superhawk

I followed the above and let it run for 8 hours. It would not stop, so I shut down the computer and followed the instructions again. After another eight hours, it was still running, so, again, I shut down and re-started the computer. There is no change. I really do appreciate your trying to help, but it is not worth any more time. My neighbor says he can use some of the good parts and throw away the bad. When I can afford it, I will just buy a new computer and not download anything into it. Thank you, again. I do not have palpal. Is there somewhere I can send a money order? I will keep this running for two days for your reply. Thank you, again, and have a Merry Christmas.

Nothing has changed. I tried (again) to delete 'A Youtube Downloader Free.dll' and 'A Youtube Downloader Free.xpi' but am still not able. My FireFox homepage is still 'apype.com. with 'www.search.starburnsoftware.com in the address bar. After running the OTL(per your instructions) it left an OTL.Txt, but not an Extras.Txt. A searched, but could not find the 'Extras', so I ran the program again, with the same results; no 'Extras.Txt'. Here is the OTL log it gave me: OTL logfile created on: 12/12/2012 9:15:57 AM - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Program Files Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1015.48 Mb Total Physical Memory | 398.27 Mb Available Physical Memory | 39.22% Memory free 2.38 Gb Paging File | 1.45 Gb Available in Paging File | 60.64% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 143.88 Gb Total Space | 36.43 Gb Free Space | 25.32% Space Free | Partition Type: NTFS Drive D: | 5.16 Gb Total Space | 1.80 Gb Free Space | 34.80% Space Free | Partition Type: FAT32 Drive F: | 27.94 Gb Total Space | 11.20 Gb Free Space | 40.10% Space Free | Partition Type: FAT32 Drive G: | 233.75 Gb Total Space | 128.43 Gb Free Space | 54.94% Space Free | Partition Type: NTFS Drive H: | 7.45 Gb Total Space | 7.38 Gb Free Space | 99.07% Space Free | Partition Type: NTFS Computer Name: COMPUTER | User Name: Owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files\OTL.exe (OldTimer Tools) PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files\A Youtube Downloader Free\A Youtube Downloader Free_Helper.exe () PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Program Files\VERIZONDM\bin\tgsrvc.exe (SupportSoft, Inc.) PRC - C:\Program Files\VERIZONDM\bin\sprtsvc.exe (SupportSoft, Inc.) PRC - C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.) PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.) PRC - C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) PRC - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.) PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files\Nuance\PDF Viewer Plus\PdfPro7Hook.exe (Nuance Communications, Inc.) PRC - C:\Program Files\Nuance\PDF Create 7\PdfCreate7Hook.exe (Nuance Communications, Inc.) PRC - C:\Program Files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe (Auslogics) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\WINDOWS\ModPS2Key.exe (Chicony) PRC - C:\WINDOWS\zHotkey.exe () PRC - C:\Program Files\ZyDAS Technology Corporation\IOGEAR_802.11g_Utility\ZDWlan.exe () PRC - C:\Program Files\NETGEAR GA311 Adapter\GA311.exe () PRC - C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hpofxm07.exe (Hewlett-Packard Co.) PRC - C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hposts07.exe (Hewlett-Packard Co.) PRC - C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hpoevm07.exe (Hewlett-Packard Co.) PRC - C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe (Hewlett-Packard Co.) PRC - C:\WINDOWS\system32\hpoipm07.exe (HP) ========== Modules (No Company Name) ========== MOD - C:\Program Files\AVAST Software\Avast\defs\12121102\algo.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll () MOD - C:\Program Files\A Youtube Downloader Free\A Youtube Downloader Free_Helper.exe () MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files\Auslogics\Auslogics BoostSpeed\madExcept_.bpl () MOD - C:\Program Files\Auslogics\Auslogics BoostSpeed\madBasic_.bpl () MOD - C:\Program Files\Auslogics\Auslogics BoostSpeed\madDisAsm_.bpl () MOD - C:\WINDOWS\zHotkey.exe () MOD - C:\Program Files\ZyDAS Technology Corporation\IOGEAR_802.11g_Utility\ZDWlan.exe () MOD - C:\Program Files\ZyDAS Technology Corporation\IOGEAR_802.11g_Utility\ZDWlan.dll () MOD - C:\Program Files\ZyDAS Technology Corporation\IOGEAR_802.11g_Utility\dot1x_dll.dll () MOD - F:\WinRAR\RarExt.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\Program Files\NETGEAR GA311 Adapter\GA311.exe () MOD - C:\Program Files\NETGEAR GA311 Adapter\Rtl8169LibC.dll () MOD - C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hpopxs07.dll () ========== Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (IHA_MessageCenter) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe (Verizon) SRV - (tgsrvc_verizondm) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe (SupportSoft, Inc.) SRV - (sprtsvc_verizondm) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.) SRV - (PDFProFiltSrvPP) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.) SRV - (GameConsoleService) -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found DRV - (SymIM) -- system32\DRIVERS\SymIM.sys File not found DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys File not found DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS File not found DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys File not found DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software) DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software) DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys () DRV - (npf) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (xcbdaNtsc) -- C:\WINDOWS\system32\drivers\xcbda.sys (ViXS Systems Inc.) DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (ZD1211BU(ZyDAS) -- C:\WINDOWS\system32\drivers\ZD1211BU.sys (ZyDAS Technology Corporation) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (BRGSp50) -- C:\WINDOWS\system32\drivers\BRGSp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) DRV - (Diag69xp) -- C:\WINDOWS\system32\drivers\diag69xp.sys (Realtek Semiconductor Corporation) DRV - (LANPkt) -- C:\WINDOWS\system32\drivers\LANPkt.sys (Windows ® 2000 DDK provider) DRV - (el575nd5) -- C:\WINDOWS\system32\drivers\el575ND5.sys (3Com Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {c0415407-4ed2-48e1-900e-ee869abdd1f3} - C:\Documents and Settings\Owner\A Youtube Downloader Free.dll (HotSummerWind Software) IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://apype.com IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Custom search" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12" FF - prefs.js..browser.search.selectedEngine: "Custom search" FF - prefs.js..browser.startup.homepage: "http://apype.com" FF - prefs.js..extensions.enabledAddons: 14xRm@skywebsearch.com:3.0.0.0 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.3 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35 FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474 FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0 FF - prefs.js..extensions.enabledAddons: 14xRm%40skywebsearch.com:3.0.0.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..keyword.URL: "http://apype.com/results.php?q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files\Nuance\PDF Viewer Plus\bin\nppdf.dll (Zeon Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/12/04 09:31:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/07 23:25:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/07 23:24:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/12/08 16:06:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\14xRm@skywebsearch.com: C:\DOCUME~1\Owner\A Youtube Downloader Free.xpi [2012/09/27 17:40:26 | 000,046,060 | ---- | M] () [2012/10/17 11:49:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions [2012/10/17 11:49:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\home2@tomtom.com [2012/12/04 21:06:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\extensions [2012/12/04 21:06:01 | 000,531,070 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012/12/07 23:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/12/07 23:24:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012/12/07 23:24:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012/09/27 17:40:26 | 000,046,060 | ---- | M] () (No name found) -- C:\DOCUME~1\OWNER\A YOUTUBE DOWNLOADER FREE.XPI [2012/12/04 09:31:31 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2012/06/24 15:07:29 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2012/12/07 23:25:02 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/12/12 09:19:39 | 000,002,261 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Custom search.xml ========== Chrome ========== CHR - homepage: http://www.google.com CHR - homepage: http://www.google.com CHR - Extension: Google Drive = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/12/07 17:24:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (A Youtube Downloader Free) - {c0415407-4ed2-48e1-900e-ee869abdd1f3} - C:\Documents and Settings\Owner\A Youtube Downloader Free.dll (HotSummerWind Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (A Youtube Downloader Free) - {c0415407-4ed2-48e1-900e-ee869abdd1f3} - C:\Documents and Settings\Owner\A Youtube Downloader Free.dll (HotSummerWind Software) O4 - HKLM..\Run: [A Youtube Downloader Free_Helper] C:\Program Files\A Youtube Downloader Free\A Youtube Downloader Free_Helper.exe () O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe () O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [indexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [iSUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [ModPS2] C:\WINDOWS\ModPS2Key.exe (Chicony) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDF7 Registry Controller] C:\Program Files\Nuance\PDF Create 7\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFCreHook] C:\Program Files\Nuance\PDF Create 7\PdfCreate7Hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFProHook] C:\Program Files\Nuance\PDF Viewer Plus\PdfPro7Hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PPort14reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [showWnd] C:\WINDOWS\ShowWnd.exe () O4 - HKLM..\Run: [VERIZONDM] C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp officejet v series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\IOGEAR_802.11g_Utility\ZDWlan.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Append to existing PDF file - C:\Program Files\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Create PDF file - C:\Program Files\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Open with PDF Viewer 7 - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79FA29D3-2724-4F82-866D-7B62D3F3C634}: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/05/06 19:38:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/12/11 23:06:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Program Files\OTL.exe [2012/12/09 23:10:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012/12/09 17:46:31 | 000,000,000 | ---D | C] -- C:\ComboFix [2012/12/08 16:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2012/12/07 23:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012/12/07 17:14:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012/12/07 17:14:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012/12/07 17:14:55 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012/12/07 17:14:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012/12/07 17:14:09 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/12/07 08:33:39 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr [2012/12/05 21:04:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage [2012/12/04 08:07:04 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe [2012/12/03 13:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\EUSING~1 [2012/12/02 22:04:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\DriverCure [2012/12/02 22:04:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ParetoLogic [2012/12/02 22:04:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic [2012/12/02 09:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\A Youtube Downloader Free [2012/09/27 17:40:26 | 000,447,488 | ---- | C] (HotSummerWind Software) -- C:\Documents and Settings\Owner\A Youtube Downloader Free.dll [2012/01/14 20:22:39 | 000,048,128 | ---- | C] (DBS GmbH, Bremen-Germany) -- C:\Program Files\WNDTLS32.DLL [2012/01/14 20:22:38 | 000,605,184 | ---- | C] (DFL Software, Inc.) -- C:\Program Files\LLI32.DLL [2012/01/14 20:22:38 | 000,238,080 | ---- | C] (DBS GmbH) -- C:\Program Files\TX4OLE.OCX [2012/01/14 20:22:38 | 000,173,568 | ---- | C] (DFL Software, Inc.) -- C:\Program Files\LLO32.DLL [2012/01/14 20:22:38 | 000,066,560 | ---- | C] (DBS GmbH) -- C:\Program Files\TXTLS32.DLL [2011/10/20 13:45:33 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys ========== Files - Modified Within 30 Days ========== [2012/12/12 09:24:54 | 000,023,145 | ---- | M] () -- C:\Documents and Settings\Owner\config.cfg [2012/12/12 09:24:54 | 000,000,034 | ---- | M] () -- C:\Program Files\Mozilla Firefoxoverride.ini [2012/12/12 09:24:50 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\TEMP [2012/12/12 09:13:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/12/12 08:10:20 | 000,153,600 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/12/11 23:06:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Program Files\OTL.exe [2012/12/11 21:31:06 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2012/12/11 11:45:53 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job [2012/12/11 11:45:51 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics BoostSpeed Integrator Start On Windows Logon.job [2012/12/11 11:45:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/12/11 11:45:34 | 1064,882,176 | -HS- | M] () -- C:\hiberfil.sys [2012/12/10 23:22:03 | 000,545,819 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\adwcleaner.exe [2012/12/09 23:11:50 | 000,000,627 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk [2012/12/09 17:45:35 | 000,000,909 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to ComboFix.lnk [2012/12/07 17:24:03 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012/12/07 17:12:50 | 000,001,674 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk [2012/12/07 08:33:55 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr [2012/12/07 07:04:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012/12/06 22:22:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/12/05 21:41:24 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/12/05 21:00:28 | 000,681,984 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CKScanner.exe [2012/12/04 21:09:00 | 000,000,097 | ---- | M] () -- C:\Documents and Settings\Owner\default.pls [2012/12/04 21:08:57 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012/12/04 20:43:33 | 000,806,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/12/04 09:31:48 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2012/12/04 08:07:38 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe [2012/12/03 11:14:50 | 067,655,385 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Firefox 16.0.2 (en-US) - 2012-12-03.pcv [2012/11/27 15:17:21 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/11/27 15:17:20 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat ========== Files Created - No Company Name ========== [2012/12/10 23:22:02 | 000,545,819 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\adwcleaner.exe [2012/12/09 23:11:50 | 000,000,627 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk [2012/12/09 17:45:35 | 000,000,909 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to ComboFix.lnk [2012/12/07 17:14:55 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012/12/07 17:14:55 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012/12/07 17:14:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012/12/07 17:14:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012/12/07 17:14:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012/12/07 17:12:50 | 000,001,674 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk [2012/12/05 21:00:27 | 000,681,984 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CKScanner.exe [2012/12/03 11:13:16 | 067,655,385 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Firefox 16.0.2 (en-US) - 2012-12-03.pcv [2012/12/02 09:47:07 | 000,023,145 | ---- | C] () -- C:\Documents and Settings\Owner\config.cfg [2012/12/02 09:23:42 | 000,000,034 | ---- | C] () -- C:\Program Files\Mozilla Firefoxoverride.ini [2012/10/27 19:48:13 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll [2012/10/19 19:19:34 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI [2012/10/17 12:42:59 | 000,524,208 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2012/09/27 17:40:26 | 000,046,060 | ---- | C] () -- C:\Documents and Settings\Owner\A Youtube Downloader Free.xpi [2012/06/27 15:56:15 | 000,013,076 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat [2012/06/27 15:55:53 | 000,017,944 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat [2012/06/27 15:55:52 | 004,022,504 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe [2012/06/06 22:21:29 | 000,000,062 | ---- | C] () -- C:\WINDOWS\PPDeskVw.INI [2012/05/02 19:49:38 | 000,000,448 | ---- | C] () -- C:\WINDOWS\label.ini [2012/04/17 16:14:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP [2012/01/14 20:22:40 | 000,244,984 | ---- | C] () -- C:\Program Files\TUTIL32.DLL [2012/01/14 20:22:38 | 000,314,880 | ---- | C] () -- C:\Program Files\TX32.DLL [2011/11/20 22:00:26 | 000,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI [2011/10/29 22:40:38 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe [2011/10/29 22:40:37 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll [2011/10/29 22:40:37 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL [2011/10/25 07:56:41 | 000,017,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\CCDECODE.sys [2011/10/25 07:54:22 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2011/10/21 09:51:23 | 000,153,600 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/10/21 09:12:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011/10/21 08:36:31 | 000,000,070 | ---- | C] () -- C:\WINDOWS\iltwain.ini [2011/10/21 08:02:52 | 000,000,097 | ---- | C] () -- C:\Documents and Settings\Owner\default.pls [2011/10/21 08:02:38 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2011/10/20 17:24:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2011/10/20 11:20:38 | 000,716,470 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate [2011/10/19 17:26:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2011/10/19 17:24:01 | 000,547,840 | ---- | C] () -- C:\WINDOWS\zHotkey.exe [2011/10/19 17:24:01 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll [2011/10/19 17:24:01 | 000,036,864 | ---- | C] () -- C:\WINDOWS\ShowWnd.exe [2011/10/19 17:24:01 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll [2011/10/19 17:23:35 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll [2011/10/19 16:53:14 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT [2011/10/19 14:09:24 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2011/10/19 14:09:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2011/10/19 14:09:09 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2011/10/19 14:09:08 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2011/10/19 14:09:04 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2011/10/19 14:08:59 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2011/10/19 14:08:53 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2011/10/19 14:08:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2011/10/19 14:08:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2011/10/19 14:07:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2011/10/19 14:06:27 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2011/08/13 12:13:10 | 000,034,326 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI ========== ZeroAccess Check ========== [2006/05/06 19:44:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2006/10/23 10:34:22 | 001,497,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2004/08/04 14:00:00 | 000,472,064 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2004/08/04 14:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011/10/30 17:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software [2011/11/20 22:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FirstClass [2012/06/06 22:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance [2012/12/02 22:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic [2012/06/06 22:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2012/04/04 13:29:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2012/10/17 11:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom [2011/11/05 10:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk [2011/10/21 13:01:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent [2012/06/06 14:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zeon [2011/10/19 17:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3} [2011/10/25 07:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B7A015B7-4802-4678-8CEC-700380BA9AFD} [2012/03/12 01:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.minecraft [2012/06/06 22:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.oit [2012/03/26 19:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Auslogics [2012/03/05 08:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DDMSettings [2012/01/15 00:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DeepBurner [2012/12/02 22:04:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DriverCure [2012/10/29 15:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Forte [2011/10/21 09:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FUJIFILM [2012/09/07 07:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FVD Suite [2012/09/12 08:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GlarySoft [2012/10/29 16:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GrabIt [2012/05/31 19:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Musicmatch [2012/06/06 14:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nuance [2012/06/24 15:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OverDrive [2012/12/02 22:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ParetoLogic [2011/10/19 17:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView [2012/10/27 19:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab [2012/04/04 10:55:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TechWizard [2011/10/31 14:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Thunderbird [2012/10/17 11:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TomTom [2012/12/03 14:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent [2012/11/28 19:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso [2012/06/06 14:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Zeon ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 88 bytes -> C:\RHDSetup.log:SummaryInformation @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD9CE1F3 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B < End of report > I appreciate your patience, but if this does not work, I think it is time to scrap this computer. I bought it cheap/used from a neighbor and do not need a computer bad enough to fight with it.

Here is the log AdwCleaner[s1]: # AdwCleaner v2.100 - Logfile created 12/11/2012 at 11:43:36 # Updated 09/12/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 2 (32 bits) # User : Owner - COMPUTER # Boot Mode : Normal # Running from : C:\Documents and Settings\Owner\desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp Folder Deleted : C:\Documents and Settings\Owner\Application Data\Application Updater Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Wajam ***** [Registry] ***** Key Deleted : HKCU\Software\Conduit Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp ***** [internet Browsers] ***** -\\ Internet Explorer v7.0.6000.16544 [OK] Registry is clean. -\\ Mozilla Firefox v17.0.1 (en-US) Profile name : default File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\prefs.js [OK] File is clean. -\\ Google Chrome v [unable to get version] File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [1606 octets] - [10/12/2012 23:38:46] AdwCleaner[s1].txt - [1554 octets] - [11/12/2012 11:43:36] ########## EOF - C:\AdwCleaner[s1].txt - [1614 octets] ##########

Restarting did not change anything. Here is the log from AdwCleaner: # AdwCleaner v2.100 - Logfile created 12/10/2012 at 23:38:46 # Updated 09/12/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 2 (32 bits) # User : Owner - COMPUTER # Boot Mode : Normal # Running from : C:\Documents and Settings\Owner\desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Documents and Settings\Owner\Application Data\Application Updater Folder Found : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp Folder Found : C:\Documents and Settings\Owner\Local Settings\Application Data\Wajam ***** [Registry] ***** Key Found : HKCU\Software\Conduit Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Key Found : HKLM\Software\Conduit Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp ***** [internet Browsers] ***** -\\ Internet Explorer v7.0.6000.16544 [OK] Registry is clean. -\\ Mozilla Firefox v17.0.1 (en-US) Profile name : default File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\prefs.js [OK] File is clean. -\\ Google Chrome v [unable to get version] File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [1477 octets] - [10/12/2012 23:38:46] ########## EOF - C:\AdwCleaner[R1].txt - [1537 octets] ##########

My FireFox 'home' page is still http://apype.com with starburnsoftware.com in the address bar and the extra toolbar is still here(Google Custom Search, 'Save video, and 'Save mp3'). Nothing seems to have changed. Do I need to re-start the computer?

The log: ComboFix 12-12-07.01 - Owner 12/09/2012 17:47:54.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1015.360 [GMT -5:00] Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((( Files Created from 2012-11-09 to 2012-12-09 ))))))))))))))))))))))))))))))) . . 2012-12-08 21:06 . 2012-12-08 23:30 -------- d-----w- c:\program files\Mozilla Thunderbird 2012-12-07 02:37 . 2008-02-26 11:59 294912 -c----w- c:\windows\system32\dllcache\msctf.dll 2012-12-06 02:04 . 2012-12-06 02:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2012-12-03 18:58 . 2012-12-03 18:58 -------- d-----w- c:\program files\EUSING~1 2012-12-03 03:04 . 2012-12-03 03:04 -------- d-----w- c:\documents and settings\Owner\Application Data\DriverCure 2012-12-03 03:04 . 2012-12-03 03:04 -------- d-----w- c:\documents and settings\Owner\Application Data\ParetoLogic 2012-12-03 03:04 . 2012-12-03 03:11 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic 2012-12-02 14:23 . 2012-12-05 01:40 -------- d-----w- c:\program files\A Youtube Downloader Free . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-30 23:51 . 2011-10-30 22:45 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-10-30 23:51 . 2011-10-30 22:45 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-10-30 23:51 . 2011-10-30 22:45 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-10-30 23:51 . 2011-10-30 22:45 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-10-30 23:51 . 2011-10-30 22:45 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2012-10-30 23:51 . 2011-10-30 22:45 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys 2012-10-30 23:51 . 2011-10-30 22:45 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-10-30 23:51 . 2011-10-30 22:45 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2012-10-30 23:51 . 2011-10-30 22:45 41224 ----a-w- c:\windows\avastSS.scr 2012-10-30 23:50 . 2011-10-30 22:45 227648 ----a-w- c:\windows\system32\aswBoot.exe 2012-10-09 04:13 . 2012-03-28 23:31 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-09 04:13 . 2012-01-07 00:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-29 23:54 . 2012-03-26 20:52 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-24 19:32 . 2012-06-24 20:07 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-09-24 19:32 . 2011-11-08 13:35 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-24 17:51 . 2011-10-19 22:34 73728 ----a-w- c:\windows\system32\javacpl.cpl 1998-07-20 07:47 . 2012-01-15 01:22 605184 ----a-w- c:\program files\LLI32.DLL 1998-07-20 07:47 . 2012-01-15 01:22 173568 ----a-w- c:\program files\LLO32.DLL 1998-06-09 02:00 . 2012-01-15 01:22 244984 ----a-w- c:\program files\TUTIL32.DLL 1997-07-23 11:01 . 2012-01-15 01:22 314880 ----a-w- c:\program files\TX32.DLL 1997-07-21 23:11 . 2012-01-15 01:22 238080 ----a-w- c:\program files\TX4OLE.OCX 1997-07-21 07:31 . 2012-01-15 01:22 66560 ----a-w- c:\program files\TXTLS32.DLL 1997-07-21 07:22 . 2012-01-15 01:22 48128 ----a-w- c:\program files\WNDTLS32.DLL 2012-12-08 04:25 . 2012-12-08 04:24 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-08-28 247768] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CHotkey"="zHotkey.exe" [2006-11-07 547840] "ShowWnd"="ShowWnd.exe" [2005-01-27 36864] "ModPS2"="ModPS2Key.exe" [2006-11-07 53248] "RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16132608] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-11-29 58928] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2011-12-01 206120] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "PDFProHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro7hook.exe" [2011-07-01 607592] "ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\\isuspm.exe" [2010-05-21 324976] "PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2011-08-13 30568] "IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2011-08-13 46952] "PPort14reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2011-05-16 333088] "PDFCreHook"="c:\program files\Nuance\PDF Create 7\pdfcreate7hook.exe" [2011-06-28 605032] "PDF7 Registry Controller"="c:\program files\Nuance\PDF Create 7\RegistryController.exe" [2011-06-28 140136] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072] "A Youtube Downloader Free_Helper"="c:\program files\A Youtube Downloader Free\A Youtube Downloader Free_Helper.exe" [2012-09-27 1434112] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ GA311 Smart Wizard Utility.lnk - c:\program files\NETGEAR GA311 Adapter\GA311.exe [2003-12-25 270336] HPAiODevice(hp officejet v series) - 1.lnk - c:\program files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe [2002-4-25 487487] ZDWLan Utility.lnk - c:\program files\ZyDAS Technology Corporation\IOGEAR_802.11g_Utility\ZDWlan.exe [2011-10-29 487424] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 17:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" "MimBoot"=c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe "MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\VSO\\VSO Downloader\\2\\VsoDownloader.exe"= "c:\\Program Files\\FVD Suite\\FVD Downloader\\FVD Downloader.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "50000:UDP"= 50000:UDP:IHA_MessageCenter . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/30/2011 5:45 PM 738504] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/30/2011 5:45 PM 361032] R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?] R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/30/2011 5:45 PM 21256] R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/19/2012 7:44 PM 352248] R2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\drivers\LANPkt.sys [12/25/2003 6:53 PM 8440] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/18/2012 8:01 AM 399432] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/26/2012 3:53 PM 676936] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [7/15/2010 7:45 PM 35088] R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [8/13/2011 12:50 PM 138600] R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [12/1/2011 5:11 AM 206120] R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [12/1/2011 5:11 AM 185640] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/28/2012 6:41 AM 92632] R3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [12/25/2003 6:53 PM 11237] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/26/2012 3:52 PM 22856] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [10/20/2011 1:45 PM 47360] S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [6/2/2011 10:08 AM 11336] S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [10/19/2011 4:49 PM 69692] S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?] S3 xcbdaNtsc;ASUS PHC3-100 (NTSC);c:\windows\system32\drivers\xcbda.sys [10/25/2011 7:54 AM 157568] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - SYSMONLOG . Contents of the 'Scheduled Tasks' folder . 2012-12-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 04:13] . 2012-12-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57] . 2012-12-07 c:\windows\Tasks\Auslogics BoostSpeed Integrator Start On Windows Logon.job - c:\program files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe [2011-11-12 15:30] . 2012-12-09 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-01 23:50] . 2012-12-07 c:\windows\Tasks\GlaryInitialize.job - g:\program files\Glary Utilities\initialize.exe [2012-09-12 12:46] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = <local> IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML IE: Append to existing PDF file - c:\program files\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Create PDF file - c:\program files\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: Create PDF file from the content of the link - c:\program files\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: Create PDF files from the selected links - c:\program files\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Open with PDF Viewer 7 - c:\program files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\ FF - ExtSQL: 2012-10-17 13:43; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - ExtSQL: 2012-12-02 11:18; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-12-09 17:55 Windows 5.1.2600 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . . C:\avast! sandbox . scan completed successfully hidden files: 1 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(984) c:\program files\SUPERAntiSpyware\SASWINLO.dll . - - - - - - - > 'explorer.exe'(3360) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2012-12-09 17:57:30 ComboFix-quarantined-files.txt 2012-12-09 22:57 ComboFix2.txt 2012-12-07 22:26 . Pre-Run: 39,785,086,976 bytes free Post-Run: 39,771,439,104 bytes free . - - End Of File - - 0946BF20F31BED14FAC75E3F7771FF9A

I am sorry to bother you again, but there are two (2) folders, in the 'windows' section, that start with $NtServicePackUninstall. One ends with 'IDNMitigationAPI$', and the other ends with'NLSDownlevelMapping$'. Is it one of these?

My System Restore screen offers 'OK', 'Cancel', and 'Apply'. It says that it is 'Monitoring' the 'C' drive, but I do not see where I can 'make' a restore point. I'm sorry. Should I continue with the rest?

The logs are as follows: DDS:dds.txt Attach:attach.txt

Thank you. Here is the ComboFix log:log.txt

Also, my neighbor said I have 3 'drives' in this computer that did not come with it when it was new. He looked through them and said they have nothing that I need. He can remove them if that helps (He said he can clean (?) them and use them on his computer). Thanks.

I removed the 'SuperAntiSpyware' in the 'Add/Remove' area, but it left everything in the folder so I deleted everything in the folder 'except' 'SASCTXMN.DLL' and 'SASWINLO.dll'. The computer would not allow me to delete them. Without the 'SuperAntiSpyware', will people be looking in my computer? Should I buy something for that? Here are the files/logs. CKScanner: CKScanner 2.1 - Additional Security Risks - These are not necessarily bad c:\program files\emachines games\bejeweled 2 deluxe\sounds\firecrackle.ogg c:\program files\emachines games\blasterball 3\data\art\bitmaps\enemies\boss2_crack.jpg.wkz c:\program files\musicmatch\musicmatch jukebox\crypt.dll c:\program files\musicmatch\musicmatch update\mmjb\crypt.dll scanner sequence 3.CA.11.DRCPTT ----- EOF -----attach.txtdds.txt

This is a 'used' computer and I have no need for most of the software in it. Tell me which ones and how to delete them.

Here are the results. CKScanner Report: CKScanner 2.1 - Additional Security Risks - These are not necessarily bad c:\program files\emachines games\bejeweled 2 deluxe\sounds\firecrackle.ogg c:\program files\emachines games\blasterball 3\data\art\bitmaps\enemies\boss2_crack.jpg.wkz c:\program files\musicmatch\musicmatch jukebox\crypt.dll c:\program files\musicmatch\musicmatch update\mmjb\crypt.dll c:\program files\superantispyware\crack.exe c:\program files\superantispyware\crack\crack.exe c:\program files\superantispyware\crack\desktop.ini scanner sequence 3.FA.11.SHNAIO ----- EOF ----- MGA Diagnostic Report.txt

I ran the program and have the results. Thank you for your patience. TDSSKiller.2.8.15.0_04.12.2012_23.51.50_log.txt