try ctrl alt del and it brings up google search engine tab ???


----------



## BrianDrab (Oct 22, 2014)

Just to make sure Task Manager itself isn't messed up, please do the following.

1. Click your Start button.
2. Choose Run.
3. Type or Copy/Paste the following into the Open box and click OK.
c:\windows\system32\taskmgr.exe

Does Task Manager come up?


----------



## cherdon (Feb 10, 2009)

yes it does come up doing it that way


----------



## BrianDrab (Oct 22, 2014)

OK, close the task manager window. Also close your internet browsers and try the CTRL ALT DEL again.


----------



## cherdon (Feb 10, 2009)

I tried and nothing happened..it did not come up


----------



## BrianDrab (Oct 22, 2014)

To rule out a keyboard malfunction please hold down the CTRL and ALT keys on the right-side of the keyboard while hitting the DEL key and let me know what happens.


----------



## cherdon (Feb 10, 2009)

I dont know if my finger slipped but when I did that on right side of keyboard my computer shutdown..go figure..will try again but if i disappear you will know it shutdown again


----------



## cherdon (Feb 10, 2009)

ok right side of computer doesn't bring it up either


----------



## BrianDrab (Oct 22, 2014)

OK, then go here and run the Microsoft Fix-It. Make sure to download/install/run the first one which is to *Enable* this functionality.

http://support.microsoft.com/kb/308226


----------



## cherdon (Feb 10, 2009)

ok ran it..wants me to reboot to take effect..doing so now


----------



## BrianDrab (Oct 22, 2014)

Hmmm....I have to assume something went wrong and your computer didn't come back up?


----------



## cherdon (Feb 10, 2009)

omg i am running in safe mode..sorry i even attempted that...black screen came up said i had to press ctrl alt del to begin..left side wouldnt work had to use right side then it shut down and then a log into windows came up with my name and wanted password which nothing worked..finally just clicked ok and it brought me back to safe mode..i need help..ive got someone here right now that was installing a game for my granddaughter..i need to be able to get back to regular screen..i also unplugged my keyboard and have my old one hooked up..HELP

Please note that everytime rebooted that ctrl alt del screen would come up..even when it seemed to work when I did it on right side of keyboard it just wouldn't go away..ive rebooted so many times now and was so desperate i had to finally press f8 to get to safe mode


----------



## BrianDrab (Oct 22, 2014)

We'll that's unfortunate. Before I provide further instructions I need some clarification. Is my summation correct below?


1. The way I understand it is that you currently have your old keyboard hooked up. 
2. If you reboot your computer normally (not in Safe Mode) it comes up to the logon screen and asks you to hit CTRL-ALT-DELETE to logon. You are able to hit CTRL-ALT-DELETE using your old computer and then you can just click OK to log in. I'm assuming you don't have a password set up.


Please confirm.


----------



## cherdon (Feb 10, 2009)

Yes the only reason i hooked up my old keyboard is to see if ctrl alt del would work on left side like i always use and it seemed to work..no when i reboot my computer to normal screen that darn box comes up with ctrl alt del saying i need to do this in order to log in so then once again i hit ctrl alt del and it reboots but when it comes back up once again its the same story wants me to hit ctrl alt del and thats the only thing on screen..so i had no choice but to go to safe mode. I have no idea if i have a password or not for windows domain..ive tried a bunch that i thought might be it but no good..so im stuck here and person is here now and he cant help because he only knows about mac computers


----------



## BrianDrab (Oct 22, 2014)

No problem. It's easy to fix. Just need one more point of clarification. So right now using your old keyboard can you confirm that you are able to use CTRL ALT DEL on the left side and then click OK to log in to your machine.


----------



## cherdon (Feb 10, 2009)

yikes..ok i tried it while still in safe mode and it does come up and these are my options change password, task manager, lock computer, log off, shutdown and cancel..are u saying for me to click on shutdown after i bring up task manager and it will go to regular screen?


----------



## BrianDrab (Oct 22, 2014)

Not in Safe mode. Are you able to reboot your computer in "normal" mode? When the screen comes up that says hit CTRL-ALT-DELETE to log in. Go ahead and do so. It will show your username. You should be able to just click OK without entering a password to log on (if you don't have a password).


I just need to verify this before providing instructions for the permanent fix.


----------



## cherdon (Feb 10, 2009)

no it just shutdowns automatically and looks like its going to go back to desktop but then that stupid box comes up again..so r u saying i should just reboot from safemode and once screen comes up it should be in normal mode and then i should be able to just click ok and that will do it?


----------



## BrianDrab (Oct 22, 2014)

Let's do this. I assume you are in Safe Mode With Networking? Meaning you have internet access on the machine we are working on?


----------



## cherdon (Feb 10, 2009)

yes i have internet connection..just brought up IE to check


----------



## BrianDrab (Oct 22, 2014)

Go back to the following link and install the 2nd Fix-It which will disable the CTRL-ALT-DEL screen for you.

http://support.microsoft.com/kb/308226


----------



## cherdon (Feb 10, 2009)

Thank God that worked..I was so worried that I was not going to be able to use my computer again. That person had to leave, will come back around 3 to help install game off USB stick for granddaughter


----------



## BrianDrab (Oct 22, 2014)

So using your old keyboard attached to the computer, when you press CTRL ALT DEL, it just reboots your computer? You don't get an error or anything?


----------



## cherdon (Feb 10, 2009)

yes..well actually it just didn't come up..only time it rebooted was after i enabled 1st fix


----------



## BrianDrab (Oct 22, 2014)

When was the last time you remember being able to do this?


----------



## cherdon (Feb 10, 2009)

u mean able to use ctrl alt del? I really dont remember..the newest keyboard i was using was my sisters..only reason i switched was because the letters were worn off some of the keys.


----------



## BrianDrab (Oct 22, 2014)

Let's see what System File Checker (SFC) found/fixed if anything.


Step#1 - Viewing Results of System File Checker

1. *Click *your Start button.
2. *Right-Click *on My Computer and *select *Manage.









3. Computer Management will open. *Expand *the Event Viewer and *click *on System.
4. *Right-click *on System and select *Properties*.
5. *Click *the Filter tab at the top.
6. In the Event source drop-down, *select *Windows File Protection.
7. *Click *OK.
8. The Events that are now listed are the results of the System File Check (SFC) that we did. The oldest one will tell you that it started and the newest one should say finished successfully. All the ones in between should tell you what was replaced or if any errors occurred. Let me know what if anything was replaced and if there were any errors. Thanks.


----------



## cherdon (Feb 10, 2009)

Ok all events are listed with an exclamation mark infront of them all, date, time, source, category which all are non, event and user n/a..am I suppose to click on each one in order to tell if there are any errors or am i not understanding what your wanting me to do..


----------



## BrianDrab (Oct 22, 2014)

How many entries are there listed?


----------



## cherdon (Feb 10, 2009)

23 are listed..ok right clicked on most recent one and it says windows file protection file scan completed successfully


----------



## BrianDrab (Oct 22, 2014)

Correct. Now check the one right before that. What does it say?


----------



## cherdon (Feb 10, 2009)

The system file c:\windows\system32\drivers\usbvideo.sys could not be copied into the DLL cache. The specific error code is 0x00000020 [The process cannot access the file because it is being used by another process.
]. This file is necessary to maintain system stability.


----------



## BrianDrab (Oct 22, 2014)

Could you copy and paste the 21 others? I know it's a pain but XP doesn't provide many options for me to get this information.


----------



## cherdon (Feb 10, 2009)

I just right clicked on them all just to see and they all say the exact same thing..do u still want me to copy and paste them individually?

Oh nevermind, I do have to because of location


----------



## cherdon (Feb 10, 2009)

The system file c:\windows\system32\drivers\dlh5xnd5.sys could not be copied into the DLL cache. The specific error code is 0x00000020 [The process cannot access the file because it is being used by another process.
]. This file is necessary to maintain system stability.


----------



## cherdon (Feb 10, 2009)

The system file c:\windows\system32\divaprop.dll could not be copied into the DLL cache. The specific error code is 0x00000020 [The process cannot access the file because it is being used by another process.
]. This file is necessary to maintain system stability.


----------



## cherdon (Feb 10, 2009)

The system file c:\windows\system32\drivers\digirlpt.sys could not be copied into the DLL cache. The specific error code is 0x00000020 [The process cannot access the file because it is being used by another process.
]. This file is necessary to maintain system stability.


----------



## cherdon (Feb 10, 2009)

The system file c:\windows\system32\digiisdn.dll could not be copied into the DLL cache. The specific error code is 0x00000020 [The process cannot access the file because it is being used by another process.
]. This file is necessary to maintain system stability.


----------



## cherdon (Feb 10, 2009)

The system file c:\windows\system32\drivers\digifep5.sys could not be copied into the DLL cache. The specific error code is 0x00000020 [The process cannot access the file because it is being used by another process.
]. This file is necessary to maintain system stability.


----------



## cherdon (Feb 10, 2009)

The system file c:\windows\system32\drivers\dgapci.sys could not be copied into the DLL cache. The specific error code is 0x00000020 [The process cannot access the file because it is being used by another process.
]. This file is necessary to maintain system stability.


----------



## cherdon (Feb 10, 2009)

The system file c:\windows\system32\drivers\dfe650d.sys could not be copied into the DLL cache. The specific error code is 0x00000020 [The process cannot access the file because it is being used by another process.
]. This file is necessary to maintain system stability.


----------



## cherdon (Feb 10, 2009)

The system file c:\windows\system32\drivers\d100ib5.sys could not be copied into the DLL cache. The specific error code is 0x00000020 [The process cannot access the file because it is being used by another process.
]. This file is necessary to maintain system stability.


----------



## cherdon (Feb 10, 2009)

The system file c:\windows\system32\cyzcoins.dll could not be copied into the DLL cache. The specific error code is 0x00000020 [The process cannot access the file because it is being used by another process.
]. This file is necessary to maintain system stability.


----------



## cherdon (Feb 10, 2009)

The system file c:\windows\system32\drivers\cyclom-y.sys could not be copied into the DLL cache. The specific error code is 0x00000020 [The process cannot access the file because it is being used by another process.
]. This file is necessary to maintain system stability.


----------



## cherdon (Feb 10, 2009)

The system file c:\windows\system32\drivers\cwcspud.sys could not be copied into the DLL cache. The specific error code is 0x00000020 [The process cannot access the file because it is being used by another process.
]. This file is necessary to maintain system stability.


----------



## cherdon (Feb 10, 2009)

The system file c:\windows\system32\drivers\cem28n5.sys could not be copied into the DLL cache. The specific error code is 0x00000020 [The process cannot access the file because it is being used by another process.
]. This file is necessary to maintain system stability.


----------



## cherdon (Feb 10, 2009)

The system file c:\windows\system32\drivers\atinxsxx.sys could not be copied into the DLL cache. The specific error code is 0x00000020 [The process cannot access the file because it is being used by another process.
]. This file is necessary to maintain system stability.


----------



## cherdon (Feb 10, 2009)

The system file c:\windows\system32\drivers\agp440.sys could not be copied into the DLL cache. The specific error code is 0x00000020 [The process cannot access the file because it is being used by another process.
]. This file is necessary to maintain system stability.


----------



## cherdon (Feb 10, 2009)

The system file c:\windows\system32\drivers\adv11nt5.dll could not be copied into the DLL cache. The specific error code is 0x00000020 [The process cannot access the file because it is being used by another process.
]. This file is necessary to maintain system stability.


----------



## cherdon (Feb 10, 2009)

The system file c:\windows\system32\drivers\adv07nt5.dll could not be copied into the DLL cache. The specific error code is 0x00000020 [The process cannot access the file because it is being used by another process.
]. This file is necessary to maintain system stability.


----------



## cherdon (Feb 10, 2009)

The system file c:\windows\system32\drivers\ac97ali.sys could not be copied into the DLL cache. The specific error code is 0x00000020 [The process cannot access the file because it is being used by another process.
]. This file is necessary to maintain system stability.


----------



## cherdon (Feb 10, 2009)

The system file c:\windows\system32\8514a.dll could not be copied into the DLL cache. The specific error code is 0x00000020 [The process cannot access the file because it is being used by another process.
]. This file is necessary to maintain system stability.


----------



## cherdon (Feb 10, 2009)

The system file c:\windows\system32\drivers\1394bus.sys could not be copied into the DLL cache. The specific error code is 0x00000020 [The process cannot access the file because it is being used by another process.
]. This file is necessary to maintain system stability.


----------



## cherdon (Feb 10, 2009)

LAST ERROR

The system file c:\windows\system32\s3legacy.dll could not be copied into the DLL cache. The specific error code is 0x00000020 [The process cannot access the file because it is being used by another process.
]. This file is necessary to maintain system stability.


----------



## cherdon (Feb 10, 2009)

Be back in about 10 min BrianDrab


----------



## BrianDrab (Oct 22, 2014)

Perfect, thanks. As a workaround for brining up your Task Manager, can you use CTRL-SHIFT-ESC ?


----------



## BrianDrab (Oct 22, 2014)

I'll be away for about 40 minutes. Also let me know how your Autorun is doing (i.e. Putting a CD in and having it automatically start).


Thanks.


----------



## cherdon (Feb 10, 2009)

ok will try both


----------



## cherdon (Feb 10, 2009)

ctrl shift esc works


----------



## cherdon (Feb 10, 2009)

I put in a CD with granddaughters pics on it..a few moments later got hourglass and box came up windows can perform the same action each time you insert a disk or connect a device with this kind of file
options:
copy pics to folder
view a slideshow of images
print the pictures
import photos and videos
open folder to view files
take no action

just for the heck of it, I chose view slideshow of images and it works ..im happy happy
then i decided to copy pics from cd to folder and it did so but then when I went to x out of program I got not responding, then i clicked ok and it disappeared but so did my entire desktop except for your forum..this is showing on an entirely blue screen so now I'm going to have to reboot and hope I can once again access my desktop.


----------



## cherdon (Feb 10, 2009)

I'm back once again. I counted to see how many seconds it took to come up on screen after I inserted CD and it was 30 seconds. Once desktop came back it took some time for outlook express to actually load once clicked on and another 67 seconds after clicking on your thread in email..is there something in the configuration that can be changed so these areas where I have issues can come up immediately as they should?


----------



## BrianDrab (Oct 22, 2014)

My expertise is in malware removal and I can confirm you are clean. I know other aspects of systems as well but am not an expert. The only thing I can think of at this point is to see if the Antivirus is somehow causing this and then possibly a repair install which really should be a last resort.

We'll try a few more things and if we aren't able to solve it I may have to recommend an appropriate forum that you can get some assistance on this.

Let's try the following. Note: Please avoid searching on the internet while we are testing this as you will be unprotected.

1. Go to Add/Remove programs and uninstall Avast Antivirus. Reboot even if you are not prompted to.
2. Then download the AVG 2015 removal tool from here. http://download.avg.com/filedir/util/support/avg_remover_stf_x86_2015_5501.exe
3. Go ahead and run the removal tool. I know you don't have this software installed now but you originally did so I want to ensure that there are no remnants left over.
4. Reboot again even if not prompted.

Now see if you have the same kind of delays as you have been experiencing.


----------



## cherdon (Feb 10, 2009)

ok will do what you requested after my nephew comes and puts game on puter..he will be here shortly so i dont want to attempt this now.


----------



## cherdon (Feb 10, 2009)

Nephew finally left..was not able to play game..got error This application has failed to start because XINPUT1_3.dll was not found. Re-installing the application may fix this problem. Wanted you to know this to see if this application can be rectified. Also puter was running slow..kept getting stop running this script error. Ok, now I will do the above


----------



## BrianDrab (Oct 22, 2014)

To fix the game you may need to update DirectX.

http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=35


----------



## cherdon (Feb 10, 2009)

Here are the results from AVG remover

View attachment avgremover.log


----------



## cherdon (Feb 10, 2009)

Direct X has now been updated..hope that makes the difference..fingers crossed


----------



## cherdon (Feb 10, 2009)

Just doubleclicked on Castle of Illusions icon on desktop and got the following message
The application failed to initialize properly (oxc oooo142) . Click on ok to terminate application


----------



## BrianDrab (Oct 22, 2014)

Can you verify if you are still seeing the same delays now that the Antivirus is uninstalled?


----------



## cherdon (Feb 10, 2009)

Sure can...will have to reboot first


----------



## cherdon (Feb 10, 2009)

ok once desktop appeared i clicked on outlook express and counted..it came up right away but was blank..took 30 seconds for emails to actually show..i then clicked on your thread and counted..took 45 seconds for it to fully load to this page. I dont know if active x works because I would have to have a web site to go to where yellow thing comes across top and says allow download..as far as stop running script I dont know about that either..guess i will just have to wait and see if it re appears or if it doesn't. I went into add/remove and Iobit toolbar v6.2 is still there..i believe a while back you asked me to remove it and I said I couldn't ..does it still need to go? I guess the only thing left is to get me another anti virus and get rid of all the stuff i downloaded for all the fixes


----------



## BrianDrab (Oct 22, 2014)

OK, so it doesn't appear that uninstalling the AV made too much difference. We don't want you to go without AV since it would undermine everything we have done so far. So go ahead and re-install Avast Free or another one. There are a few others you could try but I would still suggest Avast.

Yes we do need to clean up Iobit toolbar so we'll do that after your AV is back on.

I've been doing some research on your game and there are posts that say that the game will not run properly on Windows XP. Here is one link that mentions that. http://mugenmultiverse.fanbb.net/t1826-ducktales-castle-of-illusion-problem

I'm taking my son to his soccer game. It's an hour long. I'll check in right after and we'll get this finished up tonight.


----------



## cherdon (Feb 10, 2009)

I re-installed avast and checked out game link


----------



## BrianDrab (Oct 22, 2014)

OK, let's remove the iObit software now. Please do the following and let me know when done.

Step#1 - Registry Cleanup - iObit
Note: This registry fix is specific to this machine only. It should not be applied to any other machine.

1. *Right-Click *this file and choose Save Link As... and save to your desktop.
2. *Double-click *on the downloaded file which should be named Iobit.reg.
3. You will get a message box asking if you are sure you want to do this. Please click *Yes*.
4. If all goes well you will get another message that says this was successful. Please click *OK*.
5. Verify that the iObit software is gone from Add/Remove programs and let me know.


----------



## cherdon (Feb 10, 2009)

I tried first time and it was still in add/remove so i even tried again, same thing. Dont know if this makes a difference but on desktop it just says Iobit not Iobit.reg. Checked chrome download and it has reg on that one..odd !!! So I decided to try the one in chrome but it didn't make a difference..still showing in add/remove


----------



## BrianDrab (Oct 22, 2014)

Interesting. Let's see what was missed in the registry.

1. Run *FRST* by *Double-Clicking *on the file.
2. Copy and paste the word *IObit *into the Search box and click the *Search Registry *button.

















3. When the scan is complete a notepad window will open with the results. *Please copy and paste the contents in your next reply*. If for some reason notepad doesn't open the file should be
 saved on your desktop named *Search.txt*.


----------



## cherdon (Feb 10, 2009)

says FRST has encountered a problem and needs to close..can u send me another link for FRST please


----------



## BrianDrab (Oct 22, 2014)

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81


----------



## cherdon (Feb 10, 2009)

Again I got the same thing..FRST has encountered a problem and needs to close

AppName: frst.exe AppVer: 1.2.2015.0 ModName: frst.exe
ModVer: 1.2.2015.0 Offset: 0001f3d4


----------



## BrianDrab (Oct 22, 2014)

No problem. Let's just do it this way. Since you will be modifying the registry manually, please make sure you follow the steps exactly.

1. Click the Start button and choose Run.
2. Type regedit.exe and click OK. The registry editor will be open.
3. Make sure that everything is collapsed and has plus signs next to them like the following.









4. Click the plus sign next to HKEY_LOCAL_MACHINE.
5. Click the plus sign next to SOFTWARE.
6. Click the plus sign next to Microsoft.
7. Click the plus sign next to Windows
8. Click the plus sign next to CurrentVersion.
9. Click the plus sign next to Uninstall
10. Scroll down and see if you see any folder with iOBit as part of the name.

Let me know before deleting it.


----------



## cherdon (Feb 10, 2009)

Dont see anything with Iorbit but funny thing I see IE7 and IE8..i dont even have IE7 on this puter or in my add/remove program...could that be it? and yes I know IE stand for internet explorer but figured I'd mention it anways


----------



## BrianDrab (Oct 22, 2014)

No. Click on the Uninstall folder in the registry. Then choose Edit...Find from the menu. Type iobit in the Find what box and click on the Find Next button. Let me know if it finds anything.


----------



## cherdon (Feb 10, 2009)

yes it did

product name REG_SZ IObit Toolbar v6.2 11 other things were also listed that came up in this box but this was the only one highlighted that mentioned this toolbar


----------



## BrianDrab (Oct 22, 2014)

OK. So you want to select the parent folder of the IObit Toolbar v6.2 11. You want the folder that is directly one level beneath the Uninstall folder. Can you click on this folder? Is the name of the folder something like {835BCA58-EBE8-415B-8E7F-457F76F15821}?


----------



## cherdon (Feb 10, 2009)

So you want to select the parent folder of the IObit Toolbar v6.2 11. You want the folder that is directly one level beneath the Uninstall folder. Can you click on this folder? Is the name of the folder something like {835BCA58-EBE8-415B-8E7F-457F76F15821}?

I am not seeing anything like that number {835BCA58-EBE8-415B-8E7F-457F76F15821}..i highlighted the few that started with an 8 but when i looked in box on right side, saw nothing that said iobit


----------



## BrianDrab (Oct 22, 2014)

When you did the search for iObit (do it again if you need to) what was the path shown on the status bar?


----------



## cherdon (Feb 10, 2009)

wow this time it showed up on left side under +software and path is S-1-5-21-1214440339-1659004503-1801674531-1004\software\AppDataLow\software\iobit in box on right side there are 2 things listed

default REG_SZ value not set 

Silent_update REG_Dword 0x0000001 (1)


----------



## BrianDrab (Oct 22, 2014)

You need to go back to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\*Uninstall*
And then do the search. We are looking for the iObit entry beneath the Uninstall key in the registry.
*







*


----------



## BrianDrab (Oct 22, 2014)

Once you find the iObit Toolbar entry, then you just need to look to the left column and find the folder that appears open. That's the folder that you want to click on.


----------



## BrianDrab (Oct 22, 2014)

I'm putting my daughter to bed and will be back in 15 minutes.


----------



## BrianDrab (Oct 22, 2014)

I'm back. She fell right asleep which doesn't happen very often.


----------



## BrianDrab (Oct 22, 2014)

I think I found an easier way to do this. Go ahead and close the registry editor and try this.

Step#1 - Registry Cleanup - iObit
Note: This registry fix is specific to this machine only. It should not be applied to any other machine.

1. *Right-Click *this file and choose Save Link As... and save to your desktop.
2. *Double-click *on the downloaded file which should be named Uninstall.reg.
3. You will get a message box asking if you are sure you want to do this. Please click *Yes*.
4. If all goes well you will get another message that says this was successful. Please click *OK*.
5. Verify that the iObit software is gone from Add/Remove programs and let me know.


----------



## cherdon (Feb 10, 2009)

i did find the open folder


----------



## BrianDrab (Oct 22, 2014)

What was the name of the open folder?


----------



## cherdon (Feb 10, 2009)

well if i look in the box at right product name says REG_SZ Iobit toolbar v6.2 (under data)


----------



## BrianDrab (Oct 22, 2014)

OK, let's just try following my new steps. Go ahead and close the registry (it's a dangerous place). Let me know if it works.


----------



## cherdon (Feb 10, 2009)

closed registry and tried uninstall ..checked add/remove..still there...i forget how we got rid of those 4 canon programs in add/remove..took some doing but we did it


----------



## BrianDrab (Oct 22, 2014)

Darn. OK, open regedit again.


1. Start...Run...Regedit.exe
2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
3. Click on the Uninstall folder.
4. Do the search for iobit again. Let me know when you find the iobit toolbar again.


----------



## cherdon (Feb 10, 2009)

85ACB5 388EBEB51 do i need to do the entire number here...too bad cant copy and paste it

should have also put HKEY_Classes_Root\Installer\Products


----------



## BrianDrab (Oct 22, 2014)

No that's fine. So to confirm, on the left side there is only one folder that appears open. If you click on that folder, you still see the iobit stuff on the right side of the screen correct?


----------



## cherdon (Feb 10, 2009)

Yes only one is open and yes iobit is on right side


----------



## BrianDrab (Oct 22, 2014)

Perfect. So click on that folder on the left so it is highlighted and then choose Edit...Delete from the menu. You will be asked if you are sure. Answer Yes.


----------



## cherdon (Feb 10, 2009)

we did it yipeeeeeeee


----------



## BrianDrab (Oct 22, 2014)

Cool. So it's gone from Add/Remove programs?


----------



## cherdon (Feb 10, 2009)

yes it is


----------



## BrianDrab (Oct 22, 2014)

OK, let's get our tools all cleaned up.

*1. Clean Up!*
We need to remove all the tools that we used so that should you ever be re-infected, you will download updated versions which may have updated detection logic.
1. Download *Delfix *from here. Open the program.
2. Ensure everything is checked.
3. Click *Run*.
Note: The program will run for a few moments and then notepad will open with a log. *Please paste the log in your next reply*.
Note: Delete any other *.bat, .log, .reg, .txt,* and any other files created during this process, and left on the desktop and empty the *Recycle Bin*. A few you may have are regfix.reg, iobit.reg, uninstall.reg, vew.exe and listchkdskresult.exe.


----------



## cherdon (Feb 10, 2009)

# DelFix v10.8 - Logfile created 31/01/2015 at 22:48:23
# Updated 29/07/2014 by Xplode
# Username : Cheryl - CHERYL-A778CF1B
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\_OTL
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\log.txt
Deleted : C:\TDSSKiller.3.0.0.42_20.12.2014_01.03.53_log.txt
Deleted : C:\Documents and Settings\Cheryl\Desktop\Fixlog.txt
Deleted : C:\Documents and Settings\Cheryl\Desktop\FRST (1).exe
Deleted : C:\Documents and Settings\Cheryl\Desktop\FRST.exe
Deleted : C:\Documents and Settings\Cheryl\My Documents\Downloads\Addition.txt
Deleted : C:\Documents and Settings\Cheryl\My Documents\Downloads\AdwCleaner (1).exe
Deleted : C:\Documents and Settings\Cheryl\My Documents\Downloads\AdwCleaner (2).exe
Deleted : C:\Documents and Settings\Cheryl\My Documents\Downloads\AdwCleaner (3).exe
Deleted : C:\Documents and Settings\Cheryl\My Documents\Downloads\AdwCleaner (4).exe
Deleted : C:\Documents and Settings\Cheryl\My Documents\Downloads\AdwCleaner (5).exe
Deleted : C:\Documents and Settings\Cheryl\My Documents\Downloads\AdwCleaner.exe
Deleted : C:\Documents and Settings\Cheryl\My Documents\Downloads\AdwCleaner[S3].txt
Deleted : C:\Documents and Settings\Cheryl\My Documents\Downloads\AdwCleaner[S4].txt
Deleted : C:\Documents and Settings\Cheryl\My Documents\Downloads\adwcleaner_4.107 (1).exe
Deleted : C:\Documents and Settings\Cheryl\My Documents\Downloads\adwcleaner_4.107 (2).exe
Deleted : C:\Documents and Settings\Cheryl\My Documents\Downloads\adwcleaner_4.107 (3).exe
Deleted : C:\Documents and Settings\Cheryl\My Documents\Downloads\adwcleaner_4.107 (4).exe
Deleted : C:\Documents and Settings\Cheryl\My Documents\Downloads\adwcleaner_4.107.exe
Deleted : C:\Documents and Settings\Cheryl\My Documents\Downloads\aswMBR.exe
Deleted : C:\Documents and Settings\Cheryl\My Documents\Downloads\esetsmartinstaller_enu (1).exe
Deleted : C:\Documents and Settings\Cheryl\My Documents\Downloads\esetsmartinstaller_enu (2).exe
Deleted : C:\Documents and Settings\Cheryl\My Documents\Downloads\esetsmartinstaller_enu (3).exe
Deleted : C:\Documents and Settings\Cheryl\My Documents\Downloads\esetsmartinstaller_enu (4).exe
Deleted : C:\Documents and Settings\Cheryl\My Documents\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Documents and Settings\Cheryl\My Documents\Downloads\Fixlog.txt
Deleted : C:\Documents and Settings\Cheryl\My Documents\Downloads\FRST (1).exe
Deleted : C:\Documents and Settings\Cheryl\My Documents\Downloads\FRST (2).exe
Deleted : C:\Documents and Settings\Cheryl\My Documents\Downloads\FRST (3).exe
Deleted : C:\Documents and Settings\Cheryl\My Documents\Downloads\FRST.exe
Deleted : C:\Documents and Settings\Cheryl\My Documents\Downloads\FRST.txt
Deleted : C:\Documents and Settings\Cheryl\My Documents\Downloads\JRT (1).exe
Deleted : C:\Documents and Settings\Cheryl\My Documents\Downloads\JRT (2).exe
Deleted : C:\Documents and Settings\Cheryl\My Documents\Downloads\JRT (3).exe
Deleted : C:\Documents and Settings\Cheryl\My Documents\Downloads\JRT.exe
Deleted : C:\Documents and Settings\Cheryl\My Documents\Downloads\JRT.txt
Deleted : C:\Documents and Settings\Cheryl\My Documents\Downloads\HijackThis (1).exe
Deleted : C:\Documents and Settings\Cheryl\My Documents\Downloads\HijackThis (2).exe
Deleted : C:\Documents and Settings\Cheryl\My Documents\Downloads\HijackThis.exe
Deleted : C:\Documents and Settings\Cheryl\My Documents\Downloads\hijackthis.log
Deleted : C:\Documents and Settings\Cheryl\My Documents\Downloads\RogueKiller (1).exe
Deleted : C:\Documents and Settings\Cheryl\My Documents\Downloads\RogueKiller.exe
Deleted : C:\Documents and Settings\Cheryl\My Documents\Downloads\Search.txt
Deleted : C:\Documents and Settings\Cheryl\My Documents\Downloads\SecurityCheck (1).exe
Deleted : C:\Documents and Settings\Cheryl\My Documents\Downloads\SecurityCheck (2).exe
Deleted : C:\Documents and Settings\Cheryl\My Documents\Downloads\SecurityCheck.exe
Deleted : C:\Documents and Settings\Cheryl\My Documents\Downloads\tdsskiller.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #1061 [Removed AVG 2015 | 11/02/2014 11:19:49]
Deleted : RP #1062 [Removed AVG 2015 | 11/03/2014 13:40:52]
Deleted : RP #1063 [Removed AVG 2015 | 11/03/2014 13:43:01]
Deleted : RP #1064 [System Checkpoint | 11/04/2014 17:40:40]
Deleted : RP #1065 [System Checkpoint | 11/05/2014 17:52:23]
Deleted : RP #1066 [System Checkpoint | 11/06/2014 17:59:04]
Deleted : RP #1067 [System Checkpoint | 11/07/2014 18:25:43]
Deleted : RP #1068 [System Checkpoint | 11/08/2014 19:00:18]
Deleted : RP #1069 [System Checkpoint | 11/09/2014 19:03:00]
Deleted : RP #1070 [System Checkpoint | 11/10/2014 20:07:08]
Deleted : RP #1071 [System Checkpoint | 11/11/2014 20:51:19]
Deleted : RP #1072 [System Checkpoint | 11/12/2014 20:54:04]
Deleted : RP #1073 [Software Distribution Service 3.0 | 11/13/2014 08:00:25]
Deleted : RP #1074 [System Checkpoint | 11/14/2014 14:53:38]
Deleted : RP #1075 [System Checkpoint | 11/15/2014 15:11:40]
Deleted : RP #1076 [System Checkpoint | 11/16/2014 15:22:18]
Deleted : RP #1077 [System Checkpoint | 11/17/2014 16:58:31]
Deleted : RP #1078 [System Checkpoint | 11/18/2014 17:14:32]
Deleted : RP #1079 [System Checkpoint | 11/19/2014 18:44:15]
Deleted : RP #1080 [Removed Google Earth. | 11/20/2014 11:43:36]
Deleted : RP #1081 [System Checkpoint | 11/21/2014 13:27:50]
Deleted : RP #1082 [System Checkpoint | 11/22/2014 14:23:36]
Deleted : RP #1083 [System Checkpoint | 11/23/2014 15:39:24]
Deleted : RP #1084 [System Checkpoint | 11/24/2014 16:34:19]
Deleted : RP #1085 [System Checkpoint | 11/25/2014 16:56:21]
Deleted : RP #1086 [System Checkpoint | 11/26/2014 16:58:24]
Deleted : RP #1087 [System Checkpoint | 11/27/2014 17:35:33]
Deleted : RP #1088 [System Checkpoint | 11/28/2014 20:07:32]
Deleted : RP #1089 [System Checkpoint | 11/29/2014 21:22:19]
Deleted : RP #1090 [System Checkpoint | 11/30/2014 21:30:00]
Deleted : RP #1091 [System Checkpoint | 12/01/2014 21:52:27]
Deleted : RP #1092 [System Checkpoint | 12/02/2014 22:38:27]
Deleted : RP #1093 [System Checkpoint | 12/04/2014 01:57:06]
Deleted : RP #1094 [System Checkpoint | 12/05/2014 04:59:52]
Deleted : RP #1095 [System Checkpoint | 12/06/2014 16:58:03]
Deleted : RP #1096 [System Checkpoint | 12/07/2014 17:40:34]
Deleted : RP #1097 [System Checkpoint | 12/08/2014 18:03:32]
Deleted : RP #1098 [System Checkpoint | 12/09/2014 19:52:29]
Deleted : RP #1099 [System Checkpoint | 12/10/2014 20:36:53]
Deleted : RP #1100 [Software Distribution Service 3.0 | 12/11/2014 10:08:52]
Deleted : RP #1101 [System Checkpoint | 12/12/2014 14:10:27]
Deleted : RP #1102 [System Checkpoint | 12/13/2014 14:33:01]
Deleted : RP #1103 [System Checkpoint | 12/14/2014 15:57:56]
Deleted : RP #1104 [Installed AVG 2015 | 12/14/2014 20:59:19]
Deleted : RP #1105 [Installed AVG 2015 | 12/14/2014 21:00:16]
Deleted : RP #1106 [Installed AVG PC TuneUp 2015 | 12/14/2014 23:06:43]
Deleted : RP #1107 [System Checkpoint | 12/15/2014 23:28:45]
Deleted : RP #1108 [Removed AVG PC TuneUp 2015 | 12/15/2014 23:45:43]
Deleted : RP #1109 [Removed AVG PC TuneUp 2015 (en-US) | 12/15/2014 23:47:53]
Deleted : RP #1110 [System Checkpoint | 12/16/2014 23:55:57]
Deleted : RP #1111 [System Checkpoint | 12/18/2014 00:02:55]
Deleted : RP #1112 [System Checkpoint | 12/19/2014 00:03:49]
Deleted : RP #1113 [System Checkpoint | 12/20/2014 00:59:32]
Deleted : RP #1114 [Installed Windows XP KB942288-v3. | 12/21/2014 00:21:47]
Deleted : RP #1115 [AA11 | 12/21/2014 00:22:32]
Deleted : RP #1116 [LavasoftWeCompanion | 12/21/2014 00:26:04]
Deleted : RP #1117 [AA11 | 12/21/2014 03:11:53]
Deleted : RP #1118 [LavasoftWeCompanion | 12/21/2014 03:26:29]
Deleted : RP #1119 [Removed AVG 2015 | 12/21/2014 19:02:18]
Deleted : RP #1120 [Removed AVG 2015 | 12/21/2014 19:04:30]
Deleted : RP #1121 [Removed Visual Studio 2012 x86 Redistributables | 12/21/2014 19:08:31]
Deleted : RP #1122 [System Checkpoint | 12/23/2014 01:50:04]
Deleted : RP #1123 [avast! antivirus system restore point | 12/23/2014 04:49:21]
Deleted : RP #1124 [System Checkpoint | 12/24/2014 17:10:57]
Deleted : RP #1125 [System Checkpoint | 12/25/2014 17:29:05]
Deleted : RP #1126 [System Checkpoint | 12/26/2014 17:47:38]
Deleted : RP #1127 [System Checkpoint | 12/27/2014 18:17:41]
Deleted : RP #1128 [System Checkpoint | 12/28/2014 18:23:52]
Deleted : RP #1129 [System Checkpoint | 12/29/2014 18:57:25]
Deleted : RP #1130 [System Checkpoint | 12/30/2014 18:59:34]
Deleted : RP #1131 [System Checkpoint | 12/31/2014 21:09:05]
Deleted : RP #1132 [System Checkpoint | 01/01/2015 21:55:13]
Deleted : RP #1133 [System Checkpoint | 01/02/2015 21:56:45]
Deleted : RP #1134 [System Checkpoint | 01/03/2015 22:37:02]
Deleted : RP #1135 [System Checkpoint | 01/05/2015 13:06:38]
Deleted : RP #1136 [System Checkpoint | 01/06/2015 13:56:11]
Deleted : RP #1137 [System Checkpoint | 01/07/2015 15:05:08]
Deleted : RP #1138 [Installed Rapport | 01/08/2015 03:45:36]
Deleted : RP #1139 [System Checkpoint | 01/09/2015 04:39:49]
Deleted : RP #1140 [System Checkpoint | 01/10/2015 13:49:37]
Deleted : RP #1141 [Removed iTunes | 01/11/2015 12:54:37]
Deleted : RP #1142 [System Checkpoint | 01/12/2015 13:10:17]
Deleted : RP #1143 [Installed Rapport | 01/12/2015 17:49:13]
Deleted : RP #1144 [System Checkpoint | 01/13/2015 18:05:22]
Deleted : RP #1145 [Software Distribution Service 3.0 | 01/14/2015 12:59:08]
Deleted : RP #1146 [System Checkpoint | 01/15/2015 13:46:09]
Deleted : RP #1147 [System Checkpoint | 01/16/2015 16:04:24]
Deleted : RP #1148 [System Checkpoint | 01/17/2015 16:41:25]
Deleted : RP #1149 [System Checkpoint | 01/18/2015 18:18:23]
Deleted : RP #1150 [System Checkpoint | 01/19/2015 18:20:35]
Deleted : RP #1151 [System Checkpoint | 01/20/2015 18:58:25]
Deleted : RP #1152 [System Checkpoint | 01/21/2015 19:45:05]
Deleted : RP #1153 [System Checkpoint | 01/22/2015 20:07:36]
Deleted : RP #1154 [avast! antivirus system restore point | 01/23/2015 19:05:35]
Deleted : RP #1155 [avast! antivirus system restore point | 01/23/2015 19:46:17]
Deleted : RP #1156 [Removed Apple Application Support | 01/24/2015 01:49:26]
Deleted : RP #1157 [Removed Apple Mobile Device Support | 01/24/2015 01:51:23]
Deleted : RP #1158 [Removed Apple Software Update | 01/24/2015 01:52:14]
Deleted : RP #1159 [Removed QuickTime 7 | 01/24/2015 17:35:55]
Deleted : RP #1160 [Installed QuickTime 7 | 01/24/2015 17:48:39]
Deleted : RP #1161 [System Checkpoint | 01/25/2015 18:27:33]
Deleted : RP #1162 [Restore Operation | 01/26/2015 16:09:23]
Deleted : RP #1163 [Restore Operation | 01/26/2015 17:58:26]
Deleted : RP #1164 [avast! antivirus system restore point | 01/26/2015 19:50:12]
Deleted : RP #1165 [avast! antivirus system restore point | 01/26/2015 20:11:46]
Deleted : RP #1166 [System Checkpoint | 01/27/2015 21:53:09]
Deleted : RP #1167 [Restore Point Created by FRST | 01/28/2015 01:38:54]
Deleted : RP #1168 [Restore Point Created by FRST | 01/28/2015 05:06:18]
Deleted : RP #1169 [Restore Point Created by FRST | 01/29/2015 01:40:40]
Deleted : RP #1170 [Restore Point Created by FRST | 01/29/2015 11:44:49]
Deleted : RP #1171 [Restore Point Created by FRST | 01/29/2015 12:02:41]
Deleted : RP #1172 [Software Distribution Service 3.0 | 01/30/2015 02:55:37]
Deleted : RP #1173 [Restore Point Created by FRST | 01/30/2015 19:39:29]
Deleted : RP #1174 [Restore Point Created by FRST | 01/30/2015 19:47:17]
Deleted : RP #1175 [Restore Point Created by FRST | 01/30/2015 20:00:09]
Deleted : RP #1176 [Restore Operation | 01/31/2015 01:02:59]
Deleted : RP #1177 [OTL Restore Point - 1/30/2015 9:17:00 PM | 01/31/2015 02:17:15]
Deleted : RP #1178 [OTL Restore Point - 1/31/2015 11:33:43 AM | 01/31/2015 16:33:57]
Deleted : RP #1179 [Installed Microsoft Fix it 50405 | 01/31/2015 17:04:30]
Deleted : RP #1180 [Installed DirectX | 01/31/2015 20:59:23]
Deleted : RP #1181 [Installed DirectX | 01/31/2015 21:21:15]
Deleted : RP #1182 [Installed DirectX | 01/31/2015 21:52:22]
Deleted : RP #1183 [Installed DirectX | 01/31/2015 22:22:59]
Deleted : RP #1184 [avast! antivirus system restore point | 01/31/2015 22:45:30]
Deleted : RP #1185 [Installed DirectX | 01/31/2015 23:14:04]
Deleted : RP #1186 [avast! antivirus system restore point | 02/01/2015 00:32:22]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

Is it ok for me to also delete .exe files on desktop such as VEW and avg_remover etc?


----------



## BrianDrab (Oct 22, 2014)

OK! Well done, your computer is clean again!







Part of our jobs here is to help you clean your computer. But beyond that and just as important is to provide you with some information to keep you safe and secure on the net as well as to share knowledge. So if there is nothing else you need, following is that information. Thank you so much for sticking with me.

*1. Antimalware- Preventative*
*Note*: Let's keep Malwarebytes installed as it's a fantastic piece of software. Malwarebytes is an anti-malware software and not an antivirus software so it won't conflict with the Antivirus that you are running. I would recommend that you open up this program, allow it to update and scan your machine at least quarterly...monthly if you can.

*2. Crypto Warning!!!! - Complete Data Loss can occur!*
There are particularly nasty infections out there at the moment that encrypt your data and hold it for ransom. You may read more about this here.
New strains of this are coming out all the time. In fact a very new strain called VirRansom  (which is a hybrid of CrytoLocker and CryptoWall) has recently been identified and it's a true self-replicating parasitic virus.


*Download *CryptoPrevent *free *for home use here  following the instructions below.
*Save *the file to your *desktop *from the link above and then *open *the program by clicking *Run *when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
Accept all the defaults during the install. The last screen of the install has a checkmark in "*Launch CryptoPrevent*". This is good and will launch the program once you click *Finish*.
You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer *No*.
You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
You will then be prompted to apply all default protections. Answer *Yes*.
You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.
That's it. The protection is in place.
Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.










*3. Firewall - Preventative*
Next let's look at Firewalls. These help to prevent unauthorized access both to and from the internet or your local network. A firewall is considered a first line of defense in protecting private information. If you have at least Windows Vista then the built-in Windows firewall is fine. If you are still using Windows XP, you should download a firewall. A recommended one is below. NOTE: Microsoft Support for Windows XP ends April 8, 2014. If you are still using this operating system you may want to make plans to upgrade. Microsoft will no longer provide windows updates for this operating system after this date which will make it more vulnerable than it is today.

*OnLine-Armour* _Note: By default Emsisoft Online Armor installs as a free fully functional 30 day trial version. After the trial period you can either choose to buy a full version license or switch to the limited freeware mode. _
*Agnitum - Outpost free* _Note: Scroll down to *Free Outpost Products* and *Outpost Firewall Free*._

For more information about computer security and how to protect yourself when on the internet, please read this guide *Best Practices for Safe Computing*

OK, all the best, and stay safe!


----------



## cherdon (Feb 10, 2009)

I cant thank you enough Brian for sticking with me and helping me get this computer malware free..you literally spent days on this and your hard work is much appreciated..Have a wonderful evening..whats left of it


----------



## BrianDrab (Oct 22, 2014)

No problem at all. Yes you can delete those. That was in my instructions I posted in the Cleanup step. You may want to refer back to those.


----------



## cherdon (Feb 10, 2009)

I realized that and edited to remove but i guess i was too late..tks


----------

