[Inactive] Hit by the System Check virus

funkymonky · Jan 26, 2012

Extras.txt log

OTL Extras logfile created on: 1/25/2012 10:51:44 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\ngan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 59.62% Memory free
4.22 Gb Paging File | 3.20 Gb Available in Paging File | 75.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 53.20 Gb Free Space | 48.22% Space Free | Partition Type: NTFS

Computer Name: HELEN-PC | User Name: ngan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{398B1DC2-C042-46AC-8A67-1B4574303AF0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{A56279F2-3031-4267-86D2-B56D52EC7177}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FC1BB86-E0AD-465C-B45D-35E0F8E4A868}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{14AE7395-C9F0-4304-9FE2-7579F17B4E95}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{174C72AC-9C9F-4CC1-86CB-706D845C6DF2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1C0902E2-17EF-4102-BF7F-0B7281335E37}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{258DB9D0-7835-4746-A6DF-03B972EE5508}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2B4832A2-0434-4F97-B5E8-3DCBD50325D8}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{371DC240-8433-44C9-B014-F0531C2307A5}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{3DC0C587-9DA3-451C-9F87-1EE97AADEA20}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{401F93C5-F93E-41DD-A834-844CF0EFA04C}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{43E81AC1-3EF9-477E-AA87-91CB7E128D20}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4AD7ED50-5937-4C2C-9F9C-2C38C74D2446}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dlbkpswx.exe |
"{5A59C134-059D-4683-888B-DE478966B7D5}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{6842464A-6399-4481-B2FE-E147B672E6CD}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dlbkpswx.exe |
"{69FA89BF-8671-4258-9073-FEBB0AB579BA}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{6AF5BE6B-1DDB-4EC0-AA32-5831B7BD2BF8}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{6ED71597-596A-41A4-B5CB-FA0148D61D57}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{7E175359-5DD2-4F54-B412-8FF3E6ABA42C}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{83B5BEC5-C059-4FA5-84FE-D3D7FA71DFFF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9DA175B7-BBDA-426A-8255-98FE64DF5D73}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{B1D88B60-F8DD-4414-B3F7-CF3475DC148D}" = protocol=6 | dir=in | app=c:\windows\system32\dlbkcoms.exe |
"{B5285455-5AE9-4CF4-A5BF-38EACF168374}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{B83C56B7-380F-4D78-948D-FB2FE23BCB34}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{BA82EA2F-9EAD-4287-84C2-52B74346241E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{C2661AF4-7818-4BD6-85B3-0E05A9972D82}" = protocol=17 | dir=in | app=c:\windows\system32\dlbkcoms.exe |
"{D0347EA0-C320-448D-8733-08069253B32D}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{DB58E51C-310D-4AE6-B8BB-3D7291EA0312}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{E70A27E7-3096-4C97-8B6F-8F09143622CA}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{F98A348A-8855-4B8D-B11C-3E249C21C51A}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{FD4A682D-0163-40A6-A964-A6BF3048D706}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"TCP Query User{0EF4B91D-0F5F-46F5-9D94-76C3E1DC696E}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{33CB5FB4-802C-4D28-8685-F5C60DC503C4}C:\users\ngan\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\ngan\appdata\roaming\spotify\spotify.exe |
"TCP Query User{3E502BCF-A0C3-4DCE-9193-0B17EFAEDF2A}E:\techwizard.exe" = protocol=6 | dir=in | app=e:\techwizard.exe |
"TCP Query User{76DAF091-BEEB-410D-9E02-A19F06D39698}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{C31ED26C-F95D-4E26-BBF8-1EADFB85D9BF}C:\program files\freetorrentdownloader\freetorrentdownloader.exe" = protocol=6 | dir=in | app=c:\program files\freetorrentdownloader\freetorrentdownloader.exe |
"UDP Query User{1093D98D-54D2-4693-9120-B544F7C115A9}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{209302F2-CD3C-4BB2-B43E-ECCCE2415E2D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{AB8E1920-4504-4D8B-85CA-645241823A9E}E:\techwizard.exe" = protocol=17 | dir=in | app=e:\techwizard.exe |
"UDP Query User{C8E2014F-D49E-439C-86A1-A9CF9EFB8200}C:\users\ngan\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\ngan\appdata\roaming\spotify\spotify.exe |
"UDP Query User{DA279425-05F5-4B48-A17C-BC4180AA04E7}C:\program files\freetorrentdownloader\freetorrentdownloader.exe" = protocol=17 | dir=in | app=c:\program files\freetorrentdownloader\freetorrentdownloader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1700" = Canon iP1700
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90AE0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Organization Chart 2.0
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BF2A74BF-8D12-47F1-8B19-22B30AF6B0D1}" = Linksys EasyLink Advisor
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CC4C261A-B915-4F23-BD23-7E1AE5713B4E}" = Vz In Home Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FBDBC490-089D-4476-BF72-1F7A6368200A}" = Pure Networks Platform
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"bflixtoolbar" = BFlix Toolbar
"Canon iP1700 User Registration" = Canon iP1700 User Registration
"CanonMyPrinter" = Canon My Printer
"Dell AIO Printer A920" = Dell AIO Printer A920
"DivX Setup.divx.com" = DivX Setup
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder4.1" = Freecorder
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Linksys EasyLink Advisor" = Linksys EasyLink Advisor
"lvdrivers_11.50" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Verizon FiOS Activation_is1" = Verizon FiOS Activation
"Verizon Help and Support" = Verizon Help and Support Tool
"WildTangent toshiba Master Uninstall" = TOSHIBA Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/18/2010 6:02:33 AM | Computer Name = Helen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/18/2010 6:02:33 AM | Computer Name = Helen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 32931390

Error - 9/18/2010 6:02:33 AM | Computer Name = Helen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 32931390

Error - 9/18/2010 6:02:34 AM | Computer Name = Helen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/18/2010 6:02:34 AM | Computer Name = Helen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 32932388

Error - 9/18/2010 6:02:34 AM | Computer Name = Helen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 32932388

Error - 9/18/2010 6:02:35 AM | Computer Name = Helen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/18/2010 6:02:35 AM | Computer Name = Helen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 32933418

Error - 9/18/2010 6:02:35 AM | Computer Name = Helen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 32933418

Error - 9/18/2010 6:02:36 AM | Computer Name = Helen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

[ Media Center Events ]
Error - 11/15/2008 4:08:43 PM | Computer Name = Helen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 1/30/2009 2:39:57 PM | Computer Name = Helen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/30/2009 12:06:47 AM | Computer Name = Helen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 7/20/2009 11:17:57 PM | Computer Name = Helen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 1/25/2012 5:01:10 AM | Computer Name = Helen-PC | Source = DCOM | ID = 10010
Description =

Error - 1/25/2012 5:43:25 PM | Computer Name = Helen-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 1/25/2012 5:44:29 PM | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 1/25/2012 5:44:29 PM | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 1/25/2012 5:44:29 PM | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 1/25/2012 5:44:29 PM | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 1/25/2012 5:44:29 PM | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 1/25/2012 5:53:07 PM | Computer Name = Helen-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.119.373.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error
code: 0x80096001 Error description: A system-level error occurred while verifying
trust.

Error - 1/25/2012 9:55:31 PM | Computer Name = Helen-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.119.373.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error
code: 0x80096001 Error description: A system-level error occurred while verifying
trust.

Error - 1/26/2012 2:53:50 AM | Computer Name = Helen-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.119.373.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error
code: 0x80096001 Error description: A system-level error occurred while verifying
trust.

< End of report >

Bobbye · Jan 27, 2012

Okay, I have script set up to run in OTL, but there are errors indicating there might be an activation problem. Let's check that out first as there are an exceptional number of entries to remove:

Please run the MGA Diagnostics tool

You will be prompted to either “Run” or “Save” the tool. Choose to “Run” the tool and follow the on-screen prompts.

You will receive an Internet Explorer-Security Warning dialog box for the Windows Genuine Advantage Diagnostic Tool>

You must choose to Run this tool when prompted.

Once you are presented with the Diagnostics tool choose Continue to run the diagnostic report.

If the RESOLVE button is available after running the diagnostics, please click RESOLVE to allow the diagnostic tool to attempt a repair.

After running the MGA Diagnostic tool, click on the Windows tab and then click on Copy

Please return to this thread and Paste the results here for review.

------------------------------------------
This tool will is to look on the computer itself, in the documentation you received with the computer or with your retail purchase of Windows to see if you have a Certificate of Authenticity (COA). If you have one, tell us about the COA. Tell us:

1. What edition of Windows XP is it for, Home, Pro, or Media Center, or another version of Windows?
2. Does it read "OEM Software" or "OEM Product" in black lettering?
3. Or, does it have the computer manufacturer's name in black lettering?
4. DO NOT post the Product Key.

NOTE: The data collected with the Genuine Diagnostics Tool does NOT contain any information that can personally identify you and can be fully reviewed, by you, before being posted.

funkymonky · Jan 29, 2012

The Resolve Button did not show up, so this is just the MGA Diagnostics. I took out the Product Key and Product ID:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012

Windows Product Key Hash: R8gPTEFMoOygFewoq/uOoWMpz68=

Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6002.2.00010300.2.0.003
ID: {589CE5F3-BCE1-45A9-BA30-D330CDF1CC28}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6002.vistasp2_gdr.111025-0338
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6002.16398

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional Edition 2003 - 100 Genuine
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Allowed
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{589CE5F3-BCE1-45A9-BA30-D330CDF1CC28}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-RJ34F</PKey><PID>89578-OEM-7332157-00237</PID><PIDType>2</PIDType><SID>S-1-5-21-2397746768-2885083860-4240868168</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite A205</Model></SYSTEM><BIOS><Manufacturer>TOSHIBA</Manufacturer><Version>V2.20</Version><SMBIOSVersion major="2" minor="4"/><Date>20080310000000.000000+000</Date></BIOS><HWID>A6323507018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSCPL</OEMID><OEMTableID>TOSCPL00</OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>B90A82CB9436500</Val><Hash>QkyZNrhgPP7BeMX/VkVt7x/e8Zg=</Hash><Pid>73931-640-1545006-57628</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6002.18005
Name: Windows(TM) Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89578-00146-321-500237-02-1033-6001.0000-2022008
Installation ID: 021031851315911800272176831322876354573851108312068914
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: RJ34F
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: OAAAAAEABAABAAIAAQABAAAAAwABAAEAJJQcldS/cscoSwYMRoOuZdYA4N/y9OZJBPO20KxWsg0=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC INTEL CRESTLNE
FACP TOSCPL CRESTLNE
HPET INTEL CRESTLNE
BOOT PTLTD $SBFTBL$
MCFG INTEL CRESTLNE
TCPA Intel CRESTLNE
TMOR PTLTD
SLIC TOSCPL TOSCPL00
OSFR TOSHIB A+2nd ID
APIC INTEL CRESTLNE
SSDT SataRe SataAhci
SSDT SataRe SataAhci
SSDT SataRe SataAhci
SSDT SataRe SataAhci
SSDT SataRe SataAhci

Bobbye · Jan 31, 2012

Lots to copy here- be sure you get it all:
OTL Custom Scan Fixes

Run OTL

Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:

Code:

:OTL
IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre2.dll (Conduit Ltd.)
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
[2008/08/03 18:48:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ngan\AppData\Roaming\mozilla\Extensions
[2012/01/11 13:57:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ngan\AppData\Roaming\mozilla\Firefox\Profiles\pzctg0ec.default\ext ensions
[2012/01/11 13:57:09 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\ngan\AppData\Roaming\mozilla\Firefox\Profiles\pzctg0ec.default\ext ensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2011/09/28 13:39:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ngan\AppData\Roaming\mozilla\Firefox\Profiles\pzctg0ec.default\ext ensions\{1392B8D2-5C05-419F-A8F6-B9F15A596612}-TRASH
[2011/11/11 19:28:27 | 000,000,000 | ---D | M] (BFlix Toolbar) -- C:\Users\ngan\AppData\Roaming\mozilla\Firefox\Profiles\pzctg0ec.default\ext ensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}
[2011/11/11 19:28:58 | 000,001,945 | ---- | M] () -- C:\Users\ngan\AppData\Roaming\Mozilla\Firefox\Profiles\pzctg0ec.default\sea rchplugins\bing-zugo.xml
[2012/01/08 23:49:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/04 19:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre2.dll (Conduit Ltd.)
O2 - BHO: (BFlix Toolbar) - {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - C:\Program Files\bflixtoolbar\vmntemplateX.dll ()
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BFlix Toolbar) - {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - C:\Program Files\bflixtoolbar\vmntemplateX.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\prxtbFre2.dll (Conduit Ltd.)
[2012/01/21 14:18:30 | 000,000,272 | ---- | M] () -- C:\ProgramData\~Bp26Blb39DVrGH
[2012/01/21 14:18:30 | 000,000,168 | ---- | M] () -- C:\ProgramData\~Bp26Blb39DVrGHr
[2012/01/21 00:35:11 | 000,000,440 | ---- | M] () -- C:\ProgramData\Bp26Blb39DVrGH
[2012/01/11 21:57:53 | 000,000,894 | -HS- | M] () -- C:\Users\ngan\AppData\Local\075x22s613657qe7ud702ut
[2012/01/11 21:57:53 | 000,000,894 | -HS- | M] () -- C:\ProgramData\075x22s613657qe7ud702ut
[2012/01/11 21:57:53 | 000,000,894 | -HS- | C] () -- C:\Users\ngan\AppData\Local\075x22s613657qe7ud702ut
[2012/01/11 21:57:53 | 000,000,894 | -HS- | C] () -- C:\ProgramData\075x22s613657qe7ud702ut
[2011/06/13 21:33:12 | 000,000,120 | ---- | C] () -- C:\Users\ngan\AppData\Local\Aqovaripec.dat
[2011/06/13 21:33:12 | 000,000,000 | ---- | C] () -- C:\Users\ngan\AppData\Local\Fbilesicog.bin
2011/05/11 21:53:41 | 000,011,004 | -HS- | C] () -- C:\Users\ngan\AppData\Local\230t17d8r0p00q1761g3mnq4h8r4n7k5w62
[2011/05/11 21:53:41 | 000,011,004 | -HS- | C] () -- C:\ProgramData\230t17d8r0p00q1761g3mnq4h8r4n7k5w62
[2011/05/08 18:10:09 | 000,011,784 | -HS- | C] () -- C:\Users\ngan\AppData\Local\m32esmfe7c4o462rx2yg3t247
[2011/05/08 18:10:09 | 000,011,784 | -HS- | C] () -- C:\ProgramData\m32esmfe7c4o462rx2yg3t247
[2008/02/18 17:31:59 | 000,157,040 | ---- | C] () -- C:\Windows\fdbpinger.exe
[C:\Windows\$NtUninstallKB56859$] -> -> Unknown point type
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
helpfile [open] -- Reg Error: Key error.
regfile [merge] -- Reg Error: Key error.
txtfile [edit] -- Reg Error: Key error.

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" =-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" =-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" =-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" =-
"VistaSp2" =-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bflixtoolbar" =-
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" =-
"bflixtoolbar" =-
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder4.1" =-
:Files
:Commands
[purity]
[emptyjava]
[resethosts]
[CreateRestorePoint]
[Reboot]

Then click the Run Fix button at the top
Let the program run uninterrupted, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

==========================================
You have multiple old versions of Java and do not have the current version. The best way to handle that is to run the following: Note: I do not want this log!

Please download JavaRa and unzip it to your desktop.

Important!***Please close any instances of Internet Explorer before continuing!***

Double-click on JavaRa.exe to start the program.
From the drop-down menu, choose English and click on Select.
JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that
a logfile has been produced. Click OK.
A logfile will pop up. Please save it to a convenient location.Note: Do not leave this log.

Download and install then most current version and update of Java RuntimeEnvironment (JRE)HERE.
Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.
===========================================
Please leave new log for OTL in new reply.

funkymonky · Feb 2, 2012

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ deleted successfully.
C:\Program Files\Freecorder\prxtbFre2.dll moved successfully.
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
C:\Users\ngan\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} folder moved successfully.
C:\Users\ngan\AppData\Roaming\mozilla\Extensions folder moved successfully.
Folder C:\Users\ngan\AppData\Roaming\mozilla\Firefox\Profiles\pzctg0ec.default\ext ensions\ not found.
Folder C:\Users\ngan\AppData\Roaming\mozilla\Firefox\Profiles\pzctg0ec.default\ext ensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
Folder C:\Users\ngan\AppData\Roaming\mozilla\Firefox\Profiles\pzctg0ec.default\ext ensions\{1392B8D2-5C05-419F-A8F6-B9F15A596612}-TRASH\ not found.
Folder C:\Users\ngan\AppData\Roaming\mozilla\Firefox\Profiles\pzctg0ec.default\ext ensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\ not found.
File C:\Users\ngan\AppData\Roaming\Mozilla\Firefox\Profiles\pzctg0ec.default\sea rchplugins\bing-zugo.xml not found.
C:\Program Files\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\bing.xml.old moved successfully.
::1 localhost removed from HOSTS file successfully
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
File C:\Program Files\Freecorder\prxtbFre2.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\ deleted successfully.
C:\Program Files\bflixtoolbar\vmntemplateX.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
File C:\Program Files\Freecorder\prxtbFre2.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\ not found.
File C:\Program Files\bflixtoolbar\vmntemplateX.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}\ not found.
File C:\Program Files\Freecorder\prxtbFre2.dll not found.
C:\ProgramData\~Bp26Blb39DVrGH moved successfully.
C:\ProgramData\~Bp26Blb39DVrGHr moved successfully.
C:\ProgramData\Bp26Blb39DVrGH moved successfully.
C:\Users\ngan\AppData\Local\075x22s613657qe7ud702ut moved successfully.
C:\ProgramData\075x22s613657qe7ud702ut moved successfully.
File C:\Users\ngan\AppData\Local\075x22s613657qe7ud702ut not found.
File C:\ProgramData\075x22s613657qe7ud702ut not found.
C:\Users\ngan\AppData\Local\Aqovaripec.dat moved successfully.
C:\Users\ngan\AppData\Local\Fbilesicog.bin moved successfully.
C:\ProgramData\230t17d8r0p00q1761g3mnq4h8r4n7k5w62 moved successfully.
C:\Users\ngan\AppData\Local\m32esmfe7c4o462rx2yg3t247 moved successfully.
C:\ProgramData\m32esmfe7c4o462rx2yg3t247 moved successfully.
C:\Windows\fdbpinger.exe moved successfully.
Unable to remove Unknown point type C:\Windows\$NtUninstallKB56859$
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
Unable to delete ADS C:\ProgramData\TEMPFC5A2B2 .
ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring deleted successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\VistaSp1 scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\VistaSp2 scheduled to be deleted on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\bflixtoolbar not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{63A6E9A9-A190-46D4-9430-2DB28654AFD8} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63A6E9A9-A190-46D4-9430-2DB28654AFD8}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\bflixtoolbar not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\"Freecorder Toolbar" | Freecorder Toolbar /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Freecorder4.1 not found.
========== FILES ==========
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Guest

User: ngan
->Java cache emptied: 1469386 bytes

User: Public

Total Java Files Cleaned = 1.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 02022012_173937

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\VistaSp1 scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\VistaSp2 scheduled to be deleted on reboot.

funkymonky · Feb 2, 2012

Oops sorry, that log was from the Run Fix. Here's the Quick Scan log:

OTL logfile created on: 2/2/2012 6:49:17 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\ngan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 43.42% Memory free
4.22 Gb Paging File | 2.81 Gb Available in Paging File | 66.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 39.86 Gb Free Space | 36.13% Space Free | Partition Type: NTFS

Computer Name: HELEN-PC | User Name: ngan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Users\ngan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics Incorporated)
PRC - C:\Program Files\Verizon\McciTrayApp.exe (Motive Communications, Inc.)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Logitech Inc.)
PRC - c:\Toshiba\IVP\swupdate\swupdtmr.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Dell AIO Printer A920\DLBKbmgr.exe (Dell)
PRC - C:\Program Files\Dell AIO Printer A920\DLBKbmon.exe (Dell)
PRC - C:\Windows\System32\dlbkcoms.exe ( )
PRC - C:\Toshiba\IVP\ISM\pinger.exe ()
PRC - C:\Program Files\Toshiba\Utilities\KeNotify.exe ()
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Users\ngan\AppData\Roaming\Mozilla\Firefox\Profiles\pzctg0ec.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko10.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Logitech\QuickCam\LAppRes.DLL ()
MOD - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
MOD - C:\Program Files\Common Files\LogiShrd\LComMgr\LogiVOIPDevicePlugin.dll ()
MOD - C:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless4001.dll ()
MOD - C:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless.dll ()
MOD - C:\Program Files\Logitech\QuickCam\EFVal.dll ()
MOD - C:\Program Files\Common Files\LogiShrd\LComMgr\DevMngr.dll ()
MOD - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
MOD - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll ()
MOD - C:\Windows\System32\igfxTMM.dll ()
MOD - C:\Program Files\Toshiba\Utilities\KeNotify.exe ()

========== Win32 Services (SafeList) ==========

SRV - (CLTNetCnService) -- File not found
SRV - (vToolbarUpdater) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe ()
SRV - (avgfws) -- C:\Program Files\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
SRV - (LinksysUpdater) -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
SRV - (TNaviSrv) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (jswpsapi) -- C:\Program Files\Jumpstart\jswpsapi.exe (Atheros Communications, Inc.)
SRV - (Swupdtmr) -- c:\Toshiba\IVP\swupdate\swupdtmr.exe ()
SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (dlbk_device) -- C:\Windows\System32\dlbkcoms.exe ( )
SRV - (pinger) -- C:\Toshiba\IVP\ISM\pinger.exe ()
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)

========== Driver Services (SafeList) ==========

DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\Windows\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgfwfd) -- C:\Windows\System32\drivers\avgfwd6x.sys (AVG Technologies CZ, s.r.o.)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (purendis) -- C:\Windows\System32\drivers\purendis.sys (Cisco Systems, Inc.)
DRV - (pnarp) -- C:\Windows\System32\drivers\pnarp.sys (Cisco Systems, Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (LVcKap) -- C:\Windows\System32\drivers\Lvckap.sys (Logitech Inc.)
DRV - (LVUVC) QuickCam Communicate Deluxe(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (jswpslwf) -- C:\Windows\System32\drivers\jswpslwf.sys (Atheros Communications, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=Z134&install_date=20111112
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?pc=Z134&install_date=20111112"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\ngan\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010/12/10 14:11:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010/12/10 14:11:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\9.0.0.23\ [2012/01/05 15:11:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/01/27 18:21:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/31 15:05:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/29 13:22:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{D7B3796E-B384-4685-AE12-F8EC49B8B3DE}: C:\Users\ngan\AppData\Local\{D7B3796E-B384-4685-AE12-F8EC49B8B3DE} [2011/06/13 21:33:11 | 000,000,000 | ---D | M]

[2012/02/02 17:59:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ngan\AppData\Roaming\mozilla\Extensions
[2012/01/11 13:57:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ngan\AppData\Roaming\mozilla\Firefox\Profiles\pzctg0ec.default\extensions
[2012/01/11 13:57:09 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\ngan\AppData\Roaming\mozilla\Firefox\Profiles\pzctg0ec.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2011/09/28 13:39:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ngan\AppData\Roaming\mozilla\Firefox\Profiles\pzctg0ec.default\extensions\{1392B8D2-5C05-419F-A8F6-B9F15A596612}-TRASH
[2010/04/27 15:13:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\ngan\AppData\Roaming\mozilla\Firefox\Profiles\pzctg0ec.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/11 19:28:27 | 000,000,000 | ---D | M] (BFlix Toolbar) -- C:\Users\ngan\AppData\Roaming\mozilla\Firefox\Profiles\pzctg0ec.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}
[2009/01/12 15:01:01 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\ngan\AppData\Roaming\mozilla\Firefox\Profiles\pzctg0ec.default\extensions\moveplayer@movenetworks.com
[2011/11/11 19:28:58 | 000,001,945 | ---- | M] () -- C:\Users\ngan\AppData\Roaming\Mozilla\Firefox\Profiles\pzctg0ec.default\searchplugins\bing-zugo.xml
[2011/11/30 19:53:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/05 15:11:48 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\9.0.0.23
[2011/06/13 21:33:11 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\NGAN\APPDATA\LOCAL\{D7B3796E-B384-4685-AE12-F8EC49B8B3DE}
[2012/01/31 15:05:09 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/27 18:20:43 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/01/08 23:49:56 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\13.0.782.220\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\13.0.782.220\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\13.0.782.220\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\ngan\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\ngan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: Entanglement = C:\Users\ngan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: DivX HiQ = C:\Users\ngan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: AVG Safe Search = C:\Users\ngan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\
CHR - Extension: Poppit = C:\Users\ngan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\ngan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\

O1 HOSTS File: ([2012/02/02 17:40:21 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [dlbkbmgr.exe] C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe (Dell)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup File not found
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\Toshiba\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" File not found
O4 - HKCU..\Run: [Spotify] C:\Users\ngan\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
O4 - HKLM..\RunOnce: [OTL] C:\Users\ngan\Desktop\OTL.exe (OldTimer Tools)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F334C34-DA0E-4CC7-9B30-DD2FF09902A1}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\ngan\Pictures\placetocallhome\bookstairs.jpg
O24 - Desktop BackupWallPaper: C:\Users\ngan\Pictures\placetocallhome\bookstairs.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/02 17:39:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/29 15:56:00 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2012/01/27 18:21:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012/01/27 18:20:51 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/01/27 18:18:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/01/27 18:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/01/25 22:48:18 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\ngan\Desktop\OTL.exe
[2012/01/24 17:42:57 | 000,000,000 | --SD | C] -- C:\myapp
[2012/01/23 00:48:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/23 00:48:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/23 00:48:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/23 00:48:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/23 00:44:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/22 23:38:21 | 000,000,000 | ---D | C] -- C:\Users\ngan\AppData\Roaming\AVG2012
[2012/01/22 00:23:10 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/01/22 00:16:54 | 000,185,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2012/01/22 00:16:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/01/22 00:15:43 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/01/22 00:15:40 | 000,000,000 | ---D | C] -- C:\Users\ngan\AppData\Roaming\TestApp
[2012/01/21 20:49:47 | 000,100,864 | ---- | C] (GMER) -- C:\awtoipow.sys
[2012/01/18 22:34:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\cache
[2012/01/07 15:49:37 | 000,000,000 | ---D | C] -- C:\Program Files\MALWAREBYTES ANTI-MALWARE
[2012/01/05 15:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/05 15:56:40 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/05 15:11:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/01/05 14:58:09 | 000,000,000 | ---D | C] -- C:\Users\ngan\AppData\Roaming\AVG
[2010/03/06 16:23:24 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbkserv.dll
[2010/03/06 16:23:24 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\dlbkusb1.dll
[2010/03/06 16:23:24 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbkpmui.dll
[2010/03/06 16:23:24 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbklmpm.dll
[2010/03/06 16:23:24 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbkinpa.dll
[2010/03/06 16:23:24 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbkiesc.dll
[2010/03/06 16:23:24 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\DLBKhcp.dll
[2010/03/06 16:23:24 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbkprox.dll
[2010/03/06 16:23:24 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbkpplc.dll
[2010/03/06 16:23:23 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbkhbn3.dll
[2010/03/06 16:23:23 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbkcomc.dll
[2010/03/06 16:23:23 | 000,538,096 | ---- | C] ( ) -- C:\Windows\System32\dlbkcoms.exe
[2010/03/06 16:23:23 | 000,386,544 | ---- | C] ( ) -- C:\Windows\System32\dlbkih.exe
[2010/03/06 16:23:23 | 000,382,448 | ---- | C] ( ) -- C:\Windows\System32\dlbkcfg.exe
[2010/03/06 16:23:23 | 000,073,728 | ---- | C] ( ) -- C:\Windows\System32\dlbkcu.dll
[2010/03/06 16:22:54 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbkcomm.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/02 18:39:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/02 18:28:59 | 088,033,895 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/02/02 17:49:06 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/02 17:49:05 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/02 17:49:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/02 17:48:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/02 17:40:21 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/02/02 14:30:03 | 087,996,682 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm.old
[2012/01/30 20:58:50 | 000,606,602 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/30 20:58:50 | 000,105,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/30 18:01:34 | 000,053,282 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/01/27 18:21:31 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/01/25 22:48:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\ngan\Desktop\OTL.exe
[2012/01/24 14:16:41 | 000,000,842 | ---- | M] () -- C:\Users\ngan\Desktop\iExplore - Shortcut.lnk
[2012/01/24 01:40:42 | 000,000,680 | ---- | M] () -- C:\Users\ngan\AppData\Local\d3d9caps.dat
[2012/01/22 23:05:32 | 000,684,297 | ---- | M] () -- C:\Users\ngan\Desktop\unhide.exe
[2012/01/22 00:20:43 | 002,266,381 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2012/01/21 20:49:47 | 000,100,864 | ---- | M] (GMER) -- C:\awtoipow.sys
[2012/01/18 15:48:16 | 000,621,032 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2012/01/11 16:19:02 | 000,185,560 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/27 18:21:31 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/01/24 14:16:41 | 000,000,842 | ---- | C] () -- C:\Users\ngan\Desktop\iExplore - Shortcut.lnk
[2012/01/23 00:48:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/23 00:48:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/23 00:48:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/23 00:48:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/23 00:48:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/22 23:04:39 | 000,684,297 | ---- | C] () -- C:\Users\ngan\Desktop\unhide.exe
[2012/01/22 00:17:32 | 002,266,381 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/06/13 21:32:55 | 000,000,004 | ---- | C] () -- C:\Users\ngan\AppData\Roaming\mlog
[2011/05/11 21:53:41 | 000,011,004 | -HS- | C] () -- C:\Users\ngan\AppData\Local\230t17d8r0p00q1761g3mnq4h8r4n7k5w62
[2011/04/09 17:50:40 | 000,000,680 | ---- | C] () -- C:\Users\ngan\AppData\Local\d3d9caps.dat
[2010/12/16 15:00:13 | 000,000,020 | ---- | C] () -- C:\Windows\System32\AVGRSSTX.DLL
[2010/09/21 20:36:45 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/09/21 20:36:45 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/04/28 18:13:43 | 000,000,760 | ---- | C] () -- C:\Users\ngan\AppData\Roaming\setup_ldm.iss
[2010/04/17 16:15:31 | 000,000,255 | ---- | C] () -- C:\Windows\System32\dlbkcoin.ini
[2010/03/06 16:26:34 | 000,000,444 | ---- | C] () -- C:\Windows\dellstat.ini
[2010/03/06 16:23:24 | 000,462,848 | ---- | C] () -- C:\Windows\System32\dlbkjswr.dll
[2010/03/06 16:23:24 | 000,413,696 | ---- | C] () -- C:\Windows\System32\dlbkutil.dll
[2010/03/06 16:23:24 | 000,274,432 | ---- | C] () -- C:\Windows\System32\DLBKinst.dll
[2010/03/06 16:23:24 | 000,155,648 | ---- | C] () -- C:\Windows\System32\dlbkinsb.dll
[2010/03/06 16:23:23 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dlbkcur.dll
[2010/03/06 16:22:55 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbkcnv5.dll
[2010/03/06 16:22:55 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbkcnv4.dll
[2010/03/06 16:22:55 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbkvs.dll
[2010/03/06 16:22:55 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2010/03/06 16:22:54 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbkcoin.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/05/30 12:22:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/30 12:22:26 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/02/21 21:21:48 | 000,000,000 | ---- | C] () -- C:\Windows\CastleMalloy.INI
[2008/11/16 12:55:05 | 000,000,000 | ---- | C] () -- C:\Users\ngan\AppData\Roaming\wklnhst.dat
[2008/11/03 21:03:29 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/08/21 09:10:45 | 000,059,500 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008/08/06 09:00:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/03 13:54:33 | 000,000,067 | ---- | C] () -- C:\Windows\swupdate.INI
[2008/08/03 10:20:53 | 000,000,052 | ---- | C] () -- C:\Windows\intuprof.ini
[2008/08/03 10:20:48 | 000,000,638 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2008/08/02 11:31:02 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/07/22 19:53:16 | 000,145,920 | ---- | C] () -- C:\Users\ngan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/20 17:41:19 | 000,000,013 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2008/07/20 17:41:19 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2008/02/20 11:16:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/02/20 11:16:48 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/02/20 11:16:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/02/20 11:16:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/02/20 11:16:48 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/02/20 11:16:48 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/02/20 11:03:54 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ3.dat
[2008/02/20 11:03:54 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat
[2008/02/20 11:03:54 | 000,000,016 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
[2008/02/18 18:43:23 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/02/18 18:36:45 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2008/02/18 18:33:34 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/02/18 18:33:34 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/02/18 18:33:34 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/02/18 18:33:34 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/12/21 16:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2007/10/11 17:59:24 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2007/09/13 14:31:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/09/13 14:22:46 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/13 14:22:46 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/09/13 14:11:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 000,370,744 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,606,602 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,105,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/11/23 14:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005/07/22 21:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/12/28 17:42:24 | 000,000,000 | ---D | M] -- C:\Users\ngan\AppData\Roaming\Amazon
[2012/01/05 14:58:09 | 000,000,000 | ---D | M] -- C:\Users\ngan\AppData\Roaming\AVG
[2011/10/17 14:46:54 | 000,000,000 | ---D | M] -- C:\Users\ngan\AppData\Roaming\AVG10
[2012/01/22 23:38:21 | 000,000,000 | ---D | M] -- C:\Users\ngan\AppData\Roaming\AVG2012
[2010/06/29 12:27:07 | 000,000,000 | ---D | M] -- C:\Users\ngan\AppData\Roaming\Facebook
[2011/11/11 20:00:57 | 000,000,000 | ---D | M] -- C:\Users\ngan\AppData\Roaming\FreeTorrentDownloader
[2010/12/10 14:11:28 | 000,000,000 | ---D | M] -- C:\Users\ngan\AppData\Roaming\Local
[2011/12/01 19:27:25 | 000,000,000 | ---D | M] -- C:\Users\ngan\AppData\Roaming\Smart PDF Creator
[2012/02/02 17:58:51 | 000,000,000 | ---D | M] -- C:\Users\ngan\AppData\Roaming\Spotify
[2008/11/16 12:55:09 | 000,000,000 | ---D | M] -- C:\Users\ngan\AppData\Roaming\Template
[2012/01/22 00:15:40 | 000,000,000 | ---D | M] -- C:\Users\ngan\AppData\Roaming\TestApp
[2012/01/24 16:23:34 | 000,000,000 | ---D | M] -- C:\Users\ngan\AppData\Roaming\TOSHIBA
[2008/07/20 21:35:56 | 000,000,000 | ---D | M] -- C:\Users\ngan\AppData\Roaming\Ulead Systems
[2008/08/03 08:10:21 | 000,000,000 | ---D | M] -- C:\Users\ngan\AppData\Roaming\WinBatch
[2012/02/02 17:47:17 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMPFC5A2B2

< End of report >

Bobbye · Feb 6, 2012

The 'fix' log was okay to leave, but there are a few more entries to remove.

OTL Custom Scan Fixes
Run OTL
Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:
Code:
:OTL
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMPFC5A2B2
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)

:Commands
[purity]
[emptytemp]
[emptyflash]
[emptyjava]
[resethosts]
[CreateRestorePoint]
[Reboot]
Then click the Run Fix button at the top

Let the program run uninterrupted, reboot the PC when it is done

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
=====================================
Please update Java: Java Updates . Uninstall any earlier versions in Add/Remove Programs (Java V6u22) as they are vulnerabilities for the system.

Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..

Please give me an update on the system.

Bobbye · Feb 12, 2012

I am ready to close the thread. Please reply if you still have malware problems.

TechSpot

[Inactive] Hit by the System Check virus

funkymonky Newcomer, in training

Bobbye Helper on the Fringe

funkymonky Newcomer, in training

Bobbye Helper on the Fringe

funkymonky Newcomer, in training

funkymonky Newcomer, in training

Bobbye Helper on the Fringe

Bobbye Helper on the Fringe