Jump to content

Recommended Posts

Hello and Merry Christmas.

 

I've used spybot, microsoft security essentials, and malwarebytes scans. Only Malwarebytes found any threats (25), which I quarantined.

 

However, after the Malwarebytes scan, I'm still getting redirects from akamaihd.net, onlinewebfind.com, and cts.lipilextrack.com. And now a new one: go.webfind.pw

 

I think akamaihd may be the main "bad boy". I found it attached to some of my Macromedia flash folders. Microsoft Security Essentials recognizes akamai.downloads as a trojan threat, but akamaihd.net isn't included in their definitions.

 

Anything you could do to help me would be greatly appreciated.

Here are my logs:

 

DDS.txt

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.45.2
Run by Elaine at 14:23:25 on 2013-12-25
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3325.2170 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Multimedia Card Reader(6337)\ShwiconX.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\VERIZONDM\bin\sprtcmd.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Calibre Inc\xConnect\xConnect.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\MR APP\MRAPP.Event.Service.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\VERIZONDM\bin\sprtsvc.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\VERIZONDM\bin\tgsrvc.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\MR APP\MRAPP.Transfer.Service.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\MR APP\MRAPP.UI.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\PROGRA~1\CALIBR~1\xConnect\IrButler.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.

uWindow Title = Microsoft Internet Explorer provided by Verizon Online


uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081002


uProxyServer = hxxp=127.0.0.1:16110;https=127.0.0.1:16110;



BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [NVIDIA nTune] c:\program files\nvidia corporation\ntune\nTuneCmd.exe resetprofile
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [sFP] c:\program files\common files\verizon online\sfp\vzSFPWin.EXE /s
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\elaine\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [shwiconXP6377] c:\program files\multimedia card reader(6337)\ShwiconX.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [VERIZONDM] "c:\program files\verizondm\bin\sprtcmd.exe" /P VERIZONDM
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [HPHmon03] c:\windows\system32\hphmon03.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [zzzHPSETUP] F:\Setup.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunServicesOnce: [xSendReg] c:\program files\calibre inc\printconnect\xSendReg.exe PrintConnect
StartupFolder: c:\docume~1\elaine\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\elaine\startm~1\programs\startup\xconnect.lnk - c:\program files\calibre inc\xconnect\xConnect.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\lumixs~1.lnk - c:\program files\panasonic\lumixsimpleviewer\PhLeAutoRun.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\photof~1.lnk - c:\program files\common files\panasonic\photofunstudio autostart\AutoStartupService.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\photof~2.lnk - c:\program files\common files\panasonic\photofunstudio autostart\AutoStartupService.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\verizo~2.lnk - c:\program files\verizon online\supportcenter\bin\matcli.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
AppInit_DLLs= c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages =  msv1_0 nwprovau
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\progra~1\outlook express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\progra~1\outlook express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\elaine\applic~1\mozilla\firefox\profiles\mdjqifxb.default\


FF - prefs.js: keyword.enabled - false
FF - component: c:\documents and settings\elaine\application data\mozilla\firefox\profiles\mdjqifxb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\elaine\application data\mozilla\firefox\profiles\mdjqifxb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - plugin: c:\documents and settings\elaine\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\elaine\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\elaine\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\elaine\local settings\application data\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: !HIDDEN! 2009-07-01 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-6-18 214696]
R1 MpKsl826c1df0;MpKsl826c1df0;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ef44ccb2-c6a6-48bd-b229-3a591d647e53}\MpKsl826c1df0.sys [2013-12-25 40392]
R2 EventService;MR APP Event Service;c:\program files\mr app\MRAPP.Event.Service.exe [2013-12-4 31744]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2010-9-2 206120]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2012-3-10 2749736]
R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-9-8 5071712]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2010-9-2 185640]
R2 TransferService;MR APP Transfer Service;c:\program files\mr app\MRAPP.Transfer.Service.exe [2013-12-4 31232]
R3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [2013-3-6 18864]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
.
=============== Created Last 30 ================
.
2013-12-25 18:32:51    891200    ----a-w-    c:\program files\SecurityCheck.exe
2013-12-25 18:03:48    688992    ------r-    c:\program files\dds.com
2013-12-25 15:59:02    40392    ----a-w-    c:\docume~1\alluse~1\application data\microsoft\microsoft antimalware\definition updates\{ef44ccb2-c6a6-48bd-b229-3a591d647e53}\MpKsl826c1df0.sys
2013-12-24 23:01:17    7760024    ----a-w-    c:\docume~1\alluse~1\application data\microsoft\microsoft antimalware\definition updates\{ef44ccb2-c6a6-48bd-b229-3a591d647e53}\mpengine.dll
2013-12-24 16:59:28    7760024    ----a-w-    c:\docume~1\alluse~1\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-12-23 22:06:42    388608    ----a-w-    c:\program files\HijackThis.exe
2013-12-23 21:32:51    2994416    ----a-w-    c:\program files\PCHealthBoost-Setup.exe
2013-12-20 03:52:54    --------    d-----w-    c:\program files\MR APP
2013-11-28 14:24:05    --------    d-----w-    c:\program files\iPod
2013-11-28 14:24:00    --------    d-----w-    c:\program files\iTunes
2013-11-28 14:24:00    --------    d-----w-    c:\docume~1\alluse~1\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
.
==================== Find3M  ====================
.
2013-12-22 22:55:49    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-12-22 22:55:48    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-19 10:21:30    230048    ------w-    c:\windows\system32\MpSigStub.exe
2013-11-13 02:59:42    150528    ----a-w-    c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51    591360    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31    7168    ----a-w-    c:\windows\system32\xpsp4res.dll
2013-10-30 02:26:17    1879040    ----a-w-    c:\windows\system32\win32k.sys
2013-10-29 07:57:34    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-10-29 07:57:33    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-10-29 07:57:33    18944    ----a-w-    c:\windows\system32\corpol.dll
2013-10-29 07:57:33    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-10-29 00:45:02    385024    ----a-w-    c:\windows\system32\html.iec
2013-10-23 23:45:49    172032    ----a-w-    c:\windows\system32\scrrun.dll
2013-10-12 15:56:19    278528    ----a-w-    c:\windows\system32\oakley.dll
2013-10-09 13:12:48    287744    ----a-w-    c:\windows\system32\gdi32.dll
2013-10-08 12:50:41    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-10-08 12:29:36    145408    ----a-w-    c:\windows\system32\javacpl.cpl
2013-10-07 10:59:21    603136    ----a-w-    c:\windows\system32\crypt32.dll
2013-09-28 15:24:25    1409    ----a-w-    c:\windows\system32\tmpF40EC.FOT
2013-09-28 15:24:25    1409    ----a-w-    c:\windows\system32\tmpC2EDC.FOT
2013-09-28 15:24:25    1409    ----a-w-    c:\windows\system32\tmp62FDC.FOT
2013-09-28 15:24:25    1409    ----a-w-    c:\windows\system32\tmp47FDC.FOT
2013-09-28 15:24:25    1409    ----a-w-    c:\windows\system32\tmp2DFDC.FOT
2013-09-28 15:24:25    1409    ----a-w-    c:\windows\system32\tmp010EC.FOT
2013-09-27 14:53:06    214696    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
2013-09-13 21:57:10    913832    ----a-w-    c:\program files\jxpiinstall.exe
2013-07-31 01:09:36    72008    ----a-w-    c:\program files\VuzeBittorrentClientInstaller.exe
2013-07-04 21:40:00    280136    ----a-w-    c:\program files\Firefox Setup Stub 22.0.exe
2013-06-25 16:52:17    11492440    ----a-w-    c:\program files\eri_setup_109037324566.exe
2013-05-04 21:58:00    2138776    ----a-w-    c:\program files\install_flashplayer11x32au_mssa_aih.exe
2013-04-04 20:50:45    3403304    ----a-w-    c:\program files\WindowsXP-KB955704-x86-ENU.exe
2013-03-26 23:50:02    774616    ----a-w-    c:\program files\GoogleEarthPluginSetup.exe
2012-12-07 12:13:44    3461001    ----a-w-    c:\program files\raw_thumbnail_viewer.exe
2012-12-05 18:18:05    6104576    ----a-w-    c:\program files\MicrosoftCodecPack_x86.msi
2012-03-12 21:58:28    1606064    ----a-w-    c:\program files\googletalk-setup.exe
2012-03-11 02:09:12    7615784    ----a-w-    c:\program files\PenTablet_510-4.exe
2012-02-24 15:47:39    1283704    ----a-w-    c:\program files\couponprinter.exe
2012-01-27 19:42:33    1681792    ----a-w-    c:\program files\AVG_ClickNFix_178562_en_US.exe
2012-01-27 09:40:09    3968544    ----a-w-    c:\program files\avg_free_stb_all_2012_1901_cnet.exe
2011-07-16 12:51:25    1346560    ----a-w-    c:\program files\sdfv2003.exe
2011-07-06 15:35:12    3085984    ----a-w-    c:\program files\install_flash_player.exe
2010-12-25 22:52:43    7466152    ----a-w-    c:\program files\Opera_1100_en_Setup.exe
2010-12-01 17:48:31    1364522    ----a-w-    c:\program files\wrar393.exe
2010-11-24 03:27:20    7237808    ----a-w-    c:\program files\registrybooster(2).exe
2010-10-24 12:16:47    7462536    ----a-w-    c:\program files\avg_pct_stf_all_2011_22_c5.exe
2010-10-24 09:47:33    4290744    ----a-w-    c:\program files\avg_free_stb_all_2011_1136_upgrade.exe
2010-10-15 19:10:11    9422848    ----a-w-    c:\program files\VzInHomeAgentInstaller.msi
2010-09-10 16:12:24    567640    ----a-w-    c:\program files\GoogleVoiceAndVideoSetup.exe
2010-09-04 15:58:05    7493632    ----a-w-    c:\program files\Login-Recovery.exe
2010-04-05 00:29:22    835712    ----a-w-    c:\program files\cardrecovery_setup.exe
2010-02-19 15:27:55    2006621    ----a-w-    c:\program files\u9idat252zx.bin
2010-02-19 15:27:23    113488    ----a-w-    c:\program files\u9ichjw4qt.bin
2010-02-19 15:27:04    567456    ----a-w-    c:\program files\u9ifw57en.bin
2010-02-19 15:26:50    2489378    ----a-w-    c:\program files\x8all279kj.bin
2010-02-19 15:07:46    64213381    ----a-w-    c:\program files\w9all733vq.bin
2010-02-19 14:37:01    56173018    ----a-w-    c:\program files\u9iavi2697mh.bin
2010-02-19 14:26:32    6685013    ----a-w-    c:\program files\u7avi18567.bin
2009-04-01 03:05:31    16883056    ----a-w-    c:\program files\IE8-WindowsXP-x86-ENU.exe
2008-11-12 15:46:14    2020680    ----a-w-    c:\program files\setupKodakforIEupload.exe
2008-10-15 13:34:47    22380328    ----a-w-    c:\program files\SkypeSetup.exe
2008-10-11 11:22:39    4540161    ----a-w-    c:\program files\PS_41.exe
2008-10-11 08:35:28    15083520    ----a-w-    c:\program files\spybotsd160.exe
2007-03-01 07:29:43    126976    ----a-w-    c:\program files\asneu.dll
2000-10-12 15:39:02    1023143    ----a-w-    c:\program files\fo-ec4.exe
1997-11-21 13:14:00    8844185    ----a-w-    c:\program files\homesite3_dw.exe
.
============= FINISH: 14:28:41.04 ===============
 

attach.txt

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/8/2008 10:38:53 PM
System Uptime: 12/25/2013 10:57:18 AM (4 hours ago)
.
Motherboard: Dell Inc |  | 0PP150
Processor: Intel Pentium III Xeon processor | Socket 775 | 3000/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 456 GiB total, 416.615 GiB free.
D: is FIXED (NTFS) - 298 GiB total, 142.841 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ROOT\LEGACY_AGPCPQ\SOFTWARE
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_AGPCPQ\SOFTWARE
Service:
.
==== System Restore Points ===================
.
RP1550: 9/27/2013 7:51:07 AM - Software Distribution Service 3.0
RP1551: 9/28/2013 7:52:09 AM - Software Distribution Service 3.0
RP1552: 9/29/2013 1:58:36 AM - Software Distribution Service 3.0
RP1553: 9/29/2013 7:51:52 AM - Software Distribution Service 3.0
RP1554: 9/30/2013 7:51:33 AM - Software Distribution Service 3.0
RP1555: 10/1/2013 7:51:12 AM - Software Distribution Service 3.0
RP1556: 10/2/2013 7:50:52 AM - Software Distribution Service 3.0
RP1557: 10/3/2013 7:50:56 AM - Software Distribution Service 3.0
RP1558: 10/4/2013 7:50:56 AM - Software Distribution Service 3.0
RP1559: 10/5/2013 7:51:02 AM - Software Distribution Service 3.0
RP1560: 10/6/2013 1:44:59 AM - Software Distribution Service 3.0
RP1561: 10/6/2013 6:48:08 PM - Software Distribution Service 3.0
RP1562: 10/7/2013 6:47:34 PM - Software Distribution Service 3.0
RP1563: 10/8/2013 6:49:22 PM - Software Distribution Service 3.0
RP1564: 10/9/2013 6:50:51 PM - Software Distribution Service 3.0
RP1565: 10/10/2013 6:50:24 PM - Software Distribution Service 3.0
RP1566: 10/11/2013 3:00:17 AM - Software Distribution Service 3.0
RP1567: 10/12/2013 3:34:14 AM - System Checkpoint
RP1568: 10/12/2013 3:41:47 AM - Software Distribution Service 3.0
RP1569: 10/13/2013 1:33:46 AM - Software Distribution Service 3.0
RP1570: 10/13/2013 3:40:24 AM - Software Distribution Service 3.0
RP1571: 10/14/2013 3:00:15 AM - Software Distribution Service 3.0
RP1572: 10/14/2013 3:40:24 AM - Software Distribution Service 3.0
RP1573: 10/15/2013 3:40:33 AM - Software Distribution Service 3.0
RP1574: 10/16/2013 3:00:14 AM - Software Distribution Service 3.0
RP1575: 10/17/2013 3:29:15 AM - Software Distribution Service 3.0
RP1576: 10/18/2013 3:28:58 AM - Software Distribution Service 3.0
RP1577: 10/19/2013 3:29:09 AM - Software Distribution Service 3.0
RP1578: 10/20/2013 2:05:55 AM - Software Distribution Service 3.0
RP1579: 10/20/2013 3:28:59 AM - Software Distribution Service 3.0
RP1580: 10/21/2013 3:28:31 AM - Software Distribution Service 3.0
RP1581: 10/22/2013 3:28:29 AM - Software Distribution Service 3.0
RP1582: 10/23/2013 3:28:40 AM - Software Distribution Service 3.0
RP1583: 10/24/2013 3:28:36 AM - Software Distribution Service 3.0
RP1584: 10/25/2013 3:29:27 AM - Software Distribution Service 3.0
RP1585: 10/26/2013 3:28:49 AM - Software Distribution Service 3.0
RP1586: 10/27/2013 2:05:39 AM - Software Distribution Service 3.0
RP1587: 10/27/2013 3:28:37 AM - Software Distribution Service 3.0
RP1588: 10/28/2013 3:28:33 AM - Software Distribution Service 3.0
RP1589: 10/29/2013 3:28:01 AM - Software Distribution Service 3.0
RP1590: 10/30/2013 3:28:03 AM - Software Distribution Service 3.0
RP1591: 10/31/2013 3:28:06 AM - Software Distribution Service 3.0
RP1592: 11/1/2013 3:27:21 AM - Software Distribution Service 3.0
RP1593: 11/2/2013 3:28:05 AM - Software Distribution Service 3.0
RP1594: 11/3/2013 2:06:36 AM - Software Distribution Service 3.0
RP1595: 11/4/2013 2:21:24 AM - System Checkpoint
RP1596: 11/4/2013 2:28:07 AM - Software Distribution Service 3.0
RP1597: 11/5/2013 2:26:51 AM - Software Distribution Service 3.0
RP1598: 11/6/2013 2:27:41 AM - Software Distribution Service 3.0
RP1599: 11/6/2013 4:58:19 PM - Installed Java 7 Update 45
RP1600: 11/7/2013 2:27:44 AM - Software Distribution Service 3.0
RP1601: 11/8/2013 2:27:37 AM - Software Distribution Service 3.0
RP1602: 11/9/2013 2:27:40 AM - Software Distribution Service 3.0
RP1603: 11/10/2013 2:06:13 AM - Software Distribution Service 3.0
RP1604: 11/11/2013 2:20:57 AM - System Checkpoint
RP1605: 11/11/2013 2:27:48 AM - Software Distribution Service 3.0
RP1606: 11/12/2013 2:27:23 AM - Software Distribution Service 3.0
RP1607: 11/13/2013 2:33:03 AM - Software Distribution Service 3.0
RP1608: 11/13/2013 3:00:18 AM - Software Distribution Service 3.0
RP1609: 11/14/2013 3:32:07 AM - Software Distribution Service 3.0
RP1610: 11/15/2013 3:31:58 AM - Software Distribution Service 3.0
RP1611: 11/16/2013 3:31:55 AM - Software Distribution Service 3.0
RP1612: 11/17/2013 1:58:51 AM - Software Distribution Service 3.0
RP1613: 11/18/2013 10:51:23 AM - System Checkpoint
RP1614: 11/19/2013 11:25:17 AM - System Checkpoint
RP1615: 11/20/2013 12:25:17 PM - System Checkpoint
RP1616: 11/21/2013 12:45:44 PM - System Checkpoint
RP1617: 11/22/2013 3:00:14 AM - Software Distribution Service 3.0
RP1618: 11/22/2013 3:12:31 AM - Software Distribution Service 3.0
RP1619: 11/23/2013 3:12:26 AM - Software Distribution Service 3.0
RP1620: 11/24/2013 1:59:48 AM - Software Distribution Service 3.0
RP1621: 11/24/2013 3:11:54 AM - Software Distribution Service 3.0
RP1622: 11/25/2013 3:12:35 AM - Software Distribution Service 3.0
RP1623: 11/26/2013 3:12:02 AM - Software Distribution Service 3.0
RP1624: 11/27/2013 3:12:00 AM - Software Distribution Service 3.0
RP1625: 11/28/2013 3:12:04 AM - Software Distribution Service 3.0
RP1626: 11/29/2013 3:11:58 AM - Software Distribution Service 3.0
RP1627: 11/30/2013 3:11:53 AM - Software Distribution Service 3.0
RP1628: 12/1/2013 1:59:33 AM - Software Distribution Service 3.0
RP1629: 12/2/2013 2:24:20 AM - System Checkpoint
RP1630: 12/2/2013 3:11:21 AM - Software Distribution Service 3.0
RP1631: 12/3/2013 3:11:20 AM - Software Distribution Service 3.0
RP1632: 12/4/2013 3:11:15 AM - Software Distribution Service 3.0
RP1633: 12/5/2013 3:11:14 AM - Software Distribution Service 3.0
RP1634: 12/6/2013 3:11:20 AM - Software Distribution Service 3.0
RP1635: 12/7/2013 3:12:07 AM - Software Distribution Service 3.0
RP1636: 12/8/2013 1:59:04 AM - Software Distribution Service 3.0
RP1637: 12/8/2013 3:10:50 AM - Software Distribution Service 3.0
RP1638: 12/9/2013 3:10:44 AM - Software Distribution Service 3.0
RP1639: 12/10/2013 3:10:57 AM - Software Distribution Service 3.0
RP1640: 12/11/2013 3:11:55 AM - Software Distribution Service 3.0
RP1641: 12/12/2013 3:00:18 AM - Software Distribution Service 3.0
RP1642: 12/12/2013 3:31:30 AM - Software Distribution Service 3.0
RP1643: 12/13/2013 3:00:18 AM - Software Distribution Service 3.0
RP1644: 12/13/2013 3:32:29 AM - Software Distribution Service 3.0
RP1645: 12/14/2013 3:32:14 AM - Software Distribution Service 3.0
RP1646: 12/15/2013 2:01:29 AM - Software Distribution Service 3.0
RP1647: 12/15/2013 3:32:14 AM - Software Distribution Service 3.0
RP1648: 12/16/2013 3:32:37 AM - Software Distribution Service 3.0
RP1649: 12/17/2013 3:32:17 AM - Software Distribution Service 3.0
RP1650: 12/18/2013 3:31:58 AM - Software Distribution Service 3.0
RP1651: 12/19/2013 3:32:05 AM - Software Distribution Service 3.0
RP1652: 12/20/2013 3:32:25 AM - Software Distribution Service 3.0
RP1653: 12/21/2013 3:32:41 AM - Software Distribution Service 3.0
RP1654: 12/22/2013 2:01:43 AM - Software Distribution Service 3.0
RP1655: 12/22/2013 4:33:22 PM - Software Distribution Service 3.0
RP1656: 12/22/2013 5:45:21 PM - Malware trouble
RP1657: 12/22/2013 5:51:24 PM - Restore Operation
RP1658: 12/23/2013 6:02:03 PM - Software Distribution Service 3.0
RP1659: 12/24/2013 11:59:26 AM - Software Distribution Service 3.0
RP1660: 12/24/2013 6:01:16 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Photoshop Lightroom
Adobe Reader XI (11.0.05)
Adobe Stock Photos 1.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
Auslogics DiskDefrag
Avery DesignPro
AVG PC Tuneup 2011
Bonjour
Browser Address Error Redirector
CardRecovery 5.30
CCleaner
Core FTP LE 2.1
Coupon Printer for Windows
Dell Support Center
Dell System Restore
Dell Video Chat (remove only)
Documentation & Support Launcher
Driver Detective
Dynex mini card reader
e-Rewards Notify
ExtractNow
Eye Candy 4000
G-Force
Games, Music, & Photos Launcher
Google Desktop
Google Earth Plug-in
Google Talk (remove only)
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB942288-v3)
hp photosmart printer series (Remove only)
HP Precisionscan Pro 3.1
HP Share-to-Web
Internet Service Offers Launcher
iTunes
Java 7 Update 45
Java Auto Updater
KODAK Gallery Upload Software
LUMIX Simple Viewer
MagicDisc 2.7.101
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Security Client
Microsoft Security Essentials
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSN
MSXML 6.0 Parser (KB927977)
Musicmatch for Windows Media Player
Nikon Scan
NVIDIA Drivers
NVIDIA Performance
NVIDIA System Monitor
OpenOffice 4.0.0
Opera 11.00
Pen Tablet
PHOTOfunSTUDIO -viewer-
PHOTOfunSTUDIO 6.2 HD Edition
PHOTOfunSTUDIO 8.3 PE
PowerDVD DX
PrintConnect
QuickTime
RAW Thumbnail Viewer
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
SDFormatter
SearchAssist
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB950759)
Seesmic Desktop
SILKYPIX Developer Studio 2.0 SE
Skype Click to Call
Skype™ 6.11
Spreadtweet2007
Spybot - Search & Destroy
TeamViewer 8
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB951978)
Update for Windows XP (KB971029)
Verizon Download Manager
Verizon Online Support Center
Vz In Home Agent
WebFldrs XP
weDownload Manager
WhiteCap
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Presentation Foundation
WinPatrol
WinRAR archiver
xConnect
XML Paper Specification Shared Components Pack 1.0
Yahoo! Install Manager
.
==== End Of File ===========================
 

Link to post
Share on other sites

Hello elaineh and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please uninstall this application: Coupon Printer for Windows

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
Step 4
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
Link to post
Share on other sites

Coupon printer for windows uninstalled.

 

___________________________________________________________________________________________

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by Elaine on Thu 12/26/2013 at 19:57:15.14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services


~~~ Registry Values


~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}


~~~ Files


~~~ Folders


~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\Elaine\Application Data\mozilla\firefox\profiles\mdjqifxb.default\user.js
Successfully deleted: [Folder] C:\Documents and Settings\Elaine\Application Data\mozilla\firefox\profiles\mdjqifxb.default\extensions\0c3e9649-324d-4df0-a61e-7ac31aead042@2612bb82-5f8a-49b2-a299-348e707310fc.com
Successfully deleted the following from C:\Documents and Settings\Elaine\Application Data\mozilla\firefox\profiles\mdjqifxb.default\prefs.js


user_pref("Smartbar.ConduitSearchEngineList", "");
user_pref("Smartbar.ConduitSearchUrlList", "");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
user_pref("Smartbar.keywordURLSelectedCTID", "CT3290538");

user_pref("browser.search.defaultthis.engineName", "SafeMonitor Bar 3 Customized Web Search");


user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.cookie.CrossriderNotifier_channels.expiration", "Fri Feb 01 2030 00:00:00
user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.cookie.CrossriderNotifier_channels.value", "%7B%22app0%22%3A%22app0%22%2C
user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.cookie.CrossriderNotifier_css.expiration", "Fri Dec 27 2013 12:16:32 GMT-
user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.cookie.CrossriderNotifier_css.value", "%22.%25CSSClass%25%20%7B%5Cn%5Ctdi
user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.cookie.CrossriderNotifier_geolocation.expiration", "Thu Jan 02 2014 19:07
user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.cookie.CrossriderNotifier_geolocation.value", "%22US%22");
user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.cookie.CrossriderNotifier_metadata.expiration", "Thu Dec 26 2013 20:31:29
user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.cookie.CrossriderNotifier_metadata.value", "%7B%22appId%22%3A34344%2C%22a
user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.description", "Enhance your search results with direct download links and
user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.internaldb.Resources_meta.value", "%7B%22extension.css%22%3A%7B%22id%22%3
user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.internaldb.Resources_resource_335479.value", "%22.crossrider-nofity-34345
user_pref("extensions.crossrider.bic", "140e024653688d313d0b106ec94f27d7");
user_pref("extensions.dynconff.JS.3161502D.805898964 friends", "%7B%221677515146%22%3A%7B%22uid%22%3A1677515146%2C%22photo%22%3A%22hxxp%3A//profile.ak.fbcdn.net/hprofile-ak-as
user_pref("extensions.dynconff.JS.CD1C3ECF.805898964 friends", "%7B%221677515146%22%3A%7B%22uid%22%3A1677515146%2C%22photo%22%3A%22hxxp%3A//profile.ak.fbcdn.net/hprofile-ak-as
user_pref("extensions.dynconff.cache.d11vdn9ox0j18d.cloudfront.net.content", "<package expire=\"3600\" es=\"914\" pcdids=\"v51_1164_1169_1146_1348_1427_1482_1493\"><content id
user_pref("extensions.dynconff.cache.deathnotices.michigan.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"v51_1164_1169_1479_1146_1348_1427_1480_1482_1493\"><cont
user_pref("extensions.dynconff.cache.mail.google.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"v51_1164_1169_1146_1348_1427_1482_1493\"><content id=\"puConfig_20
user_pref("extensions.dynconff.cache.news.liveandinvestoverseas.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"v51_1164_1169_1479_1146_1348_1427_1480_1482_1493\">
user_pref("extensions.dynconff.cache.safemonitorbar3.ourtoolbar.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"v51_1164_1169_1479_1146_1348_1427_1480_1482_1493\">
user_pref("extensions.dynconff.cache.vsjcxomm.bounceme.net.content", "<package expire=\"3600\" es=\"914\" pcdids=\"v51_1164_1169_1479_1146_1348_1427_1480_1482_1493\"><content
user_pref("extensions.dynconff.cache.www.bing.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"v51_1164_1246_1169_1146_1247_1348_1427_1482_1493\"><content id=\"puCo
user_pref("extensions.dynconff.cache.www.e-miles.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"v51_1164_1169_1479_1146_1348_1427_1480_1482_1493\"><content id=\"p
user_pref("extensions.dynconff.cache.www.e-rewards.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"v51_1164_1169_1479_1146_1348_1427_1480_1482_1493\"><content id=\
user_pref("extensions.dynconff.cache.www.google.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"v51_1164_1169_1146_1348_1427_1482_1493\"><content id=\"puConfig_205
user_pref("extensions.dynconff.cache.www.ifaw.org.content", "<package expire=\"3600\" es=\"914\" pcdids=\"v51_1164_1169_1479_1146_1348_1427_1480_1482_1493\"><content id=\"puCo
user_pref("extensions.dynconff.cache.www.linkedin.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"v51_1164_1169_1479_1146_1348_1427_1480_1482_1493\"><content id=\"

user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", "");
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2013100419");
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "^HJ^xdm003^YYA^us");
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "CLan3fev_rkCFYWd4Aod8CIAqw");
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.toolbarId", "85464FB8-735B-4292-9FCA-F440FC596E47");
user_pref("extensions.toolbar.mindspark._4zMembers_.lastActivePing", "1381206051361");
user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", false);
user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", false);
user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", false);
user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", false);
user_pref("extensions.toolbar.mindspark._4zMembers_.searchHistory", "Unmanned aircraft||Unmanned aircraft: technology and internet conn||Within Temptation ft. Tarja");
user_pref("extensions.toolbar.mindspark._4zMembers_.weather.location", "10001");
user_pref("extensions.toolbar.mindspark.lastInstalled", "videodownloadconverter@mindspark.com");






user_pref("google.toolbar.search-icon", "data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7PT7/3zF6/9Ptu//RbHx/


user_pref("google.toolbar.trseenlist", "j5ul8WWkHbceR0HCsU5ZAQ==,1pDxX0SxXGafbvUyRZ279g==,JjoBv9/SU3QFS4mLmvLyPg==,dUmjpN0AGe4j6UXkOcF82w==,1KHiUfuU9OIFhkJ/UmiWgg==,2XxG74vy8P
user_pref("plugin.state.npconduitfirefoxplugin", 0);
user_pref("smartbar.machineId", "5FCTD9PFJZKHS2MKEKHK86CGY22LL0B1XSHAS0Y8BVIZQMFP17JDIRQIQ9IYN94FNS5PW2DUQPAPLLZJH/VH6G");
Emptied folder: C:\Documents and Settings\Elaine\Application Data\mozilla\firefox\profiles\mdjqifxb.default\minidumps [5 files]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 12/26/2013 at 19:59:37.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

________________________________________________________________________________________________

 

 

# AdwCleaner v3.016 - Report created 27/12/2013 at 02:21:45
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Elaine - MANHATTAN
# Running from : C:\Documents and Settings\Elaine\My Documents\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\open it!
Folder Deleted : C:\Program Files\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files\Mobogenie
Folder Deleted : C:\Program Files\openit
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Elaine\Local Settings\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\Elaine\Local Settings\Application Data\Mobogenie
Folder Deleted : C:\Documents and Settings\Elaine\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\Elaine\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\Elaine\Application Data\Mysearchdial
Folder Deleted : C:\Documents and Settings\Elaine\Application Data\Uniblue\SpeedUpMyPC
Folder Deleted : C:\Documents and Settings\Elaine\My Documents\Mobogenie
Folder Deleted : C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}
File Deleted : C:\Documents and Settings\All Users\Desktop\Open It!.lnk
File Deleted : C:\Documents and Settings\Elaine\Desktop\MySearchDial.url
File Deleted : C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\searchplugins\Mysearchdial.xml
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\user.js
File Deleted : C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_ScriptHelper.com/Plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D6F0AC3-0C2E-4E07-8FDA-11268AB51211}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mysearchdial
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\OpenIt Open It!
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\prefs.js ]

Line Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");
Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Line Deleted : user_pref("extensions.mysearchdial.aflt", "irmsd1202");
Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtC0E0CzyyD0CtB0D0E0EtAtDyE0CtN0D0Tzu0SyBtByCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");
Line Deleted : user_pref("extensions.mysearchdial.cr", "912696349");
Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);

Line Deleted : user_pref("extensions.mysearchdial.id", "001EC95C2DEE304C");
Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16066");
Line Deleted : user_pref("extensions.mysearchdial.instlRef", "");

Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");

Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.01:57:1");

*************************

AdwCleaner[R0].txt - [9089 octets] - [27/12/2013 02:17:17]
AdwCleaner[s0].txt - [8803 octets] - [27/12/2013 02:21:45]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8863 octets] ##########

 

______________________________________________________________________________________________

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.27.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Elaine :: MANHATTAN [administrator]

12/27/2013 2:28:42 AM
mbam-log-2013-12-27 (02-28-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237517
Time elapsed: 5 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 5
HKCR\CLSID\{6db9fdfe-b718-4962-be0c-0a5fce7f7f7b} (PUP.Optional.JumpFlip) -> Quarantined and deleted successfully.
HKCR\TypeLib\{F325945D-DAFE-4312-95D8-1913AEB1D810} (PUP.Optional.JumpFlip) -> Quarantined and deleted successfully.
HKCR\Interface\{4318395F-DFF1-48AF-B5F0-958E93D16D56} (PUP.Optional.JumpFlip) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6DB9FDFE-B718-4962-BE0C-0A5FCE7F7F7B} (PUP.Optional.JumpFlip) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites (PUP.Optional.Updater) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
C:\Documents and Settings\Elaine\Application Data\DigitalSites\UpdateProc (PUP.Optional.Updater) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elaine\Application Data\newnext.me (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elaine\Application Data\newnext.me\cache (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.

Files Detected: 7
C:\Program Files\Jump Flip\JumpFlipBHO.dll (PUP.Optional.JumpFlip) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elaine\Application Data\DigitalSites\UpdateProc\UpdateTask.exe (PUP.Optional.Updater) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elaine\Application Data\DigitalSites\UpdateProc\config.dat (PUP.Optional.Updater) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elaine\Application Data\DigitalSites\UpdateProc\prod.dat (PUP.Optional.Updater) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elaine\Application Data\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elaine\Application Data\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elaine\Application Data\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.

(end)

 

___________________________________________________________________________________________________

I had to uninstall Microsoft Security Essentials to follow your instructions. Which anti-virus program should I be using? Is there a better one?

 

As far as firewalls are concerned, I'm using the Microsoft one, and I'm also operating this computer through a Linksys router. It is my understanding (correct me if I'm wrong) that the Microsoft firewall does the same thing as a router. I had Kerio on an older computer, and I loved it. I always knew EXACTLY what was going on. Should I install a firewall on this computer and, if so, which one? If I do, do I disable the Microsoft firewall?

 

If you see anything else, please advise. Meanwhile, I'll work on the computer to see if I have any further problems. Thanks for your expert help!


 

Link to post
Share on other sites

It is the better choice in my opinion.

About a firewall, take a look here:

http://users.telenet.be/bluepatchy/miekiemoes/Links.html#Firewalls

The best in my opinion.

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

ESET scan:

 

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\weDownloadMgr11.zip    Win32/Bagle.gen.zip worm    cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinDownloadergen1.zip    Win32/Bagle.gen.zip worm    cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinDownloadergen2.zip    Win32/Bagle.gen.zip worm    cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinDownloadergen3.zip    Win32/Bagle.gen.zip worm    cleaned by deleting - quarantined
C:\Documents and Settings\Elaine\Application Data\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exe    Win32/InstallCore.AZ application    cleaned by deleting - quarantined
C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\extensions\firefox@jumpflip.net.xpi    Win32/BrowseFox.B application    deleted - quarantined
C:\Documents and Settings\Elaine\Application Data\Sun\Java\Deployment\cache\6.0\34\1e7e54e2-3f92550c    Java/TrojanDownloader.Agent.AC trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Elaine\Desktop\Setup.UnfriendFacebook.exe    multiple threats    cleaned by deleting - quarantined
C:\Documents and Settings\Elaine\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\29\2b1dfadd-186850b9    a variant of Java/Exploit.CVE-2013-2423.DZ trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Elaine\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\51\3db83733-7ef51c31    a variant of Java/JShrink.A application    cleaned by deleting - quarantined
C:\Documents and Settings\Elaine\Local Settings\Temp\is1590112554\1207074_stp\uninstaller.exe    Win32/InstallCore.AZ application    cleaned by deleting - quarantined
C:\Documents and Settings\Elaine\Local Settings\Temporary Internet Files\Content.IE5\7KR4CTYX\Setup[1].exe    multiple threats    cleaned by deleting - quarantined
C:\Documents and Settings\Elaine\My Documents\speedupmypc.exe    Win32/SpeedUpMyPC application    cleaned by deleting - quarantined
C:\Documents and Settings\Elaine\My Documents\Downloads\cbsidlm-cbsi134-Media_Player_Codec_Pack-SEO-10749065.exe    a variant of Win32/CNETInstaller.B application    cleaned by deleting - quarantined
C:\Documents and Settings\Elaine\My Documents\Downloads\ccsetup405.exe    Win32/Bundled.Toolbar.Google.D application    cleaned by deleting - quarantined
C:\Documents and Settings\Elaine\My Documents\Downloads\disk-defrag-setup.exe    Win32/MyPCBackup.A application    cleaned by deleting - quarantined
C:\Documents and Settings\Elaine\My Documents\Downloads\ReimageExpress.exe    Win32/Toolbar.Babylon.T application    cleaned by deleting - quarantined
C:\Documents and Settings\Elaine\My Documents\Downloads\ZipExtractorSetup.exe    a variant of Win32/InstallCore.D application    cleaned by deleting - quarantined
C:\Program Files\registrybooster(2).exe    a variant of Win32/RegistryBooster application    cleaned by deleting - quarantined
C:\Program Files\Jump Flip\updateJumpFlip.exe    a variant of Win32/BrowseFox.G application    cleaned by deleting - quarantined
C:\Program Files\SetupsOldComp\WebfettiSetup2.2.60.11-2.exe    a variant of Win32/Toolbar.MyWebSearch.O application    cleaned by deleting - quarantined
 

Link to post
Share on other sites

I ran Spybot again, and it came up with 8X Montera.Toolbar and 40X Toolbar.MySearchDial.

 

I then ran Malwarebytes again (full scan), and it came up with 18 threats (log below). Contrary to what the log says, I DID quarantine all threats.

 

The annoying "mysearch.avg.com" is still there when I open a new tab. What should I do next?

 

_________________________________________________________________________________________

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.28.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Elaine :: MANHATTAN [administrator]

12/28/2013 7:36:31 PM
mbam-log-2013-12-28 (19-36-31).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 357988
Time elapsed: 49 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKCR\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8} (PUP.Optional.MySearchDial.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Jump Flip (PUP.Optional.JumpFlip.A) -> No action taken.
HKCU\Software\Jump Flip (PUP.Optional.JumpFlip.A) -> No action taken.
HKCU\SOFTWARE\MYSEARCHDIAL (PUP.Optional.MySearchDial.A) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\Update Jump Flip (PUP.Optional.JumpFlip.A) -> No action taken.
HKLM\Software\Jump Flip (PUP.Optional.JumpFlip.A) -> No action taken.

Registry Values Detected: 1
HKCU\Software\mysearchdial|TM (PUP.Optional.MySearchDial.A) -> Data: 0131 -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Program Files\Jump Flip (PUP.Optional.JumpFlip.A) -> No action taken.

Files Detected: 10
C:\Documents and Settings\Elaine\Local Settings\Temp\is1590112554\1206914_stp\JumpFlipSetup.exe (PUP.Optional.JumpFlip.A) -> No action taken.
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1665\A0079060.dll (PUP.Optional.MySearchDial.A) -> No action taken.
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1665\A0079061.dll (PUP.Optional.MySearchDial.A) -> No action taken.
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1665\A0079062.exe (PUP.Optional.MySearchDial.A) -> No action taken.
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1665\A0079063.dll (PUP.Optional.MySearchDial.A) -> No action taken.
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1665\A0079066.dll (PUP.Optional.MySearchDial.A) -> No action taken.
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1665\A0079076.exe (PUP.Optional.JumpFlip.A) -> No action taken.
C:\Program Files\Jump Flip\JumpFlip.ico (PUP.Optional.JumpFlip.A) -> No action taken.
C:\Program Files\Jump Flip\JumpFlipUninstall.exe (PUP.Optional.JumpFlip.A) -> No action taken.
C:\Program Files\Jump Flip\updateJumpFlip.InstallState (PUP.Optional.JumpFlip.A) -> No action taken.

(end)
 

Link to post
Share on other sites

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
Link to post
Share on other sites

Here are the results from the OTC scan.

 

OTL logfile created on: 12/29/2013 4:07:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Elaine\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.25 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 73.54% Memory free
5.09 Gb Paging File | 4.30 Gb Available in Paging File | 84.53% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 455.94 Gb Total Space | 416.39 Gb Free Space | 91.33% Space Free | Partition Type: NTFS
Drive D: | 298.08 Gb Total Space | 142.84 Gb Free Space | 47.92% Space Free | Partition Type: NTFS
 
Computer Name: MANHATTAN | User Name: Elaine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/12/29 16:04:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elaine\Desktop\OTL.exe
PRC - [2013/12/04 09:41:48 | 000,082,432 | ---- | M] (Microsoft) -- C:\Program Files\MR APP\MRAPP.UI.exe
PRC - [2013/12/04 09:41:48 | 000,031,744 | ---- | M] (Digital Market Research Apps Pty Ltd) -- C:\Program Files\MR APP\MRAPP.Event.Service.exe
PRC - [2013/12/04 09:41:10 | 000,031,232 | ---- | M] (Digital Market Research Apps Pty Ltd) -- C:\Program Files\MR APP\MRAPP.Transfer.Service.exe
PRC - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/10/08 07:48:23 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/09/04 21:09:20 | 000,441,408 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2013/09/02 09:29:08 | 005,071,712 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012/06/26 20:51:50 | 000,230,576 | ---- | M] (Panasonic Corporation) -- C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
PRC - [2009/04/02 16:33:16 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/05 14:48:06 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files\Multimedia Card Reader(6337)\ShwiconX.exe
PRC - [2008/12/11 10:12:00 | 000,159,528 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
PRC - [2008/12/11 10:11:30 | 002,749,736 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe
PRC - [2008/07/13 20:21:46 | 000,565,248 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/15 13:31:58 | 000,155,648 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2008/01/03 16:57:52 | 000,184,864 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvraidservice.exe
PRC - [2007/01/01 16:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2005/11/14 10:25:02 | 000,057,344 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
PRC - [2001/10/25 09:55:01 | 000,196,608 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
PRC - [2001/10/25 09:55:00 | 000,311,296 | R--- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon03.exe
PRC - [2001/10/25 09:54:58 | 000,077,824 | ---- | M] (HP) -- C:\WINDOWS\system32\hphipm09.exe
PRC - [2000/08/03 15:52:22 | 000,294,912 | ---- | M] (Calibre Inc.) -- C:\Program Files\Calibre Inc\xConnect\IrButler.exe
PRC - [2000/07/28 10:47:18 | 001,593,344 | ---- | M] (Calibre Inc.) -- C:\Program Files\Calibre Inc\xConnect\xConnect.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/10/11 02:18:09 | 001,142,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\0991480e062731a80dfb4da63488f901\System.ServiceModel.Discovery.ni.dll
MOD - [2013/10/11 02:17:12 | 000,194,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\1878788a385cb23b2a43f04c1e984da5\System.ComponentModel.DataAnnotations.ni.dll
MOD - [2013/10/11 02:08:07 | 018,109,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\1fcda1de189b146359ef01bc4a6ded4a\System.ServiceModel.ni.dll
MOD - [2013/10/11 02:06:53 | 001,021,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\9c1d0ae97ff2771c17212cd15d8c9831\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/10/11 02:06:53 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\e079ea2aa0a75d81c20998a6419643ff\System.Xml.Linq.ni.dll
MOD - [2013/10/11 02:06:50 | 002,658,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\b5faab90a38802d89ccf6f9ac4bff440\System.Runtime.Serialization.ni.dll
MOD - [2013/10/11 02:02:28 | 018,003,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1934369c96e549961e8b10309e4d7123\PresentationFramework.ni.dll
MOD - [2013/10/11 02:02:21 | 013,199,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll
MOD - [2013/10/11 02:02:14 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\c82e4e18d91c1cbf11342da73c7845a6\PresentationCore.ni.dll
MOD - [2013/10/11 02:02:09 | 006,813,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\7294cfff4c5922b56ee89a6879ae8eef\System.Data.ni.dll
MOD - [2013/10/11 02:02:04 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\75d88257b5bc5a5d15dd4c37d8bb18bd\System.Core.ni.dll
MOD - [2013/10/11 02:02:04 | 003,858,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\e85c48d2567765f4153ee2af6c50dba3\WindowsBase.ni.dll
MOD - [2013/10/11 02:01:59 | 001,014,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll
MOD - [2013/08/14 05:08:45 | 000,626,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Messaging\aa1f40fa6634003f0d2637cea7e18131\System.Messaging.ni.dll
MOD - [2013/08/14 05:08:44 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7bf3e4deef4483205017aa7b13194845\System.ServiceProcess.ni.dll
MOD - [2013/08/14 05:07:26 | 001,801,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\4d277a8481c203a35c58bd277a2e71df\System.Xaml.ni.dll
MOD - [2013/08/14 05:07:23 | 000,143,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\d083ee23a4c0d8cf76ae9e95e52d0388\SMDiagnostics.ni.dll
MOD - [2013/08/14 05:07:21 | 001,218,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\6c422db78c17838c3eb9f9fcc01ca63f\System.Management.ni.dll
MOD - [2013/08/14 05:07:04 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\102014a4f570b1dc944ff7eb8e1c6e2b\System.Transactions.ni.dll
MOD - [2013/08/14 02:07:56 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/08/14 02:07:53 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e2d3740c10f91e2676570dcc3be6680e\PresentationFramework.Luna.ni.dll
MOD - [2013/08/14 02:07:48 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
MOD - [2013/08/14 02:07:33 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/07/15 12:29:04 | 000,620,718 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2013/07/11 02:15:34 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2012/10/11 21:56:46 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/10/11 21:56:22 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/04/14 07:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 07:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2002/07/04 08:38:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\Software Suite\PhotoImpression 5\Share\PIHook.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe -- (vToolbarUpdater17.2.0)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Jump Flip\updateJumpFlip.exe -- (Update Jump Flip)
SRV - [2013/12/22 17:55:49 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/20 08:35:54 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/04 09:41:48 | 000,031,744 | ---- | M] (Digital Market Research Apps Pty Ltd) [Auto | Running] -- C:\Program Files\MR APP\MRAPP.Event.Service.exe -- (EventService)
SRV - [2013/12/04 09:41:10 | 000,031,232 | ---- | M] (Digital Market Research Apps Pty Ltd) [Auto | Running] -- C:\Program Files\MR APP\MRAPP.Transfer.Service.exe -- (TransferService)
SRV - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/10/08 07:48:23 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/02 09:29:08 | 005,071,712 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2008/12/11 10:11:30 | 002,749,736 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2008/10/02 15:40:42 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/01/15 13:31:58 | 000,155,648 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2001/10/25 09:54:58 | 000,077,824 | ---- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\system32\hphipm09.exe -- (Pml Driver)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Elaine\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2013/12/26 19:23:54 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2008/10/12 16:48:03 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008/08/18 14:45:00 | 000,013,352 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2008/07/13 20:10:44 | 000,101,120 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/04/14 07:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/14 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2008/04/14 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2008/02/11 09:44:08 | 000,128,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/02/11 09:44:08 | 000,102,400 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2008/01/15 13:34:04 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2008/01/14 22:20:12 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/01/14 22:20:10 | 000,054,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/01/14 22:10:30 | 004,620,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/02/16 10:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/15 15:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2007/02/03 09:32:36 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/02/03 09:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2001/10/25 09:54:58 | 000,050,704 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hphid409.sys -- (Dot4 HPH09)
DRV - [2001/10/25 09:54:58 | 000,050,179 | R--- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hphs2k09.sys -- (Dot4Storage HPH09)
DRV - [2001/10/25 09:54:58 | 000,018,864 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hphius09.sys -- (Dot4Usb HPH09)
DRV - [2001/10/25 09:54:58 | 000,015,984 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hphipr09.sys -- (Dot4Print HPH09)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081002
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081002
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081002
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081002
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081002
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081002
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081002
IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.elainehudsonphotography.com
IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\..\SearchScopes,DefaultScope = {F913E42D-E0F1-489E-9E56-C4154E35CDD5}
IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\..\SearchScopes\{F913E42D-E0F1-489E-9E56-C4154E35CDD5}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:16110;https=127.0.0.1:16110;
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7Bb2509cd4-17cd-45ed-8146-a82af038f493%7D:2.02
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Elaine\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\Elaine\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Elaine\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/12/26 18:49:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/26 18:49:51 | 000,000,000 | ---D | M]
 
[2008/10/27 20:29:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Extensions
[2013/12/28 00:23:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\extensions
[2010/08/24 10:45:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/18 17:57:13 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/01/29 11:44:17 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2011/12/13 11:03:26 | 000,038,752 | ---- | M] () (No name found) -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\extensions\{b2509cd4-17cd-45ed-8146-a82af038f493}.xpi
[2010/09/05 12:41:41 | 000,001,449 | ---- | M] () -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\searchplugins\100-search-engines.xml
[2011/02/04 08:57:18 | 000,002,452 | ---- | M] () -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\searchplugins\definr-dictionary-search.xml
[2008/12/27 10:27:52 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\searchplugins\delicious-tag.xml
[2011/11/15 10:54:25 | 000,000,931 | ---- | M] () -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\searchplugins\dictionary.xml
[2011/11/15 10:54:41 | 000,001,633 | ---- | M] () -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\searchplugins\googletranslate.xml
[2008/12/27 10:28:35 | 000,001,750 | ---- | M] () -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\searchplugins\technorati.xml
[2011/11/15 10:55:21 | 000,001,539 | ---- | M] () -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\searchplugins\thesaurus---referencecom.xml
[2011/02/04 08:57:54 | 000,001,238 | ---- | M] () -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\searchplugins\thsrs.xml
[2013/12/20 08:35:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/12/20 08:35:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/12/20 08:35:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/20 08:35:22 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/12/20 08:35:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013/12/25 12:29:22 | 000,450,800 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    123topsearch.com
O1 - Hosts: 127.0.0.1    www.123topsearch.com
O1 - Hosts: 127.0.0.1    132.com
O1 - Hosts: 127.0.0.1    www.132.com
O1 - Hosts: 127.0.0.1    www.136136.net
O1 - Hosts: 127.0.0.1    136136.net
O1 - Hosts: 15476 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [shwiconXP6377] C:\Program Files\Multimedia Card Reader(6337)\ShwiconX.exe (Alcor Micro Corp.)
O4 - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005..\Run: [sFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE (Verizon Internet Solutions)
O4 - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\RunServicesOnce: [xSendReg] C:\Program Files\Calibre Inc\PrintConnect\xSendReg.exe (Calibre Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk = C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO 6.2 HD Edition.lnk = C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO 8.3 PE.lnk = C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
O4 - Startup: C:\Documents and Settings\Elaine\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Documents and Settings\Elaine\Start Menu\Programs\Startup\xConnect.lnk = C:\Program Files\Calibre Inc\xConnect\xConnect.exe (Calibre Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\..Trusted Domains: kodakgallery.com ([www] https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CF34D27-48AA-4BDD-B5E8-C29E7A83F7A6}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Elaine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Elaine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 16:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{81038542-3245-11e2-b389-001ec95c2dee}\Shell - "" = AutoRun
O33 - MountPoints2\{81038542-3245-11e2-b389-001ec95c2dee}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{81038542-3245-11e2-b389-001ec95c2dee}\Shell\AutoRun\command - "" = H:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/12/29 16:04:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Elaine\Desktop\OTL.exe
[2013/12/27 23:15:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/12/27 23:10:41 | 002,347,384 | ---- | C] (ESET) -- C:\Documents and Settings\Elaine\Desktop\esetsmartinstaller_enu.exe
[2013/12/27 02:17:07 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/27 01:57:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elaine\.android
[2013/12/27 01:57:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elaine\Local Settings\Application Data\cache
[2013/12/27 01:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elaine\Local Settings\Application Data\genienext
[2013/12/27 01:57:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elaine\Application Data\0D0S1L2Z1P1B
[2013/12/27 01:57:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elaine\Application Data\DigitalSites
[2013/12/26 19:24:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CDB
[2013/12/26 19:24:01 | 000,037,664 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/12/26 19:02:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/12/26 19:00:43 | 001,034,531 | ---- | C] (Thisisu) -- C:\Documents and Settings\Elaine\Desktop\JRT.exe
[2013/12/26 16:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2013/12/25 13:05:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Elaine\Start Menu\Programs\Administrative Tools
[2013/12/25 13:03:48 | 000,688,992 | R--- | C] (Swearware) -- C:\Program Files\dds.com
[2013/12/23 17:06:42 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HijackThis.exe
[2013/12/20 08:35:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/12/19 22:52:54 | 000,000,000 | ---D | C] -- C:\Program Files\MR APP
[2013/12/15 14:08:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2013/07/30 20:09:32 | 000,072,008 | ---- | C] (Azureus Software, Inc.) -- C:\Program Files\VuzeBittorrentClientInstaller.exe
[2013/07/04 16:39:59 | 000,280,136 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup Stub 22.0.exe
[2013/05/04 16:58:00 | 002,138,776 | ---- | C] (Solid State Networks) -- C:\Program Files\install_flashplayer11x32au_mssa_aih.exe
[2013/04/04 15:50:42 | 003,403,304 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB955704-x86-ENU.exe
[2013/03/26 18:50:01 | 000,774,616 | ---- | C] (Google Inc.) -- C:\Program Files\GoogleEarthPluginSetup.exe
[2012/12/07 07:13:43 | 003,461,001 | ---- | C] (ArcSoft                                                     ) -- C:\Program Files\raw_thumbnail_viewer.exe
[2011/07/16 07:51:25 | 001,346,560 | ---- | C] (Matsushita Electric Industrial Co., Ltd.                     ) -- C:\Program Files\sdfv2003.exe
[2010/12/25 17:45:15 | 007,466,152 | ---- | C] (Opera Software ASA) -- C:\Program Files\Opera_1100_en_Setup.exe
[2010/09/10 11:12:24 | 000,567,640 | ---- | C] (Google Inc.) -- C:\Program Files\GoogleVoiceAndVideoSetup.exe
[2010/09/04 10:57:04 | 007,493,632 | ---- | C] (Login Recovery) -- C:\Program Files\Login-Recovery.exe
[2010/04/04 19:29:17 | 000,835,712 | ---- | C] (WinRecovery Software                                        ) -- C:\Program Files\cardrecovery_setup.exe
[2009/08/12 17:43:47 | 000,913,832 | ---- | C] (Oracle Corporation) -- C:\Program Files\jxpiinstall.exe
[2009/03/31 22:04:49 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-x86-ENU.exe
[2008/10/12 16:38:25 | 000,126,976 | ---- | C] (Adobe Systems Inc.) -- C:\Program Files\asneu.dll
[2008/10/11 06:22:26 | 004,540,161 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\PS_41.exe
[2008/10/10 16:00:24 | 003,085,984 | ---- | C] (Adobe Systems, Inc.) -- C:\Program Files\install_flash_player.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Elaine\My Documents\*.tmp files -> C:\Documents and Settings\Elaine\My Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/12/29 16:07:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/29 16:04:21 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0CA4540B-AFD1-4736-94F5-0CD014FD7E13}.job
[2013/12/29 16:04:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elaine\Desktop\OTL.exe
[2013/12/29 15:55:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2236806547-4188195164-2715391781-1005UA.job
[2013/12/29 07:07:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/28 20:55:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2236806547-4188195164-2715391781-1005Core.job
[2013/12/28 19:29:01 | 000,187,174 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/12/28 17:54:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/12/28 17:53:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/28 17:53:04 | 3487,006,720 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/27 23:10:52 | 002,347,384 | ---- | M] (ESET) -- C:\Documents and Settings\Elaine\Desktop\esetsmartinstaller_enu.exe
[2013/12/27 08:33:58 | 000,000,306 | ---- | M] () -- C:\Documents and Settings\Elaine\Application Data\mbam.context.scan
[2013/12/26 19:31:03 | 000,299,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/12/26 19:24:05 | 000,003,747 | ---- | M] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
[2013/12/26 19:23:54 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/12/26 19:16:28 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/12/26 19:00:43 | 001,034,531 | ---- | M] (Thisisu) -- C:\Documents and Settings\Elaine\Desktop\JRT.exe
[2013/12/25 22:14:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/12/25 14:22:46 | 000,002,855 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\Shortcut to dds.com.pif
[2013/12/25 13:32:51 | 000,891,200 | ---- | M] () -- C:\Program Files\SecurityCheck.exe
[2013/12/25 13:03:48 | 000,688,992 | R--- | M] (Swearware) -- C:\Program Files\dds.com
[2013/12/25 12:29:22 | 000,450,800 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/12/23 17:06:42 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\HijackThis.exe
[2013/12/14 07:33:29 | 000,450,800 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20131225-122922.backup
[2013/12/12 03:03:41 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/12/11 02:44:15 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Elaine\My Documents\*.tmp files -> C:\Documents and Settings\Elaine\My Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/12/27 08:33:58 | 000,000,306 | ---- | C] () -- C:\Documents and Settings\Elaine\Application Data\mbam.context.scan
[2013/12/26 19:23:56 | 000,003,747 | ---- | C] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
[2013/12/25 14:22:46 | 000,002,855 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\Shortcut to dds.com.pif
[2013/12/25 13:32:51 | 000,891,200 | ---- | C] () -- C:\Program Files\SecurityCheck.exe
[2013/06/25 11:52:16 | 011,492,440 | ---- | C] () -- C:\Program Files\eri_setup_109037324566.exe
[2013/05/15 02:21:58 | 000,913,186 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2236806547-4188195164-2715391781-1005-0.dat
[2013/05/15 02:21:58 | 000,316,962 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/03/11 19:07:53 | 000,130,030 | ---- | C] () -- C:\Documents and Settings\Elaine\ASUS.Franz.2013.registration
[2013/03/06 13:47:20 | 000,003,691 | ---- | C] () -- C:\WINDOWS\hphinfs.dat
[2013/02/18 20:33:11 | 000,202,764 | ---- | C] () -- C:\Program Files\tweets.zip
[2013/01/21 11:46:41 | 000,058,132 | ---- | C] () -- C:\Documents and Settings\Elaine\TD Ameritrade
[2013/01/17 21:56:50 | 000,168,306 | ---- | C] () -- C:\Documents and Settings\Elaine\KrisFlyerMembershipCard
[2012/12/05 13:18:05 | 006,104,576 | ---- | C] () -- C:\Program Files\MicrosoftCodecPack_x86.msi
[2012/04/01 10:50:25 | 000,143,350 | ---- | C] () -- C:\Documents and Settings\Elaine\NYU - Stringer NYT 3-29-2012.tif
[2012/04/01 10:46:31 | 000,141,814 | ---- | C] () -- C:\Documents and Settings\Elaine\NYU - Stringer NYT 3-29-2012
[2012/03/31 07:50:41 | 004,137,128 | ---- | C] () -- C:\Documents and Settings\Elaine\GlobeSt.com - MAS debate NYU2031 3-28-2012.tif
[2012/03/31 07:44:27 | 000,228,574 | ---- | C] () -- C:\Documents and Settings\Elaine\GlobeSt.com - MAS debate NYU2031 3-28-2012
[2012/03/24 19:38:36 | 1842,465,194 | ---- | C] () -- C:\Program Files\photoshopcs6_p1_win_032112.zip
[2012/03/12 16:58:27 | 001,606,064 | ---- | C] () -- C:\Program Files\googletalk-setup.exe
[2012/03/10 21:09:11 | 007,615,784 | ---- | C] () -- C:\Program Files\PenTablet_510-4.exe
[2012/02/16 14:25:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/19 15:03:15 | 001,793,028 | ---- | C] () -- C:\Documents and Settings\Elaine\OfficeDepotWorklifeRewards.tif
[2012/01/19 15:02:50 | 000,166,800 | ---- | C] () -- C:\Documents and Settings\Elaine\OfficeDepotWorklifeRewards
[2012/01/13 16:09:41 | 000,859,176 | ---- | C] () -- C:\Documents and Settings\Elaine\CapitalOnePayment.2012.01.13.tif
[2012/01/13 16:09:20 | 000,062,898 | ---- | C] () -- C:\Documents and Settings\Elaine\CapitalOnePayment.2012.01.13
[2011/12/29 09:02:21 | 000,570,340 | ---- | C] () -- C:\Documents and Settings\Elaine\ChaseTransfer.2011.12.29.tif
[2011/12/29 09:01:02 | 000,010,790 | ---- | C] () -- C:\Documents and Settings\Elaine\ChaseTransfer.2011.12.28
[2011/12/13 09:33:31 | 000,571,846 | ---- | C] () -- C:\Documents and Settings\Elaine\AOL.account.info.tif
[2011/12/13 09:32:33 | 000,009,114 | ---- | C] () -- C:\Documents and Settings\Elaine\AOL.account.info
[2011/05/31 11:40:50 | 002,940,886 | ---- | C] () -- C:\Documents and Settings\Elaine\K-YCoupon.tif
[2011/05/31 11:40:20 | 000,629,098 | ---- | C] () -- C:\Documents and Settings\Elaine\K-Y
[2010/12/21 16:29:44 | 000,630,232 | ---- | C] () -- C:\Documents and Settings\Elaine\BankAmerica.MC.payment.2010.12.21.tif
[2010/12/21 16:29:05 | 000,036,594 | ---- | C] () -- C:\Documents and Settings\Elaine\BankAmericaMCpayment.2010.12.21
[2010/12/19 16:37:22 | 000,769,332 | ---- | C] () -- C:\Documents and Settings\Elaine\UnionPlusPayment.2010.12.19.tif
[2010/12/19 16:37:05 | 000,058,852 | ---- | C] () -- C:\Documents and Settings\Elaine\UnionPlusPayment.2010.12.19
[2010/12/19 01:40:13 | 001,237,728 | ---- | C] () -- C:\Documents and Settings\Elaine\HomeInsuranceQuotes.2010.12.19.tif
[2010/12/19 01:39:32 | 000,069,784 | ---- | C] () -- C:\Documents and Settings\Elaine\HomeInsuranceQuotes.2010.12.19
[2010/12/01 12:48:31 | 001,364,522 | ---- | C] () -- C:\Program Files\wrar393.exe
[2010/10/19 19:57:22 | 000,630,612 | ---- | C] () -- C:\Documents and Settings\Elaine\BankofAmer.MC.payment.2010.10.21.tif
[2010/10/19 19:56:55 | 000,037,190 | ---- | C] () -- C:\Documents and Settings\Elaine\BankofAmer.MC.payment.2010.10.21
[2010/10/15 14:09:58 | 009,422,848 | ---- | C] () -- C:\Program Files\VzInHomeAgentInstaller.msi
[2010/10/15 13:58:59 | 000,103,720 | ---- | C] () -- C:\Documents and Settings\Elaine\GoToAssistDownloadHelper.exe
[2010/10/04 13:55:27 | 000,873,500 | ---- | C] () -- C:\Documents and Settings\Elaine\CapitalOnePayment.2010.10.tif
[2010/10/04 13:55:02 | 000,019,242 | ---- | C] () -- C:\Documents and Settings\Elaine\CapitalOnePayment.2010.10.04
[2010/09/28 13:58:57 | 001,885,928 | ---- | C] () -- C:\Documents and Settings\Elaine\UnitedShanghai2010.tif
[2010/09/28 13:57:05 | 000,062,352 | ---- | C] () -- C:\Documents and Settings\Elaine\UnitedShanghai2010
[2010/02/19 10:27:39 | 002,006,621 | ---- | C] () -- C:\Program Files\u9idat252zx.bin
[2010/02/19 10:27:23 | 000,113,488 | ---- | C] () -- C:\Program Files\u9ichjw4qt.bin
[2010/02/19 10:27:03 | 000,567,456 | ---- | C] () -- C:\Program Files\u9ifw57en.bin
[2010/02/19 10:26:28 | 002,489,378 | ---- | C] () -- C:\Program Files\x8all279kj.bin
[2010/02/19 09:55:58 | 064,213,381 | ---- | C] () -- C:\Program Files\w9all733vq.bin
[2010/02/19 09:26:53 | 056,173,018 | ---- | C] () -- C:\Program Files\u9iavi2697mh.bin
[2010/02/19 09:25:36 | 006,685,013 | ---- | C] () -- C:\Program Files\u7avi18567.bin
[2009/09/24 13:20:58 | 000,117,844 | ---- | C] () -- C:\Documents and Settings\Elaine\DeltaLauren
[2009/09/24 13:19:13 | 000,321,663 | ---- | C] () -- C:\Documents and Settings\Elaine\DeltaLaurenSkyMilesCard
[2008/11/04 05:23:52 | 000,181,426 | ---- | C] () -- C:\Program Files\hijackthis.zip
[2008/10/19 20:14:19 | 008,844,185 | ---- | C] () -- C:\Program Files\homesite3_dw.exe
[2008/10/18 23:54:37 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Elaine\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/12 16:40:49 | 319,815,680 | ---- | C] () -- C:\Program Files\Adobe Photoshop Lightroom 1.0 Aio.iso
[2000/10/26 00:55:56 | 000,000,388 | ---- | C] () -- C:\Program Files\file_id.diz
[2000/10/12 10:39:02 | 001,023,143 | ---- | C] () -- C:\Program Files\fo-ec4.exe
 
========== ZeroAccess Check ==========
 
[2008/04/25 16:34:35 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/06/26 03:15:29 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/11/28 09:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/09/08 13:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Auslogics
[2012/01/27 14:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2013/12/26 19:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CDB
[2010/10/24 06:30:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/10/12 16:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2013/09/08 15:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2012/01/27 14:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/12/19 22:58:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MR APP
[2008/10/10 17:13:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2013/07/04 16:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2013/05/06 02:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2009/07/05 19:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2013/12/29 06:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2012/01/27 04:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/02 15:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2013/12/27 01:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\0D0S1L2Z1P1B
[2012/01/27 04:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\AVG
[2012/01/27 04:30:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\AVG2012
[2009/06/30 09:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1
[2009/07/14 11:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\com.Spreadtweet2007.AirApp.84144EB30E332DDF53A5B500088B55A66190F3BE.1
[2013/09/08 13:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\CoreFTP
[2008/10/12 16:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\DAEMON Tools Pro
[2013/12/27 02:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\DigitalSites
[2008/11/01 22:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\install_5849_MHw0MXwwfHx8fHx8fHw_[1]
[2008/10/09 16:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Nikon
[2013/09/08 15:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\OpenOffice
[2008/10/11 04:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Opera
[2012/06/03 22:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Oracle
[2008/10/13 10:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Panasonic
[2013/09/08 16:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\TeamViewer
[2012/01/27 14:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Tific
[2013/12/27 02:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Uniblue
[2013/09/08 15:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\WinPatrol
[2008/11/01 22:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\_5849_fHx8fDQ2Mnw0fHw_
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2011/07/30 17:47:28 | 000,316,061 | ---- | M] ()(C:\Documents and Settings\Elaine\My Documents\01??????????.JPG) -- C:\Documents and Settings\Elaine\My Documents\01皖歙县许国大学士牌坊.JPG
[2011/07/30 17:47:27 | 000,316,061 | ---- | C] ()(C:\Documents and Settings\Elaine\My Documents\01??????????.JPG) -- C:\Documents and Settings\Elaine\My Documents\01皖歙县许国大学士牌坊.JPG
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >
 

 

______________________________________________________________________________________

 

 

OTL Extras logfile created on: 12/29/2013 4:07:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Elaine\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.25 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 73.54% Memory free
5.09 Gb Paging File | 4.30 Gb Available in Paging File | 84.53% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 455.94 Gb Total Space | 416.39 Gb Free Space | 91.33% Space Free | Partition Type: NTFS
Drive D: | 298.08 Gb Total Space | 142.84 Gb Free Space | 47.92% Space Free | Partition Type: NTFS
 
Computer Name: MANHATTAN | User Name: Elaine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_USERS\S-1-5-21-2236806547-4188195164-2715391781-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Dell Video Chat\DellVideoChat.exe" = C:\Program Files\Dell Video Chat\DellVideoChat.exe:*:Enabled:SightSpeed -- (Dell Inc. and SightSpeed Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\TeamViewer\Version8\TeamViewer.exe" = C:\Program Files\TeamViewer\Version8\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\MR APP\MRAPP.UI.exe" = C:\Program Files\MR APP\MRAPP.UI.exe:LocalSubNet:Enabled:MR APP UI -- (Microsoft)
"C:\Program Files\MR APP\MRAPP.Transfer.Service.exe" = C:\Program Files\MR APP\MRAPP.Transfer.Service.exe:LocalSubNet:Enabled:MR APP Transfer Service -- (Digital Market Research Apps Pty Ltd)
"C:\Program Files\MR APP\MRAPP.Event.Service.exe" = C:\Program Files\MR APP\MRAPP.Event.Service.exe:LocalSubNet:Enabled:MR APP Event Service -- (Digital Market Research Apps Pty Ltd)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 45
"{2A83AD05-56E6-3FBD-8752-B4143162EF59}" = Google Talk Plugin
"{2CC982C0-7EAE-11D4-ACC3-0050568AD318}" = Avery DesignPro
"{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}" = LUMIX Simple Viewer
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41F71B19-4F04-49A9-99BE-7348AA1EA665}" = ArcSoft Software Suite
"{45A82D1E-105D-4F49-9C2F-0DAF8118DC0C}" = Dynex mini card reader
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}" = WinPatrol
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}" = OpenOffice 4.0.0
"{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}" = Driver Detective
"{5887D64D-2663-43FB-B4BD-7464C56AB425}" = NVIDIA System Monitor
"{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter
"{5B25274F-088A-4A24-AE12-4AEE9278025A}" = SILKYPIX Developer Studio 2.0 SE
"{5F07A881-4A7F-4F16-AF9E-F2202B504A91}" = PHOTOfunSTUDIO 8.3 PE
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6B36DEBF-27D0-4B1E-858D-D397091C6C7D}" = HP Precisionscan Pro 3.1
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{748F4870-8350-11D3-B0BF-080009FB4A19}" = HP Share-to-Web
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{88D68A69-D247-466B-90DD-575F6BE16230}_is1" = CardRecovery 5.30
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97657495-9cfa-43ed-852e-98891c53c055}" =
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{9AE4AC96-A5F4-4F19-9D13-066C8B3CE034}" = Nikon Scan
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C197BC08-3D82-4651-8886-E68C21578A38}" = iTunes
"{CAEF3BE9-F5CF-4355-BBC3-90134AD070F8}" = RAW Thumbnail Viewer
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBCDEDF3-A2E5-4402-8E9E-E2C23DBE1DA8}" = Adobe Photoshop Lightroom
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D09FAEB4-4343-06E9-5D8F-BF19CB999821}" = Seesmic Desktop
"{DA65FD93-EA6D-4E14-BA49-2BF7523BD3C9}" = e-Rewards Notify
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics DiskDefrag
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F12E6A25-2F3A-4FEA-8E22-A89BD47574B2}" = PHOTOfunSTUDIO 6.2 HD Edition
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1" = Seesmic Desktop
"Core FTP LE 2.1" = Core FTP LE 2.1
"Dell Video Chat" = Dell Video Chat (remove only)
"ESET Online Scanner" = ESET Online Scanner v3
"ExtractNow_is1" = ExtractNow
"Eye Candy 4000" = Eye Candy 4000
"G-Force" = G-Force
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"hp photosmart printer series" = hp photosmart printer series (Remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{45A82D1E-105D-4F49-9C2F-0DAF8118DC0C}" = Dynex mini card reader
"InstallShield_{5887D64D-2663-43FB-B4BD-7464C56AB425}" = NVIDIA System Monitor
"InstallShield_{5B25274F-088A-4A24-AE12-4AEE9278025A}" = SILKYPIX Developer Studio 2.0 SE
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"MagicDisc 2.7.101" = MagicDisc 2.7.101
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.00.1156" = Opera 11.00
"Pen Tablet Driver" = Pen Tablet
"PrintConnect UNinstall" = PrintConnect
"SearchAssist" = SearchAssist
"TeamViewer 8" = TeamViewer 8
"weDownload Manager" = weDownload Manager
"WhiteCap" = WhiteCap
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xConnect UNinstall" = xConnect
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"YInstHelper" = Yahoo! Install Manager
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 9/8/2013 4:11:36 PM | Computer Name = MANHATTAN | Source = Microsoft Security Client | ID = 5000
Description =
 
Error - 9/8/2013 4:15:39 PM | Computer Name = MANHATTAN | Source = MPSampleSubmission | ID = 5000
Description =
 
Error - 9/8/2013 5:23:01 PM | Computer Name = MANHATTAN | Source = Application Error | ID = 1000
Description = Faulting application TeamViewer.exe, version 8.0.20768.0, faulting
 module unknown, version 0.0.0.0, fault address 0x05db7f78.
 
Error - 10/7/2013 6:19:46 PM | Computer Name = MANHATTAN | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 22.0.0.4917, faulting
 module mozalloc.dll, version 22.0.0.4917, fault address 0x00001988.
 
Error - 10/11/2013 3:30:46 AM | Computer Name = MANHATTAN | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
 - Tried to start a service that wasn't the latest version of CLR Optimization service.
 Will shutdown
 
Error - 10/12/2013 12:14:43 PM | Computer Name = MANHATTAN | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 22.0.0.4917, faulting
 module mozalloc.dll, version 22.0.0.4917, fault address 0x00001988.
 
Error - 12/9/2013 1:57:35 AM | Computer Name = MANHATTAN | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 22.0.0.4917, faulting
 module mozalloc.dll, version 22.0.0.4917, fault address 0x00001988.
 
Error - 12/13/2013 4:32:52 AM | Computer Name = MANHATTAN | Source = MPSampleSubmission | ID = 5000
Description =
 
Error - 12/22/2013 5:24:36 AM | Computer Name = MANHATTAN | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 26.0.0.5087, faulting
 module mozalloc.dll, version 26.0.0.5087, fault address 0x0000119c.
 
Error - 12/22/2013 4:53:20 PM | Computer Name = MANHATTAN | Source = Microsoft Security Client | ID = 5000
Description =
 
[ System Events ]
Error - 11/21/2013 4:38:38 AM | Computer Name = MANHATTAN | Source = Microsoft Antimalware | ID = 2001
Description =
 
Error - 11/30/2013 7:43:23 PM | Computer Name = MANHATTAN | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.100 on
 the  Network Card with network address 001EC95C2DEE.
 
Error - 12/8/2013 3:37:44 AM | Computer Name = MANHATTAN | Source = Schannel | ID = 36870
Description = A fatal error occurred when attempting to access the SSL server credential
 private key.  The error code returned from the cryptographic module is 0x80090016.
 
Error - 12/11/2013 1:57:43 PM | Computer Name = MANHATTAN | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
 address 001EC95C2DEE has been  denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 12/25/2013 3:32:29 PM | Computer Name = MANHATTAN | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
 address 001EC95C2DEE has been  denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 12/27/2013 3:21:45 AM | Computer Name = MANHATTAN | Source = Service Control Manager | ID = 7034
Description = The Pml Driver service terminated unexpectedly.  It has done this
1 time(s).
 
Error - 12/27/2013 3:25:05 AM | Computer Name = MANHATTAN | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater17.2.0 service failed to start due to the following
 error:   %%2
 
Error - 12/27/2013 3:58:17 AM | Computer Name = MANHATTAN | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater17.2.0 service failed to start due to the following
 error:   %%2
 
Error - 12/27/2013 11:12:30 AM | Computer Name = MANHATTAN | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
 address 001EC95C2DEE has been  denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 12/28/2013 6:54:08 PM | Computer Name = MANHATTAN | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater17.2.0 service failed to start due to the following
 error:   %%2
 
 
< End of report >
 

Link to post
Share on other sites

Step 1

Please download and run this tool:

http://download.avg.com/filedir/util/avgrem/avg_remover_stf_x86_2012_2125.exe

Follow the instructions.

Step 2

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    O4 - HKLM..\Run: [] File not found

    [2010/09/05 12:41:41 | 000,001,449 | ---- | M] () -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\searchplugins\100-search-engines.xml

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\

    :files

    ipconfig /flushdns /c

    :Commands

    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.
Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles
Link to post
Share on other sites

I goofed. I ran the OTL fix before I ran the avg-remover. OTL fix log is below. What would you suggest I do to correct my mistake?

 (I haven't yet run avg-remover.)

 

 

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\searchplugins\100-search-engines.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}\ not found.
File C:\Program Files\AVG\AVG2012\Firefox4 not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Elaine\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Elaine\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41365 bytes
 
User: Elaine
->Temp folder emptied: 59610683 bytes
->Temporary Internet Files folder emptied: 21612614 bytes
->Java cache emptied: 6202752 bytes
->FireFox cache emptied: 360262948 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 4651 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 13165158 bytes
 
User: NetworkService
->Temp folder emptied: 522790 bytes
->Temporary Internet Files folder emptied: 79535828 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3613713 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3131244 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 592590046 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 27553 bytes
 
Total Files Cleaned = 1,088.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 12292013_164155

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

Link to post
Share on other sites

I decided to run the avg-remover, and then run a new OTL scan (log from this new scan below).

 

 

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
File C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\searchplugins\100-search-engines.xml not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}\ not found.
File C:\Program Files\AVG\AVG2012\Firefox4 not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Elaine\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Elaine\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Elaine
->Temp folder emptied: 46645 bytes
->Temporary Internet Files folder emptied: 5943641 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 96208661 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1575 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 555 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 97.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 12292013_181342
 

Link to post
Share on other sites

I still have the AVG search. The AVG-remover said it might take several reboots to complete the removal, and I've restarted my computer 5 times. One problem might be that 2-3 years ago I was using AVG's program for virus monitoring, and I have a lot of AVG files still in my computer. I stopped using AVG because I had some problem (can't remember what). I tried to attach the log for the AVG-remover search, but it was too long to post, so I did an attachment. I don't know if it will be of any help.

 

 

 

 

AVG-remover log.doc

Link to post
Share on other sites

I ran spybot again, and no threats found. I ran Malwarebytes again and rebooted. Malwarebytes found 10 threats which I quarantined. Log for Malwarebytes below. (I updated Malwarebytes to v2013.12.30 AFTER I ran the scan.)

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.28.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Elaine :: MANHATTAN [administrator]

12/30/2013 6:45:31 AM
mbam-log-2013-12-30 (06-45-31).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 341474
Time elapsed: 51 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCR\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\MYSEARCHDIAL (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Update Jump Flip (PUP.Optional.JumpFlip.A) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\mysearchdial|TM (PUP.Optional.MySearchDial.A) -> Data: 0131 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1665\A0079060.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1665\A0079061.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1665\A0079062.exe (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1665\A0079063.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1665\A0079066.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1665\A0079076.exe (PUP.Optional.JumpFlip.A) -> Quarantined and deleted successfully.

(end)
 

Link to post
Share on other sites

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind*avg*:folderfind*avg*:regfindavg
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

  • 2 months later...

I tried to use SystemLook, and when I hit "LOOK" I get an error message "script required". I updated my java, restarted my computer, and can play music and videos, so I'm not sure what's wrong. I downloaded System Look a second time, and the same error message appeared.

Link to post
Share on other sites

Am I missing something? I looked at the screenshot, and typed the same info into my SystemLook window.

 

Here's what I got when I clicked "Look" this time.

 

SystemLook 30.07.11 by jpshortstuff
Log created at 12:40 on 30/03/2014 by Elaine
Administrator - Elevation successful

No Context: paste my script right here and click "Look" button

-= EOF =-

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.