Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 30

Thread: PC Loading slowly...

  1. #11
    Senior Member
    Join Date
    Jun 2008
    Posts
    101

    Default

    I cannot remove the AVG Safeguard Toolbar. I even tried unistalling the AVG free Anti Virus program but to no avail.

  2. #12
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi speedinc,

    Go here and follow the directions for your appropriate browser to uninstall AVG Safeguard Toolbar. Then continue with the remainder of the steps.
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  3. #13
    Senior Member
    Join Date
    Jun 2008
    Posts
    101

    Default RE: PC Loading slowly...

    Okay. Removed the tool bar. reinstalled the free anti virus without it. (Trial version, expires in one month!)
    Played a round on the site, still lagging a bit, not as much as beforethough. I notice that browser is loading quickly. other pages too!
    I think this box is too 'limited' when it comes to playing games. Going to try the RAM sites you told me about and see what they say.
    Heres the OTL log:

    OTL logfile created on: 9/24/2013 1:24:43 AM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Downloads
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    702.48 Mb Total Physical Memory | 194.32 Mb Available Physical Memory | 27.66% Memory free
    1.30 Gb Paging File | 0.82 Gb Available in Paging File | 63.08% Paging File free
    Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 140.47 Gb Total Space | 71.18 Gb Free Space | 50.67% Space Free | Partition Type: NTFS
    Drive E: | 8.56 Gb Total Space | 0.58 Gb Free Space | 6.77% Space Free | Partition Type: FAT32

    Computer Name: YOUR-4DACD0EA75 | User Name: Dad | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2014\avgnsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2014\avgemcx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2014\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
    PRC - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
    PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
    PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    PRC - C:\Program Files\Avaya\Avaya one-X Communicator\QosServM.exe (AVAYA Communication)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\RpcAgentSrv.exe (SiSoftware)
    PRC - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
    PRC - C:\WINDOWS\arservice.exe (Microsoft)


    ========== Modules (No Company Name) ==========

    MOD - C:\WINDOWS\system32\quartz.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF ()
    MOD - C:\WINDOWS\system32\sbe.dll ()
    MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
    MOD - C:\WINDOWS\system32\msdmo.dll ()
    MOD - C:\WINDOWS\system32\devenum.dll ()


    ========== Services (SafeList) ==========

    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    SRV - (avgwd) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
    SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
    SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
    SRV - (GameConsoleService) -- C:\Program Files\WildTangent\Apps\My HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
    SRV - (iClarityQoSService) -- C:\Program Files\Avaya\Avaya one-X Communicator\QosServM.exe (AVAYA Communication)
    SRV - (SandraAgentSrv) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\RpcAgentSrv.exe (SiSoftware)
    SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
    SRV - (ARSVC) -- C:\WINDOWS\arservice.exe (Microsoft)


    ========== Driver Services (SafeList) ==========

    DRV - (WDICA) -- File not found
    DRV - (PDRFRAME) -- File not found
    DRV - (PDRELI) -- File not found
    DRV - (PDFRAME) -- File not found
    DRV - (PDCOMP) -- File not found
    DRV - (PCIDump) -- File not found
    DRV - (lbrtfdc) -- File not found
    DRV - (i2omgmt) -- File not found
    DRV - (ftsata2) -- system32\DRIVERS\ftsata2.sys File not found
    DRV - (DCamUSBVeo532) -- System32\Drivers\ubVeo532.sys File not found
    DRV - (Changer) -- File not found
    DRV - (catchme) -- C:\DOCUME~1\DAD~1.YOU\LOCALS~1\Temp\catchme.sys File not found
    DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (avgtp) -- C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies)
    DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgdiskx) -- C:\WINDOWS\system32\drivers\avgdiskx.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (SmartDefragDriver) -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys ()
    DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
    DRV - (nvgts) -- C:\WINDOWS\system32\drivers\nvgts.sys (NVIDIA Corporation)
    DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
    DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
    DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
    DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
    DRV - (vpnva) -- C:\WINDOWS\system32\drivers\vpnva.sys (Cisco Systems, Inc.)
    DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\WNt500x86\sandra.sys (SiSoftware)
    DRV - (BANTExt) -- C:\WINDOWS\system32\drivers\BANTExt.sys ()
    DRV - (HSXHWBS2) -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
    DRV - (HSX_DP) -- C:\WINDOWS\system32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
    DRV - (RT61) -- C:\WINDOWS\system32\drivers\rt61.sys (Ralink Technology Inc.)
    DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
    DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
    DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
    DRV - (LCcfltr) -- C:\WINDOWS\system32\drivers\LCcfltr.sys (Logitech, Inc.)
    DRV - (GTNDIS5) -- C:\WINDOWS\system32\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 97 BF 68 E7 C9 C6 CD 01 [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{47130832-F17F-4B95-A626-D153584228DC}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    IE - HKCU\..\SearchScopes\{9B97950D-482C-1D79-568F-FC7B9D40C785}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z192&form=ZGAIDF&install_date=20111126&iesrc={referrer:source}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Google"
    FF - prefs.js..browser.search.order.1: "Google"
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en"
    FF - prefs.js..extensions.enabledAddons: LogMeInClient%40logmein.com:1.0.0.1024
    FF - prefs.js..extensions.enabledAddons: zigboom.designs%40gmail.com:2.0.8
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\plugins\npo1d.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/05/31 17:40:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/09/17 23:02:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/17 23:02:34 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2011/09/28 22:51:41 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins

    [2009/07/30 20:25:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Extensions
    [2013/09/16 14:37:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\extensions
    [2013/07/16 23:09:14 | 000,000,000 | ---D | M] (Blue Fox) -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\extensions\{241aae70-0022-11de-87af-0800200c9a66}
    [2013/08/15 00:26:06 | 000,000,000 | ---D | M] ("Default Theme Engine - Personas Interactive") -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\extensions\btpersonas@brandthunder.com
    [2013/02/04 23:41:04 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\extensions\info@djzig.com
    [2013/06/21 22:08:24 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\extensions\LogMeInClient@logmein.com
    [2013/02/05 10:16:39 | 000,000,000 | ---D | M] (BlackFox V2-Blue) -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\extensions\zigboom.designs@gmail.com
    [2011/11/26 02:07:22 | 000,001,945 | ---- | M] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\searchplugins\bing-zugo.xml
    [2013/09/17 23:02:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/09/17 23:02:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    [2013/09/17 23:02:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2013/09/17 23:02:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2013/09/17 23:03:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2011/11/12 17:23:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old

    ========== Chrome ==========


    O1 HOSTS File: ([2011/07/18 23:38:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (Hewlett-Packard)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Driver Genius] File not found
    O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
    O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
    O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/pr.../ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.com/wizmodules/tes...enXInstall.cab (TTestGenXInstallObject)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Value error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Value error.)
    O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.com/books/_Players...stallAsst2.cab (Pearson Installation Assistant 2)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Value error.)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.com/books/_Players/MathPlayer.cab (Pearson MathXL Player)
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=928 (Performance Viewer Activex Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19BBB996-5117-464D-A89F-CD2424DA7BD0}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E053139-5D2F-4791-9D3C-EB9FABA46996}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper:
    O24 - Desktop BackupWallPaper:
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/08/30 23:02:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
    O32 - AutoRun File - [2012/02/10 23:42:56 | 000,000,090 | ---- | M] () - E:\AUTORUN.INF -- [ FAT32 ]
    O34 - HKLM BootExecute: ('autocheck autochk *')
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/09/24 01:20:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\AVG2014
    [2013/09/24 01:19:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
    [2013/09/24 01:19:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
    [2013/09/24 01:19:16 | 000,000,000 | -H-D | C] -- C:\$AVG
    [2013/09/24 01:19:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2014
    [2013/09/24 01:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\MFAData
    [2013/09/24 01:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2013/09/24 01:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Avg2014
    [2013/09/24 01:06:37 | 000,000,000 | ---D | C] -- C:\_OTL
    [2013/09/24 01:05:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Apple Computer
    [2013/09/23 01:54:56 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2013/09/23 01:39:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Recent
    [2013/09/17 23:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/09/15 17:21:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag 2
    [2013/09/15 17:20:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
    [2013/09/15 17:20:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\AppData
    [2013/08/31 00:31:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Shop'NCook Pro
    [2013/08/31 00:31:05 | 000,000,000 | ---D | C] -- C:\Program Files\Shop'NCook Pro
    [2013/08/25 11:23:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
    [5 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/09/24 01:32:00 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A5BA4143-133C-40B2-AB6F-015DCEDD0290}.job
    [2013/09/24 01:21:00 | 000,000,950 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2250449246-3165194149-3948157566-1016Core1ce7ec755383511.job
    [2013/09/24 01:20:04 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/09/24 01:08:45 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/09/24 01:08:40 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1007.job
    [2013/09/24 01:08:40 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1014.job
    [2013/09/24 01:08:40 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1009.job
    [2013/09/24 01:08:32 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\ROC_REG_JAN.job
    [2013/09/24 01:08:32 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1015.job
    [2013/09/24 01:08:32 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1016.job
    [2013/09/24 01:08:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/09/24 01:08:19 | 736,677,888 | -HS- | M] () -- C:\hiberfil.sys
    [2013/09/24 00:38:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/09/23 23:10:00 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1007.job
    [2013/09/23 20:40:02 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
    [2013/09/23 14:00:01 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
    [2013/09/23 10:33:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
    [2013/09/23 10:24:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\prvlcl.dat
    [2013/09/23 10:10:01 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
    [2013/09/21 08:45:47 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1009.job
    [2013/09/21 01:43:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1014.job
    [2013/09/19 23:38:37 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2013/09/19 23:38:37 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2013/09/18 17:20:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2013/09/17 10:00:20 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1016.job
    [2013/09/15 17:21:56 | 000,000,849 | ---- | M] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Defrag 2.lnk
    [2013/09/11 03:37:48 | 000,327,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/09/08 07:01:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1015.job
    [2013/09/06 00:55:18 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerResumeInstall_Dad.job
    [2013/09/03 11:41:48 | 016,436,183 | ---- | M] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\DJ Migs - Sunday Night (Mushroom Jazz 2).flv
    [2013/08/30 11:23:58 | 076,249,771 | ---- | M] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Golf Joke_ The Cast Away.mp4
    [2013/08/30 08:44:59 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [5 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/09/15 17:21:57 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
    [2013/09/15 17:21:56 | 000,000,849 | ---- | C] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Defrag 2.lnk
    [2013/09/03 11:39:40 | 016,436,183 | ---- | C] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\DJ Migs - Sunday Night (Mushroom Jazz 2).flv
    [2013/08/30 11:23:26 | 076,249,771 | ---- | C] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Golf Joke_ The Cast Away.mp4
    [2013/04/15 10:29:49 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
    [2013/03/02 18:00:05 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\.DLMSave_back.xml
    [2013/03/02 18:00:05 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\.DLMSave.xml
    [2013/03/02 13:12:44 | 000,001,247 | ---- | C] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\.Setting.ini
    [2012/02/16 00:48:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/02/01 23:52:04 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2012/02/01 23:52:04 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2012/02/01 23:52:04 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2012/02/01 23:47:11 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
    [2012/02/01 23:37:28 | 000,021,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
    [2012/02/01 23:03:13 | 000,010,084 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
    [2011/12/06 01:29:46 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\.backup.dm
    [2011/09/05 10:04:16 | 000,000,150 | ---- | C] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\webct_upload_applet.properties
    [2011/07/02 15:37:57 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~16375588r
    [2011/07/02 15:37:56 | 000,000,232 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~16375588
    [2011/07/02 15:37:32 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\16375588
    [2010/11/04 16:31:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\prvlcl.dat
    [2008/05/19 01:09:41 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
    [2008/04/12 19:27:21 | 007,028,736 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
    [2008/04/12 19:27:20 | 007,028,736 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mdb
    [2008/02/12 00:19:33 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat

    ========== ZeroAccess Check ==========

    [2005/08/30 22:58:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2006/09/04 01:12:56 | 001,497,088 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F1F66C0
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BED8A204
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F085C8A1

    < End of report >

  4. #14
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi speedinc,

    Security Check

    Download Security Check by screen317 from here or here.
    • Save it to your Desktop.
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    =========================

    Junkware Removal Tool

    Download Junkware Removal Tool to your desktop.
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • Shut down your protection software now to avoid potential conflicts.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    =========================

    Re- run AdwCleaner

    It should be on your desktop
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • Click on the Scan button.
    • AdwCleaner will begin to scan your computer like it did before.
    • After the scan has finished...
    • This time, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a log file report (AdwCleaner[S1].txt) will open automatically.
    • Copy and paste the contents of that log file in your next reply.
    • A copy of that log file will also be saved in the C:\AdwCleaner folder.

    =========================

    In your next post please provide the following:
    • check-up.txt
    • JRT.txt
    • AdwCleaner[S1].txt
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  5. #15
    Senior Member
    Join Date
    Jun 2008
    Posts
    101

    Default

    Security Check Log:

    Results of screen317's Security Check version 0.99.73
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    AVG AntiVirus 2014
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Out of date HijackThis installed!
    SpywareBlaster 4.1
    Spybot - Search & Destroy
    HijackThis 2.0.2
    CCleaner
    Java 7 Update 25
    Adobe Flash Player 11.8.800.168
    Adobe Reader 10.1.8 Adobe Reader out of Date!
    Mozilla Firefox (24.0)
    ````````Process Check: objlist.exe by Laurent````````
    AVG avgwdsvc.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    AVG avgemc.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 0%
    ````````````````````End of Log``````````````````````

    JRT log:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.0.2 (09.22.2013:1)
    OS: Microsoft Windows XP x86
    Ran by Dad on Tue 09/24/2013 at 23:08:39.35
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\driver genius



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
    Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\big fish games"
    Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ytd video downloader"
    Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\ytd video downloader"



    ~~~ FireFox

    Successfully deleted: [File] C:\user.js
    Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\bing.xml.old"
    Successfully deleted: [File] C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\mozilla\firefox\profiles\37fti8ke.default\searchplugins\bing-zugo.xml
    Emptied folder: C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\mozilla\firefox\profiles\37fti8ke.default\minidumps [2 files]





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Tue 09/24/2013 at 23:13:52.06
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    AdwCleaner Log:

    # AdwCleaner v3.005 - Report created 24/09/2013 at 23:24:27
    # Updated 22/09/2013 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Dad - YOUR-4DACD0EA75
    # Running from : C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Downloads\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Deleted : C:\DOCUME~1\DAD~1.YOU\LOCALS~1\Temp\Uninstall.exe

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
    Product Deleted : Ask Toolbar

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702


    -\\ Mozilla Firefox v24.0 (en-US)

    [ File : C:\Documents and Settings\DAD.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\prefs.js ]


    -\\ Google Chrome v

    [ File : C:\Documents and Settings\DAD.YOUR-4DACD0EA75\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [34696 octets] - [23/09/2013 01:55:19]
    AdwCleaner[R1].txt - [1352 octets] - [24/09/2013 23:19:27]
    AdwCleaner[R2].txt - [1412 octets] - [24/09/2013 23:23:01]
    AdwCleaner[S0].txt - [35241 octets] - [23/09/2013 01:57:57]
    AdwCleaner[S1].txt - [1339 octets] - [24/09/2013 23:24:27]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1399 octets] ##########

  6. #16
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi speedinc,

    Malwarebytes' Anti-Malware

    Locate Malwarebytes' Anti-Malware (it should be on your desktop).
    If not, download it here
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • Once the program has loaded, select the Update tab to get the latest updates before performing the scan.
    • Select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected .
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

    =========================


    ESET Online Scanner

    *Note:
    • It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
    • Please don't go surfing while your resident protection is disabled!
    • Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.

    ** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

    = = = = = = = = = = = = = = = = = = = =

    Go here to run ESET Online Scanner

    (Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
    • Click Start
    • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
    • Click Scan.
    • Wait for the scan to finish.
    • When the scan completes, click List of found threats
    • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
    • Include the contents of this report in your next reply

      Note - when ESET doesn't find any threats, no report will be created.
    • Push the back button.
    • Push Finish
    • Re-enable your Antivirus software.

    =========================

    In your next post please provide the following:

    • MBAM log
    • ESET's log.txt
    • How's the computer running, any symptoms?

    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  7. #17
    Senior Member
    Join Date
    Jun 2008
    Posts
    101

    Default RE: PC Loading slowly...

    MBAM Log:

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.09.25.01

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Dad :: YOUR-4DACD0EA75 [administrator]

    9/25/2013 1:51:18 AM
    mbam-log-2013-09-25 (01-51-18).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 358675
    Time elapsed: 11 minute(s), 9 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 1
    C:\Documents and Settings\MOM\Application Data\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.

    Files Detected: 4
    C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Downloads\AVG-Anti-Virus-Free-Edition-2013.exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Downloads\FreemakeVideoConverterSetup.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MOM\My Documents\Downloads\setup.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MOM\Application Data\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.

    (end)

    ESET Txt:

    C:\AdwCleaner\Backup\C\Documents and Settings\DAD.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\prefs_23_09_2013_01_58_20.js JS/SecurityDisabler.A.Gen application
    C:\AdwCleaner\Backup\C\Documents and Settings\DAD.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\prefs_24_09_2013_23_24_34.js JS/SecurityDisabler.A.Gen application
    C:\AdwCleaner\Quarantine\C\Documents and Settings\DAD.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\user.js.vir JS/SecurityDisabler.A.Gen application
    C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\prefs.js JS/SecurityDisabler.A.Gen application
    C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\temp\ICReinstall_Chrome_Setup.exe a variant of Win32/InstallCore.CX application
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\oJ06511LbGgJ06511\oJ06511LbGgJ06511.exe.vir a variant of Win32/Kryptik.OIE trojan
    C:\Qoobox\Quarantine\C\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Sayp\imob.exe.vir a variant of Win32/Kryptik.PCQ trojan
    C:\RECYCLER\S-1-5-21-2250449246-3165194149-3948157566-1016\Dc20.exe a variant of Win32/InstallCore.CX application
    C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP774\A0100265.exe Win32/Toolbar.Babylon application
    E:\I386\APPS\APP17286\src\CompaqPresario_Spring06.exe a variant of Win32/AdInstaller application
    E:\I386\APPS\APP17286\src\HPPavillion_Spring06.exe a variant of Win32/AdInstaller application


    Apps are loading as if it were a brand new install! Even the WGT page is lagless! But my wife logged on to her profile this morning and I noticed that her pages are still loading slowly. Do I have to do this for every Profile on the PC. I have been doing it for my profile only.

  8. #18
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi speedinc,

    Run OTL.exe

      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :Files
      C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\prefs.js JS/SecurityDisabler.A.Gen
      C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\temp\ICReinstall_Chrome_Setup.exe
      
      :Commands
      [purity]
      [createrestorepoint]
      [emptytemp]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot when it is done
    • Then re-run OTL and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

    =========================

    But my wife logged on to her profile this morning and I noticed that her pages are still loading slowly. Do I have to do this for every Profile on the PC.
    No you shouldn't have to. Just for reference, after you run the above step log off your profile > reboot > then log onto your wife's profile and run a scan with OTL.

    In your next post please provide the following:
    • OTL.txt (your profile)
    • OTL.txt (wife's profile)
    • Extras.txt (if generated from wife's profile)
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  9. #19
    Senior Member
    Join Date
    Jun 2008
    Posts
    101

    Default RE: PC Loadinc slowly...

    I have four profiles/desktops on this PC. Heres the OTL log for My profile:

    OTL logfile created on: 9/26/2013 9:20:46 AM - Run 7
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Downloads
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    702.48 Mb Total Physical Memory | 143.59 Mb Available Physical Memory | 20.44% Memory free
    1.30 Gb Paging File | 0.72 Gb Available in Paging File | 55.24% Paging File free
    Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 140.47 Gb Total Space | 70.91 Gb Free Space | 50.48% Space Free | Partition Type: NTFS
    Drive E: | 8.56 Gb Total Space | 0.58 Gb Free Space | 6.77% Space Free | Partition Type: FAT32

    Computer Name: YOUR-4DACD0EA75 | User Name: Dad | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2014\avgnsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2014\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2014\avgemcx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
    PRC - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
    PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
    PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    PRC - C:\Program Files\Avaya\Avaya one-X Communicator\QosServM.exe (AVAYA Communication)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\RpcAgentSrv.exe (SiSoftware)
    PRC - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
    PRC - C:\WINDOWS\arservice.exe (Microsoft)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
    MOD - C:\WINDOWS\system32\quartz.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF ()
    MOD - C:\WINDOWS\system32\sbe.dll ()
    MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
    MOD - C:\WINDOWS\system32\msdmo.dll ()
    MOD - C:\WINDOWS\system32\devenum.dll ()


    ========== Services (SafeList) ==========

    SRV - (avgwd) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
    SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
    SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
    SRV - (GameConsoleService) -- C:\Program Files\WildTangent\Apps\My HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
    SRV - (iClarityQoSService) -- C:\Program Files\Avaya\Avaya one-X Communicator\QosServM.exe (AVAYA Communication)
    SRV - (SandraAgentSrv) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\RpcAgentSrv.exe (SiSoftware)
    SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
    SRV - (ARSVC) -- C:\WINDOWS\arservice.exe (Microsoft)


    ========== Driver Services (SafeList) ==========

    DRV - (WDICA) -- File not found
    DRV - (PDRFRAME) -- File not found
    DRV - (PDRELI) -- File not found
    DRV - (PDFRAME) -- File not found
    DRV - (PDCOMP) -- File not found
    DRV - (PCIDump) -- File not found
    DRV - (lbrtfdc) -- File not found
    DRV - (i2omgmt) -- File not found
    DRV - (ftsata2) -- system32\DRIVERS\ftsata2.sys File not found
    DRV - (DCamUSBVeo532) -- System32\Drivers\ubVeo532.sys File not found
    DRV - (Changer) -- File not found
    DRV - (catchme) -- C:\DOCUME~1\DAD~1.YOU\LOCALS~1\Temp\catchme.sys File not found
    DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (avgtp) -- C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies)
    DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgdiskx) -- C:\WINDOWS\system32\drivers\avgdiskx.sys (AVG Technologies CZ, s.r.o.)
    DRV - (SmartDefragDriver) -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys ()
    DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
    DRV - (nvgts) -- C:\WINDOWS\system32\drivers\nvgts.sys (NVIDIA Corporation)
    DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
    DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
    DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
    DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
    DRV - (vpnva) -- C:\WINDOWS\system32\drivers\vpnva.sys (Cisco Systems, Inc.)
    DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\WNt500x86\sandra.sys (SiSoftware)
    DRV - (BANTExt) -- C:\WINDOWS\system32\drivers\BANTExt.sys ()
    DRV - (HSXHWBS2) -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
    DRV - (HSX_DP) -- C:\WINDOWS\system32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
    DRV - (RT61) -- C:\WINDOWS\system32\drivers\rt61.sys (Ralink Technology Inc.)
    DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
    DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
    DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
    DRV - (LCcfltr) -- C:\WINDOWS\system32\drivers\LCcfltr.sys (Logitech, Inc.)
    DRV - (GTNDIS5) -- C:\WINDOWS\system32\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 97 BF 68 E7 C9 C6 CD 01 [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{47130832-F17F-4B95-A626-D153584228DC}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    IE - HKCU\..\SearchScopes\{9B97950D-482C-1D79-568F-FC7B9D40C785}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z192&form=ZGAIDF&install_date=20111126&iesrc={referrer:source}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Google"
    FF - prefs.js..browser.search.order.1: "Google"
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en"
    FF - prefs.js..extensions.enabledAddons: LogMeInClient%40logmein.com:1.0.0.1024
    FF - prefs.js..extensions.enabledAddons: zigboom.designs%40gmail.com:2.0.8
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\plugins\npo1d.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/05/31 17:40:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/09/17 23:02:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/17 23:02:34 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2013/09/25 08:19:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins

    [2013/09/25 08:19:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Extensions
    [2013/09/25 08:19:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
    [2013/09/16 14:37:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\extensions
    [2013/07/16 23:09:14 | 000,000,000 | ---D | M] (Blue Fox) -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\extensions\{241aae70-0022-11de-87af-0800200c9a66}
    [2013/08/15 00:26:06 | 000,000,000 | ---D | M] ("Default Theme Engine - Personas Interactive") -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\extensions\btpersonas@brandthunder.com
    [2013/02/04 23:41:04 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\extensions\info@djzig.com
    [2013/06/21 22:08:24 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\extensions\LogMeInClient@logmein.com
    [2013/02/05 10:16:39 | 000,000,000 | ---D | M] (BlackFox V2-Blue) -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\extensions\zigboom.designs@gmail.com
    [2013/09/25 08:19:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Sunbird\Profiles\e386yrrx.default\extensions
    [2013/09/17 23:02:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/09/17 23:02:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    [2013/09/17 23:02:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2013/09/17 23:02:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2013/09/17 23:03:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2011/11/12 17:23:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old

    ========== Chrome ==========


    O1 HOSTS File: ([2011/07/18 23:38:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (Hewlett-Packard)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
    O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
    O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/pr.../ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.com/wizmodules/tes...enXInstall.cab (TTestGenXInstallObject)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Value error.)
    O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.com/books/_Players...stallAsst2.cab (Pearson Installation Assistant 2)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Value error.)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.com/books/_Players/MathPlayer.cab (Pearson MathXL Player)
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=928 (Performance Viewer Activex Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19BBB996-5117-464D-A89F-CD2424DA7BD0}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E053139-5D2F-4791-9D3C-EB9FABA46996}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper:
    O24 - Desktop BackupWallPaper:
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/08/30 23:02:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
    O32 - AutoRun File - [2012/02/10 23:42:56 | 000,000,090 | ---- | M] () - E:\AUTORUN.INF -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/09/26 09:20:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Adobe
    [2013/09/26 08:50:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
    [2013/09/25 02:15:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2013/09/24 23:08:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
    [2013/09/24 10:29:02 | 000,029,528 | ---- | C] (IObit) -- C:\WINDOWS\System32\SmartDefragBootTime.exe
    [2013/09/24 10:28:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\IObit
    [2013/09/24 01:20:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\AVG2014
    [2013/09/24 01:19:16 | 000,000,000 | -H-D | C] -- C:\$AVG
    [2013/09/24 01:19:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2014
    [2013/09/24 01:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\MFAData
    [2013/09/24 01:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2013/09/24 01:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Avg2014
    [2013/09/24 01:06:37 | 000,000,000 | ---D | C] -- C:\_OTL
    [2013/09/24 01:05:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Apple Computer
    [2013/09/23 01:54:56 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2013/09/23 01:39:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Recent
    [2013/09/17 23:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/09/15 17:21:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag 2
    [2013/09/15 17:20:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
    [2013/09/15 17:20:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\AppData
    [2013/08/31 00:31:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Shop'NCook Pro
    [2013/08/31 00:31:05 | 000,000,000 | ---D | C] -- C:\Program Files\Shop'NCook Pro
    [5 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/09/26 09:22:00 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A5BA4143-133C-40B2-AB6F-015DCEDD0290}.job
    [2013/09/26 09:20:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/09/26 09:03:10 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/09/26 09:03:09 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\ROC_REG_JAN.job
    [2013/09/26 09:03:09 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefragUpdate.job
    [2013/09/26 09:03:09 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1007.job
    [2013/09/26 09:03:09 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1015.job
    [2013/09/26 09:03:09 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1014.job
    [2013/09/26 09:03:09 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1016.job
    [2013/09/26 09:03:09 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1009.job
    [2013/09/26 08:59:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/09/26 08:59:52 | 736,677,888 | -HS- | M] () -- C:\hiberfil.sys
    [2013/09/26 08:38:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/09/26 01:21:00 | 000,000,950 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2250449246-3165194149-3948157566-1016Core1ce7ec755383511.job
    [2013/09/25 10:33:03 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
    [2013/09/25 10:10:02 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
    [2013/09/24 20:40:01 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
    [2013/09/24 14:00:01 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
    [2013/09/24 10:00:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1016.job
    [2013/09/23 23:10:00 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1007.job
    [2013/09/23 10:24:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\prvlcl.dat
    [2013/09/21 08:45:47 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1009.job
    [2013/09/21 01:43:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1014.job
    [2013/09/19 23:38:37 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2013/09/19 23:38:37 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2013/09/18 17:20:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2013/09/15 17:21:56 | 000,000,849 | ---- | M] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Defrag 2.lnk
    [2013/09/11 03:37:48 | 000,327,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/09/10 22:11:44 | 000,022,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidsshimx.sys
    [2013/09/08 22:12:16 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
    [2013/09/08 07:01:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1015.job
    [2013/09/06 00:55:18 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerResumeInstall_Dad.job
    [2013/09/03 11:41:48 | 016,436,183 | ---- | M] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\DJ Migs - Sunday Night (Mushroom Jazz 2).flv
    [2013/09/02 10:39:32 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
    [2013/09/02 10:28:06 | 000,145,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidshx.sys
    [2013/09/02 10:28:04 | 000,209,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidsdriverx.sys
    [2013/09/02 10:28:00 | 000,223,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avglogx.sys
    [2013/08/30 11:23:58 | 076,249,771 | ---- | M] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Golf Joke_ The Cast Away.mp4
    [2013/08/30 08:44:59 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [5 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/09/24 10:28:59 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefragUpdate.job
    [2013/09/15 17:21:57 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
    [2013/09/15 17:21:56 | 000,000,849 | ---- | C] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Defrag 2.lnk
    [2013/09/03 11:39:40 | 016,436,183 | ---- | C] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\DJ Migs - Sunday Night (Mushroom Jazz 2).flv
    [2013/08/30 11:23:26 | 076,249,771 | ---- | C] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Golf Joke_ The Cast Away.mp4
    [2013/04/15 10:29:49 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
    [2013/03/02 18:00:05 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\.DLMSave_back.xml
    [2013/03/02 18:00:05 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\.DLMSave.xml
    [2013/03/02 13:12:44 | 000,001,247 | ---- | C] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\.Setting.ini
    [2012/02/16 00:48:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/02/01 23:52:04 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2012/02/01 23:52:04 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2012/02/01 23:52:04 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2012/02/01 23:47:11 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
    [2012/02/01 23:37:28 | 000,021,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
    [2012/02/01 23:03:13 | 000,010,084 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
    [2011/12/06 01:29:46 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\.backup.dm
    [2011/09/05 10:04:16 | 000,000,150 | ---- | C] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\webct_upload_applet.properties
    [2011/07/02 15:37:57 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~16375588r
    [2011/07/02 15:37:56 | 000,000,232 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~16375588
    [2011/07/02 15:37:32 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\16375588
    [2010/11/04 16:31:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\prvlcl.dat
    [2008/05/19 01:09:41 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
    [2008/04/12 19:27:21 | 007,028,736 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
    [2008/04/12 19:27:20 | 007,028,736 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mdb
    [2008/02/12 00:19:33 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat

    ========== ZeroAccess Check ==========

    [2005/08/30 22:58:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2006/09/04 01:12:56 | 001,497,088 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F1F66C0
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BED8A204
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F085C8A1

    < End of report >

  10. #20
    Senior Member
    Join Date
    Jun 2008
    Posts
    101

    Default

    This one is my Wife's desktop:

    OTL logfile created on: 9/26/2013 1:29:10 AM - Run 4
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Downloads
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    702.48 Mb Total Physical Memory | 218.21 Mb Available Physical Memory | 31.06% Memory free
    1.30 Gb Paging File | 0.85 Gb Available in Paging File | 65.05% Paging File free
    Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 140.47 Gb Total Space | 71.02 Gb Free Space | 50.56% Space Free | Partition Type: NTFS
    Drive E: | 8.56 Gb Total Space | 0.58 Gb Free Space | 6.77% Space Free | Partition Type: FAT32

    Computer Name: YOUR-4DACD0EA75 | User Name: MOM | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2014\avgnsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2014\avgemcx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2014\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
    PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
    PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    PRC - C:\Program Files\Avaya\Avaya one-X Communicator\QosServM.exe (AVAYA Communication)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\RpcAgentSrv.exe (SiSoftware)
    PRC - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
    PRC - C:\WINDOWS\arservice.exe (Microsoft)


    ========== Modules (No Company Name) ==========

    MOD - C:\WINDOWS\system32\quartz.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF ()
    MOD - C:\WINDOWS\system32\sbe.dll ()
    MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
    MOD - C:\WINDOWS\system32\msdmo.dll ()
    MOD - C:\WINDOWS\system32\devenum.dll ()


    ========== Services (SafeList) ==========

    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    SRV - (avgwd) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
    SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
    SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
    SRV - (GameConsoleService) -- C:\Program Files\WildTangent\Apps\My HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
    SRV - (iClarityQoSService) -- C:\Program Files\Avaya\Avaya one-X Communicator\QosServM.exe (AVAYA Communication)
    SRV - (SandraAgentSrv) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\RpcAgentSrv.exe (SiSoftware)
    SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
    SRV - (ARSVC) -- C:\WINDOWS\arservice.exe (Microsoft)


    ========== Driver Services (SafeList) ==========

    DRV - (WDICA) -- File not found
    DRV - (PDRFRAME) -- File not found
    DRV - (PDRELI) -- File not found
    DRV - (PDFRAME) -- File not found
    DRV - (PDCOMP) -- File not found
    DRV - (PCIDump) -- File not found
    DRV - (lbrtfdc) -- File not found
    DRV - (i2omgmt) -- File not found
    DRV - (ftsata2) -- system32\DRIVERS\ftsata2.sys File not found
    DRV - (DCamUSBVeo532) -- System32\Drivers\ubVeo532.sys File not found
    DRV - (Changer) -- File not found
    DRV - (catchme) -- C:\DOCUME~1\DAD~1.YOU\LOCALS~1\Temp\catchme.sys File not found
    DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (avgtp) -- C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies)
    DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgdiskx) -- C:\WINDOWS\system32\drivers\avgdiskx.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (SmartDefragDriver) -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys ()
    DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
    DRV - (nvgts) -- C:\WINDOWS\system32\drivers\nvgts.sys (NVIDIA Corporation)
    DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
    DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
    DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
    DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
    DRV - (vpnva) -- C:\WINDOWS\system32\drivers\vpnva.sys (Cisco Systems, Inc.)
    DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\WNt500x86\sandra.sys (SiSoftware)
    DRV - (BANTExt) -- C:\WINDOWS\system32\drivers\BANTExt.sys ()
    DRV - (HSXHWBS2) -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
    DRV - (HSX_DP) -- C:\WINDOWS\system32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
    DRV - (RT61) -- C:\WINDOWS\system32\drivers\rt61.sys (Ralink Technology Inc.)
    DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
    DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
    DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
    DRV - (LCcfltr) -- C:\WINDOWS\system32\drivers\LCcfltr.sys (Logitech, Inc.)
    DRV - (GTNDIS5) -- C:\WINDOWS\system32\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKCU\..\URLSearchHook: - No CLSID value found
    IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=110482&mntrId=0848e7d70000000000000018f341744e
    IE - HKCU\..\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}: "URL" = http://search.alot.com/web?q={searchTerms}&pr=prov&client_id=AB2C226001CA6C450013453A&install_time=23-11-2009:08:03&src_id=11152&camp_id=782&tb_version=2.5.6.471
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
    IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg.com/search?cid={4798F553-7C93-4DCC-BBC6-D3B781E18F93}&mid=5ce3a7b7122419458ab8edb14ebe45e0-20956b97e42a87a2206895cb73fb0ddfe8cc8e67&lang=en&ds=oc011&pr=sa&d=2013-05-04 22:49:17&v=15.4.0.5&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
    IE - HKCU\..\SearchScopes\{997E830F-B711-4BBB-BE50-C5BC9B3FE989}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.startup.homepage: "https://login.yahoo.com/config/login_verify2?.intl=us&.src=ym&.done=http%3a%2f%2fus.mg205.mail.yahoo.com%2fdc%2flaunch%3f.gx%3d1%26.rand%3d536975807"
    FF - prefs.js..extensions.enabledAddons: LogMeInClient%40logmein.com:1.0.0.1024
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.0
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
    FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid=%7B4b577fa0-502b-413e-93ef-79ac6da52bf5%7D&mid=5ce3a7b7122419458ab8edb14ebe45e0-20956b97e42a87a2206895cb73fb0ddfe8cc8e67&ds=AVG&v=13.2.0.1&lang=en&pr=fr&d=2012-10-11%2009%3A43%3A12&sap=ku&q="


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/05/31 17:40:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/09/17 23:02:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/17 23:02:34 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2013/09/25 08:19:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins

    [2010/11/13 10:09:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MOM\Application Data\Mozilla\Extensions
    [2010/11/13 10:09:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MOM\Application Data\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
    [2013/07/17 08:00:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MOM\Application Data\Mozilla\Firefox\Profiles\5wxof918.default\extensions
    [2012/03/05 23:10:13 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\MOM\Application Data\Mozilla\Firefox\Profiles\5wxof918.default\extensions\ffxtlbr@babylon.com
    [2013/07/17 08:00:34 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\MOM\Application Data\Mozilla\Firefox\Profiles\5wxof918.default\extensions\LogMeInClient@logmein.com
    [2010/11/13 10:09:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MOM\Application Data\Mozilla\Sunbird\Profiles\60wvvlsk.default\extensions
    [2013/09/17 23:02:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/09/17 23:02:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    [2013/09/17 23:02:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2013/09/17 23:02:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2013/09/17 23:03:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2011/11/12 17:23:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old

    O1 HOSTS File: ([2011/07/18 23:38:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (Hewlett-Packard)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [Media Finder] "C:\Program Files\Media Finder\MF.exe" /opentotray File not found
    O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\MOM\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files\MasterCook 9\Web\MCIEContext.hta ()
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
    O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/pr.../ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.com/wizmodules/tes...enXInstall.cab (TTestGenXInstallObject)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Value error.)
    O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.com/books/_Players...stallAsst2.cab (Pearson Installation Assistant 2)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Value error.)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.com/books/_Players/MathPlayer.cab (Pearson MathXL Player)
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=928 (Performance Viewer Activex Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19BBB996-5117-464D-A89F-CD2424DA7BD0}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E053139-5D2F-4791-9D3C-EB9FABA46996}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\MOM\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\MOM\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/08/30 23:02:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
    O32 - AutoRun File - [2012/02/10 23:42:56 | 000,000,090 | ---- | M] () - E:\AUTORUN.INF -- [ FAT32 ]
    O33 - MountPoints2\{3b84fb0d-04c3-11dd-90a4-0018f341744e}\Shell - "" = AutoRun
    O33 - MountPoints2\{3b84fb0d-04c3-11dd-90a4-0018f341744e}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{3b84fb0d-04c3-11dd-90a4-0018f341744e}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
    O33 - MountPoints2\{3b84fb0e-04c3-11dd-90a4-0018f341744e}\Shell\AutoRun\command - "" = H:\setupSNK.exe
    O33 - MountPoints2\D\Shell - "" = AutoRun
    O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/09/25 06:42:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MOM\Local Settings\Application Data\Mozilla
    [2013/09/25 06:32:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MOM\Application Data\AVG2014
    [2013/09/25 06:31:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MOM\Local Settings\Application Data\Avg2014
    [2013/09/25 06:30:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MOM\Local Settings\Application Data\Microsoft
    [2013/09/25 02:15:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2013/09/24 23:08:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
    [2013/09/24 10:29:02 | 000,029,528 | ---- | C] (IObit) -- C:\WINDOWS\System32\SmartDefragBootTime.exe
    [2013/09/24 01:19:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
    [2013/09/24 01:19:16 | 000,000,000 | -H-D | C] -- C:\$AVG
    [2013/09/24 01:19:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2014
    [2013/09/24 01:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2013/09/24 01:06:37 | 000,000,000 | ---D | C] -- C:\_OTL
    [2013/09/23 01:54:56 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2013/09/17 23:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/09/15 17:21:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag 2
    [2013/09/15 17:20:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
    [2013/08/31 00:31:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MOM\My Documents\Shop'NCook Pro
    [2013/08/31 00:31:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MOM\Application Data\Shop'NCook Pro
    [2013/08/31 00:31:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Shop'NCook Pro
    [2013/08/31 00:31:05 | 000,000,000 | ---D | C] -- C:\Program Files\Shop'NCook Pro
    [2008/09/06 22:36:30 | 000,089,680 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\MOM\MSSSerif120.fon
    [5 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/09/26 01:32:00 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A5BA4143-133C-40B2-AB6F-015DCEDD0290}.job
    [2013/09/26 01:28:23 | 000,001,665 | ---- | M] () -- C:\Documents and Settings\MOM\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3510 series.lnk
    [2013/09/26 01:28:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/09/26 01:28:00 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1007.job
    [2013/09/26 01:28:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1014.job
    [2013/09/26 01:28:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1009.job
    [2013/09/26 01:27:59 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\ROC_REG_JAN.job
    [2013/09/26 01:27:59 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefragUpdate.job
    [2013/09/26 01:27:59 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1015.job
    [2013/09/26 01:27:59 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1016.job
    [2013/09/26 01:21:00 | 000,000,950 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2250449246-3165194149-3948157566-1016Core1ce7ec755383511.job
    [2013/09/26 01:20:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/09/26 00:38:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/09/26 00:34:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/09/26 00:34:42 | 736,677,888 | -HS- | M] () -- C:\hiberfil.sys
    [2013/09/25 10:33:03 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
    [2013/09/25 10:10:02 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
    [2013/09/24 20:40:01 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
    [2013/09/24 14:00:01 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
    [2013/09/24 10:00:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1016.job
    [2013/09/23 23:10:00 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1007.job
    [2013/09/21 08:45:47 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1009.job
    [2013/09/21 01:43:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1014.job
    [2013/09/19 23:38:37 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2013/09/19 23:38:37 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2013/09/18 17:20:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2013/09/11 03:37:48 | 000,327,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/09/08 07:01:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1015.job
    [2013/09/06 00:55:18 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerResumeInstall_Dad.job
    [2013/08/31 00:31:08 | 000,000,716 | ---- | M] () -- C:\Documents and Settings\MOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Shop'NCook Pro.lnk
    [2013/08/30 08:44:59 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [5 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/09/24 10:28:59 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefragUpdate.job
    [2013/09/15 17:21:57 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
    [2013/08/31 00:31:08 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\MOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Shop'NCook Pro.lnk
    [2013/04/15 10:29:49 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
    [2012/02/16 00:48:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/02/01 23:52:04 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2012/02/01 23:52:04 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2012/02/01 23:52:04 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2012/02/01 23:47:11 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
    [2012/02/01 23:37:28 | 000,021,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
    [2012/02/01 23:03:13 | 000,010,084 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
    [2011/08/25 23:20:47 | 000,000,153 | ---- | C] () -- C:\Documents and Settings\MOM\webct_upload_applet.properties
    [2011/07/02 15:37:57 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~16375588r
    [2011/07/02 15:37:56 | 000,000,232 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~16375588
    [2011/07/02 15:37:32 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\16375588
    [2008/05/19 01:09:41 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
    [2008/04/12 19:27:21 | 007,028,736 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
    [2008/04/12 19:27:20 | 007,028,736 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mdb
    [2008/02/12 00:19:33 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat

    ========== ZeroAccess Check ==========

    [2005/08/30 22:58:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2006/09/04 01:12:56 | 001,497,088 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F1F66C0
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BED8A204
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F085C8A1

    < End of report >

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •