Need help to uninstall xVidly

Inactive-A
By Rbell
May 12, 2013
Topic Status:
Not open for further replies.
  1. Rbell

    Rbell Newcomer, in training Topic Starter Posts: 27

    Here is the FRST.txt log.

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-05-2013 02
    Ran by Mom and Dad (administrator) on 22-05-2013 22:23:52
    Running from C:\Documents and Settings\Mom and Dad\Desktop
    Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Normal
    ==================== Processes (Whitelisted) ===================

    (ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
    (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
    (ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
    (Microsoft Corporation) C:\WINDOWS\eHome\ehRecvr.exe
    (Microsoft Corporation) C:\WINDOWS\eHome\ehSched.exe
    (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    (Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    (Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (RealNetworks, Inc.) C:\program files\real\realplayer\update\realsched.exe
    (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
    (New Boundary Technologies, Inc.) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    (Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (Hewlett-Packard) C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    (Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    (Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe
    (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicatorCom.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe
    (Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
    (Yahoo! Inc.) C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    (Microsoft Corporation) C:\WINDOWS\eHome\ehmsas.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    (Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.355.0\SeaPort.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
    (Farbar) C:\Documents and Settings\Mom and Dad\Desktop\FRST.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)
    HKLM\...\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe [x]
    HKLM\...\Run: [SkyTel] SkyTel.EXE [x]
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947152 2013-01-27] (Microsoft Corporation)
    HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [110696 2010-10-16] (NVIDIA Corporation)
    HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [13851752 2010-10-16] (NVIDIA Corporation)
    HKLM\...\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet [1753192 2010-08-26] ()
    HKLM\...\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot [295512 2013-04-27] (RealNetworks, Inc.)
    HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
    HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
    HKLM\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
    HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [61440 2010-02-11] (Advanced Micro Devices, Inc.)
    HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
    HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
    HKLM Group Policy restriction on software: %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* <====== ATTENTION
    HKLM\...\Winlogon: [System]
    Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
    HKCU\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet [6595928 2012-05-25] (Yahoo! Inc.)
    HKCU\...\Run: [HP Photosmart 6510 series (NET)] "C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN22E470FS05QB:NW" -scfn "HP Photosmart 6510 series (NET)" -AutoStart 1 [1837672 2012-10-17] (Hewlett-Packard Co.)
    HKCU\...\Run: [HP Photosmart 6520 series (NET)] "C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN29F1520705TZ:NW" -scfn "HP Photosmart 6520 series (NET)" -AutoStart 1 [1837672 2012-10-17] (Hewlett-Packard Co.)
    Lsa: [Authentication Packages] msv1_0 nwprovau
    Startup: C:\Documents and Settings\Mom and Dad\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6510 series (Network).lnk
    ShortcutTarget: Monitor Ink Alerts - HP Photosmart 6510 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 6510 series\bin\HPStatusBL.dll (Hewlett-Packard Co.)
    Startup: C:\Documents and Settings\Mom and Dad\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6510 series.lnk
    ShortcutTarget: Monitor Ink Alerts - HP Photosmart 6510 series.lnk -> (No File)
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    SearchScopes: HKLM - {2381E4B7-5C04-459E-9D46-2F9AC1608B66} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ysp
    SearchScopes: HKCU - {2381E4B7-5C04-459E-9D46-2F9AC1608B66} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    BHO: Yahooo Search Protection - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
    BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    BHO: LessTabs - {3178A392-8963-471E-B7A2-969CB58D6496} - C:\Program Files\LessTabs\IE32\LessTabsClientIE.dll (LessTabs)
    BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    BHO: Get Lyrics - {AF5B5C22-498A-4239-9A51-82BDD99C6A44} - C:\Program Files\GetLyrics\getlrcs.dll (LEV Addons)
    BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll No File
    BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
    BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll No File
    Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.355.0\BingExt.dll" No File
    PDF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    PDF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    PDF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll No File
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll No File
    Winsock: Catalog5 04 %SystemRoot%\System32\nwprovau.dll [142336] (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\fr6afugt.default
    FF Homepage: hxxp://www.msn.com/
    FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @real.com/nppl3260;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprjplug;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpplugin;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
    FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Extension: Garmin Communicator - C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\fr6afugt.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
    FF Extension: Yahoo! Toolbar - C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\fr6afugt.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF Extension: HP Detect - C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\fr6afugt.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
    FF Extension: tineye - C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\fr6afugt.default\Extensions\tineye@ideeinc.com.xpi
    FF Extension: No Name - C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\fr6afugt.default\Extensions\{1266764D-FC4F-4FA7-B63B-884D53B1680F}.xpi

    Chrome:
    =======
    CHR Extension: (Google Docs) - C:\Documents and Settings\Mom and Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
    CHR Extension: (Google Drive) - C:\Documents and Settings\Mom and Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
    CHR Extension: (YouTube) - C:\Documents and Settings\Mom and Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
    CHR Extension: (Google Search) - C:\Documents and Settings\Mom and Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
    CHR Extension: (RealDownloader) - C:\Documents and Settings\Mom and Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0
    CHR Extension: (Gmail) - C:\Documents and Settings\Mom and Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

    ========================== Services (Whitelisted) =================

    S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2010-02-10] ()
    R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
    R2 MSSQL$ONDSQL; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
    R2 NWCWorkstation; C:\Windows\System32\nwwks.dll [65536 2008-04-13] (Microsoft Corporation)
    R2 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [65536 2011-12-23] (New Boundary Technologies, Inc.)
    R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
    R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]

    ==================== Drivers (Whitelisted) ====================

    R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [3565056 2010-02-11] (ATI Technologies Inc.)
    S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
    S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [145920 2005-01-07] (Windows (R) Server 2003 DDK provider)
    R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider)
    R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [1035008 2005-07-22] (Conexant Systems, Inc.)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
    S3 mxnic; C:\Windows\System32\DRIVERS\mxnic.sys [19968 2001-08-17] (Macronix International Co., Ltd. )
    S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
    S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
    R0 nvata; C:\Windows\System32\DRIVERS\nvata.sys [98432 2005-08-12] (NVIDIA Corporation)
    S3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [34048 2005-07-29] (NVIDIA Corporation)
    S3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [12928 2005-07-29] (NVIDIA Corporation)
    R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
    R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2004-08-10] (Microsoft Corporation)
    R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-10] (Microsoft Corporation)
    R3 NWRDR; C:\Windows\System32\DRIVERS\nwrdr.sys [163584 2008-04-13] (Microsoft Corporation)
    S1 P3; C:\Windows\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
    S3 rt2870; C:\Windows\System32\DRIVERS\rt2870.sys [724736 2009-08-03] (Ralink Technology, Corp.)
    S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
    S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
    S3 sonypvs1; C:\Windows\System32\DRIVERS\sonypvs1.sys [102220 2002-10-15] (Sony Corporation)
    S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
    S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
    S4 Abiosdsk; No ImagePath
    S4 Atdisk; No ImagePath
    S3 catchme; \??\C:\DOCUME~1\MOMAND~1\LOCALS~1\Temp\catchme.sys [x]
    S1 Changer; No ImagePath
    S1 ctxusbm; system32\DRIVERS\ctxusbm.sys [x]
    S1 lbrtfdc; No ImagePath
    S1 PCIDump; No ImagePath
    S3 PDCOMP; No ImagePath
    S3 PDFRAME; No ImagePath
    S3 PDRELI; No ImagePath
    S3 PDRFRAME; No ImagePath
    S4 Simbad; No ImagePath
    S3 WDICA; No ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

    ==================== One Month Created Files and Folders ========

    2013-05-22 22:23 - 2013-05-22 22:23 - 00000000 ____D C:\FRST
    2013-05-22 22:22 - 2013-05-22 22:23 - 01318449 ____A (Farbar) C:\Documents and Settings\Mom and Dad\Desktop\FRST.exe
    2013-05-22 22:18 - 2013-05-22 22:18 - 00000724 ____A C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    2013-05-22 22:18 - 2013-05-22 22:18 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2013-05-22 01:49 - 2013-05-22 01:50 - 00000000 ____D C:\Program Files\Hosts_Anti_Adwares_PUPs
    2013-05-22 00:50 - 2013-05-22 00:50 - 00009340 ____A C:\Documents and Settings\Mom and Dad\Desktop\JRT.txt
    2013-05-22 00:44 - 2013-05-22 00:44 - 00000000 ____D C:\Windows\ERUNT
    2013-05-22 00:44 - 2013-05-22 00:44 - 00000000 ____D C:\JRT
    2013-05-22 00:42 - 2013-05-22 00:42 - 00545954 ____A (Oleg N. Scherbakov) C:\Documents and Settings\Mom and Dad\Desktop\JRT.exe
    2013-05-22 00:38 - 2013-05-22 00:38 - 00077333 ____A C:\Documents and Settings\Mom and Dad\Desktop\AdwCleaner[S1].txt
    2013-05-22 00:29 - 2013-05-22 00:30 - 00077333 ____A C:\AdwCleaner[S1].txt
    2013-05-22 00:26 - 2013-05-22 00:27 - 00632031 ____A C:\Documents and Settings\Mom and Dad\Desktop\adwcleaner.exe
    2013-05-21 23:41 - 2013-05-21 23:41 - 00026358 ____A C:\ComboFix.txt
    2013-05-21 23:03 - 2013-05-21 23:04 - 05068564 ____R (Swearware) C:\Documents and Settings\Mom and Dad\Desktop\combofix.exe.exe
    2013-05-21 11:56 - 2013-05-21 11:57 - 00000000 ____D C:\Documents and Settings\Mom and Dad\My Documents\Advance Auto Parts Shopping Cart_files
    2013-05-21 11:56 - 2013-05-21 11:56 - 00185274 ____A C:\Documents and Settings\Mom and Dad\My Documents\Advance Auto Parts Shopping Cart.htm
    2013-05-21 00:36 - 2013-05-21 00:36 - 00000000 RASHD C:\cmdcons
    2013-05-21 00:36 - 2011-12-23 19:24 - 00000199 ____A C:\Boot.bak
    2013-05-21 00:36 - 2004-08-03 23:00 - 00260272 _RASH C:\cmldr
    2013-05-21 00:34 - 2013-05-21 23:42 - 00000000 ___AD C:\Qoobox
    2013-05-21 00:34 - 2011-06-26 01:45 - 00256000 ____A C:\Windows\PEV.exe
    2013-05-21 00:34 - 2010-11-07 12:20 - 00208896 ____A C:\Windows\MBR.exe
    2013-05-21 00:34 - 2009-04-19 23:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2013-05-21 00:34 - 2000-08-30 19:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2013-05-21 00:34 - 2000-08-30 19:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2013-05-21 00:34 - 2000-08-30 19:00 - 00212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe
    2013-05-21 00:34 - 2000-08-30 19:00 - 00098816 ____A C:\Windows\sed.exe
    2013-05-21 00:34 - 2000-08-30 19:00 - 00080412 ____A C:\Windows\grep.exe
    2013-05-21 00:34 - 2000-08-30 19:00 - 00068096 ____A C:\Windows\zip.exe
    2013-05-21 00:33 - 2013-05-21 23:40 - 00000000 ____D C:\Windows\erdnt
    2013-05-16 17:56 - 2013-05-22 20:40 - 00000462 ____A C:\Windows\Tasks\At6.job
    2013-05-16 17:56 - 2013-05-22 17:56 - 00000462 ____A C:\Windows\Tasks\At7.job
    2013-05-16 17:56 - 2013-05-22 14:00 - 00000462 ____A C:\Windows\Tasks\At8.job
    2013-05-16 17:56 - 2013-05-22 10:10 - 00000462 ____A C:\Windows\Tasks\At5.job
    2013-05-16 17:55 - 2013-05-16 17:55 - 00001993 ____A C:\Documents and Settings\All Users\Desktop\HP Photosmart 6520 series.lnk
    2013-05-16 17:55 - 2013-05-16 17:55 - 00000925 ____A C:\Documents and Settings\All Users\Desktop\Shop for Supplies - HP Photosmart 6520 series.lnk
    2013-05-16 17:55 - 2012-10-17 04:04 - 00580712 ____N (Hewlett-Packard Co.) C:\Windows\System32\HPDiscoPMAF11.dll
    2013-05-16 14:32 - 2012-10-17 12:46 - 02216336 ___RA (Hewlett-Packard Co.) C:\Windows\System32\hpinkinsAF11.exe
    2013-05-16 14:32 - 2012-10-17 12:46 - 00529808 ___RA (Hewlett-Packard Co.) C:\Windows\System32\hpinkstsAF11.dll
    2013-05-16 14:32 - 2012-10-17 12:46 - 00268688 ___RA (Hewlett-Packard Co.) C:\Windows\System32\hpinkstsAF11LM.dll
    2013-05-16 14:32 - 2012-10-17 12:46 - 00220560 ___RA (Hewlett-Packard Co.) C:\Windows\System32\hpinkcoiAF11.dll
    2013-05-16 14:31 - 2012-10-17 12:46 - 01979280 ___RA (Hewlett-Packard Co.) C:\Windows\System32\HPScanTRDrv_PS6520.dll
    2013-05-16 14:31 - 2012-10-17 12:46 - 00495504 ___RA (Hewlett-Packard) C:\Windows\System32\HPWia1_PS6520.dll
    2013-05-16 03:37 - 2013-05-16 03:39 - 00021894 ____A C:\Windows\KB2829530-IE8.log
    2013-05-16 03:32 - 2013-05-16 03:32 - 00006563 ____A C:\Windows\KB2847204-IE8.log
    2013-05-16 03:31 - 2013-05-16 03:31 - 00007135 ____A C:\Windows\KB2820197.log
    2013-05-16 03:31 - 2013-05-16 03:31 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
    2013-05-16 03:01 - 2013-05-16 03:01 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
    2013-05-15 11:47 - 2013-05-15 11:47 - 00000800 ____A C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
    2013-05-15 08:23 - 2013-05-16 03:01 - 00010910 ____A C:\Windows\KB2829361.log
    2013-05-03 11:16 - 2013-05-03 11:16 - 00000000 ____D C:\Documents and Settings\Mom and Dad\Local Settings\Application Data\PCHealth
    2013-05-02 03:27 - 2013-05-22 22:06 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job
    2013-05-01 12:01 - 2006-09-13 14:00 - 00197632 ____A (CANON INC.) C:\Windows\System32\CNMLM7W.DLL
    2013-04-30 16:46 - 2013-04-30 16:46 - 00000000 ___HD C:\Program Files\CanonBJ
    2013-04-28 15:09 - 2013-04-09 17:56 - 00001906 ____A C:\Documents and Settings\All Users\Desktop\VAFPlayer.lnk
    2013-04-28 15:08 - 2013-04-28 15:08 - 00000000 ____D C:\Program Files\Tuguu SL
    2013-04-28 15:08 - 2013-04-09 17:56 - 00000000 ____D C:\Documents and Settings\Mom and Dad\Application Data\player
    2013-04-27 13:48 - 2013-04-27 13:48 - 00000929 ____A C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
    2013-04-27 13:48 - 2013-04-27 13:48 - 00000000 ____D C:\Program Files\RealNetworks
    2013-04-27 13:48 - 2013-04-27 13:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RealNetworks
    2013-04-27 13:32 - 2013-04-27 13:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
    2013-04-27 13:31 - 2013-04-27 13:31 - 00000000 ____D C:\Documents and Settings\Mom and Dad\Local Settings\Application Data\AVG SafeGuard toolbar
    2013-04-27 13:31 - 2013-04-27 13:31 - 00000000 ____D C:\Documents and Settings\Mom and Dad\Application Data\1O1L1I1PtF1F1C1N
    2013-04-27 13:30 - 2013-04-29 15:47 - 00033112 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
    2013-04-27 13:30 - 2013-04-29 15:47 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar
    2013-04-27 13:30 - 2013-04-28 13:29 - 00000000 ____A C:\Windows\System32\TempWmicBatchFile.bat
    2013-04-27 13:30 - 2013-04-27 13:30 - 00000000 ____D C:\Documents and Settings\Mom and Dad\Application Data\AVG SafeGuard toolbar
    2013-04-26 18:36 - 2013-04-26 18:36 - 00000000 ____D C:\Documents and Settings\Mom and Dad\Desktop\New Folder

    ==================== One Month Modified Files and Folders ========

    2013-05-22 22:23 - 2013-05-22 22:23 - 00000000 ____D C:\FRST
    2013-05-22 22:23 - 2013-05-22 22:22 - 01318449 ____A (Farbar) C:\Documents and Settings\Mom and Dad\Desktop\FRST.exe
    2013-05-22 22:18 - 2013-05-22 22:18 - 00000724 ____A C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    2013-05-22 22:18 - 2013-05-22 22:18 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2013-05-22 22:17 - 2013-04-11 21:34 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2013-05-22 22:06 - 2013-05-02 03:27 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job
    2013-05-22 22:01 - 2005-01-09 20:10 - 01432742 ____A C:\Windows\WindowsUpdate.log
    2013-05-22 21:59 - 2013-04-09 20:43 - 00000374 ____A C:\Windows\Tasks\Get Lyrics Update.job
    2013-05-22 21:59 - 2012-12-22 00:54 - 00000298 ____A C:\Windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2110839388-3549234766-3366838200-1006.job
    2013-05-22 21:59 - 2012-12-22 00:54 - 00000290 ____A C:\Windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2110839388-3549234766-3366838200-1006.job
    2013-05-22 21:59 - 2005-01-09 20:07 - 00000000 ____D C:\Windows\Registration
    2013-05-22 21:58 - 2005-01-09 12:03 - 00000159 ____A C:\Windows\wiadebug.log
    2013-05-22 21:58 - 2005-01-09 12:03 - 00000049 ____A C:\Windows\wiaservc.log
    2013-05-22 21:57 - 2012-12-22 11:08 - 00000406 ____A C:\Windows\Tasks\ProgramUpdateCheck.job
    2013-05-22 21:57 - 2012-10-24 15:48 - 00000290 ____A C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2110839388-3549234766-3366838200-1006.job
    2013-05-22 21:57 - 2011-12-29 12:18 - 00000398 ____A C:\Windows\Tasks\Final Media Player Update Checker.job
    2013-05-22 21:56 - 2013-01-11 23:44 - 00000312 ____A C:\Windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2110839388-3549234766-3366838200-1006.job
    2013-05-22 21:56 - 2011-12-23 20:34 - 00000062 __ASH C:\Documents and Settings\Mom and Dad\Local Settings\desktop.ini
    2013-05-22 21:56 - 2005-01-09 20:19 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
    2013-05-22 21:56 - 2005-01-09 20:19 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
    2013-05-22 21:56 - 2005-01-09 20:19 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-05-22 20:54 - 2012-12-14 00:47 - 00524288 ____A C:\Windows\System32\config\ACEEvent.evt
    2013-05-22 20:54 - 2011-12-23 20:34 - 00000278 ___SH C:\Documents and Settings\Mom and Dad\ntuser.ini
    2013-05-22 20:54 - 2005-01-09 20:19 - 00032544 ____A C:\Windows\SchedLgU.Txt
    2013-05-22 20:46 - 2012-04-11 07:49 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-05-22 20:40 - 2013-05-16 17:56 - 00000462 ____A C:\Windows\Tasks\At6.job
    2013-05-22 20:40 - 2012-04-16 00:05 - 00000460 ____A C:\Windows\Tasks\At2.job
    2013-05-22 20:30 - 2012-06-23 22:20 - 00000502 ____A C:\Windows\Tasks\HP Photo Creations Communicator.job
    2013-05-22 17:56 - 2013-05-16 17:56 - 00000462 ____A C:\Windows\Tasks\At7.job
    2013-05-22 14:00 - 2013-05-16 17:56 - 00000462 ____A C:\Windows\Tasks\At8.job
    2013-05-22 14:00 - 2012-04-16 00:05 - 00000460 ____A C:\Windows\Tasks\At4.job
    2013-05-22 11:05 - 2012-06-27 23:41 - 00000000 ____D C:\Documents and Settings\All Users\Documents\Invoices
    2013-05-22 10:54 - 2012-01-24 20:36 - 01739414 __ASH C:\Documents and Settings\Mom and Dad\My Documents\Thumbs.db
    2013-05-22 10:37 - 2012-04-16 00:05 - 00000460 ____A C:\Windows\Tasks\At3.job
    2013-05-22 10:10 - 2013-05-16 17:56 - 00000462 ____A C:\Windows\Tasks\At5.job
    2013-05-22 10:10 - 2012-12-22 11:10 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\FileTypeAssistant
    2013-05-22 10:10 - 2012-12-22 11:08 - 00000462 ____A C:\Windows\Tasks\ProgramRefresh-ATFST.job
    2013-05-22 10:10 - 2012-04-16 00:05 - 00000460 ____A C:\Windows\Tasks\At1.job
    2013-05-22 10:10 - 2011-12-29 12:18 - 00000000 ____D C:\Program Files\File Type Assistant
    2013-05-22 09:53 - 2011-12-24 10:08 - 00039424 ____A C:\Documents and Settings\Mom and Dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-05-22 01:50 - 2013-05-22 01:49 - 00000000 ____D C:\Program Files\Hosts_Anti_Adwares_PUPs
    2013-05-22 00:50 - 2013-05-22 00:50 - 00009340 ____A C:\Documents and Settings\Mom and Dad\Desktop\JRT.txt
    2013-05-22 00:44 - 2013-05-22 00:44 - 00000000 ____D C:\Windows\ERUNT
    2013-05-22 00:44 - 2013-05-22 00:44 - 00000000 ____D C:\JRT
    2013-05-22 00:42 - 2013-05-22 00:42 - 00545954 ____A (Oleg N. Scherbakov) C:\Documents and Settings\Mom and Dad\Desktop\JRT.exe
    2013-05-22 00:38 - 2013-05-22 00:38 - 00077333 ____A C:\Documents and Settings\Mom and Dad\Desktop\AdwCleaner[S1].txt
    2013-05-22 00:30 - 2013-05-22 00:29 - 00077333 ____A C:\AdwCleaner[S1].txt
    2013-05-22 00:27 - 2013-05-22 00:26 - 00632031 ____A C:\Documents and Settings\Mom and Dad\Desktop\adwcleaner.exe
    2013-05-21 23:42 - 2013-05-21 00:34 - 00000000 ___AD C:\Qoobox
    2013-05-21 23:41 - 2013-05-21 23:41 - 00026358 ____A C:\ComboFix.txt
    2013-05-21 23:40 - 2013-05-21 00:33 - 00000000 ____D C:\Windows\erdnt
    2013-05-21 23:39 - 2005-01-09 18:48 - 00000246 ____A C:\Windows\system.ini
    2013-05-21 23:04 - 2013-05-21 23:03 - 05068564 ____R (Swearware) C:\Documents and Settings\Mom and Dad\Desktop\combofix.exe.exe
    2013-05-21 23:00 - 2013-01-10 04:33 - 02026016 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2013-05-21 15:54 - 2012-09-03 21:43 - 00012262 ____A C:\Documents and Settings\Mom and Dad\Application Data\Rim.Desktop.Exception.log
    2013-05-21 15:53 - 2012-09-03 21:43 - 00003311 ____A C:\Documents and Settings\Mom and Dad\Application Data\Rim.DesktopHelper.Exception.log
    2013-05-21 11:57 - 2013-05-21 11:56 - 00000000 ____D C:\Documents and Settings\Mom and Dad\My Documents\Advance Auto Parts Shopping Cart_files
    2013-05-21 11:56 - 2013-05-21 11:56 - 00185274 ____A C:\Documents and Settings\Mom and Dad\My Documents\Advance Auto Parts Shopping Cart.htm
    2013-05-21 08:40 - 2012-11-05 11:02 - 00000000 ____D C:\Documents and Settings\Mom and Dad\Application Data\vlc
    2013-05-21 00:36 - 2013-05-21 00:36 - 00000000 RASHD C:\cmdcons
    2013-05-21 00:36 - 2005-01-09 18:49 - 00000314 _RASH C:\boot.ini
    2013-05-21 00:09 - 2012-04-16 00:01 - 00000000 ____D C:\Documents and Settings\Mom and Dad\Local Settings\Application Data\HP
    2013-05-20 10:10 - 2012-12-22 11:08 - 00000000 ____D C:\Documents and Settings\Mom and Dad\Local Settings\Application Data\FileTypeAssistant
    2013-05-18 10:52 - 2012-12-22 00:15 - 00380713 ____A C:\Windows\setupapi.log
    2013-05-17 23:41 - 2012-10-24 15:48 - 00000298 ____A C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2110839388-3549234766-3366838200-1006.job
    2013-05-17 22:44 - 2013-01-11 23:44 - 00000320 ____A C:\Windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2110839388-3549234766-3366838200-1006.job
    2013-05-16 17:55 - 2013-05-16 17:55 - 00001993 ____A C:\Documents and Settings\All Users\Desktop\HP Photosmart 6520 series.lnk
    2013-05-16 17:55 - 2013-05-16 17:55 - 00000925 ____A C:\Documents and Settings\All Users\Desktop\Shop for Supplies - HP Photosmart 6520 series.lnk
    2013-05-16 17:53 - 2005-01-09 11:50 - 00000000 ____D C:\Windows\twain_32
    2013-05-16 17:51 - 2012-04-16 00:02 - 00000000 ____D C:\Program Files\HP
    2013-05-16 14:31 - 2012-04-16 00:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HP
    2013-05-16 12:11 - 2005-01-09 20:06 - 00000000 ____D C:\Windows\Microsoft.NET
    2013-05-16 08:26 - 2005-01-09 11:59 - 00189000 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-05-16 03:39 - 2013-05-16 03:37 - 00021894 ____A C:\Windows\KB2829530-IE8.log
    2013-05-16 03:39 - 2005-01-09 20:28 - 00232399 ____A C:\Windows\updspapi.log
    2013-05-16 03:39 - 2005-01-09 12:00 - 02315226 ____A C:\Windows\FaxSetup.log
    2013-05-16 03:39 - 2005-01-09 12:00 - 01124743 ____A C:\Windows\ocgen.log
    2013-05-16 03:39 - 2005-01-09 12:00 - 01071600 ____A C:\Windows\tsoc.log
    2013-05-16 03:39 - 2005-01-09 12:00 - 00715024 ____A C:\Windows\msmqinst.log
    2013-05-16 03:39 - 2005-01-09 12:00 - 00658742 ____A C:\Windows\comsetup.log
    2013-05-16 03:39 - 2005-01-09 12:00 - 00535447 ____A C:\Windows\iis6.log
    2013-05-16 03:39 - 2005-01-09 12:00 - 00421436 ____A C:\Windows\netfxocm.log
    2013-05-16 03:39 - 2005-01-09 12:00 - 00399217 ____A C:\Windows\ntdtcsetup.log
    2013-05-16 03:39 - 2005-01-09 12:00 - 00265608 ____A C:\Windows\plusoc.log
    2013-05-16 03:39 - 2005-01-09 12:00 - 00251543 ____A C:\Windows\MedCtrOC.log
    2013-05-16 03:39 - 2005-01-09 12:00 - 00125888 ____A C:\Windows\ehOCGen.log
    2013-05-16 03:39 - 2005-01-09 12:00 - 00117142 ____A C:\Windows\tabletoc.log
    2013-05-16 03:39 - 2005-01-09 12:00 - 00116642 ____A C:\Windows\msgsocm.log
    2013-05-16 03:39 - 2005-01-09 12:00 - 00108854 ____A C:\Windows\ocmsn.log
    2013-05-16 03:39 - 2005-01-09 12:00 - 00001374 ____A C:\Windows\imsins.log
    2013-05-16 03:38 - 2011-12-24 21:39 - 00000000 ____D C:\Windows\ie8updates
    2013-05-16 03:36 - 2005-01-09 12:00 - 00696352 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-05-16 03:32 - 2013-05-16 03:32 - 00006563 ____A C:\Windows\KB2847204-IE8.log
    2013-05-16 03:32 - 2005-01-09 12:00 - 00001374 ____A C:\Windows\imsins.BAK
    2013-05-16 03:31 - 2013-05-16 03:31 - 00007135 ____A C:\Windows\KB2820197.log
    2013-05-16 03:31 - 2013-05-16 03:31 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
    2013-05-16 03:31 - 2005-01-09 20:21 - 00000000 ___HD C:\Windows\$hf_mig$
    2013-05-16 03:16 - 2011-12-24 19:22 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2013-05-16 03:01 - 2013-05-16 03:01 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
    2013-05-16 03:01 - 2013-05-15 08:23 - 00010910 ____A C:\Windows\KB2829361.log
    2013-05-15 11:47 - 2013-05-15 11:47 - 00000800 ____A C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
    2013-05-15 10:46 - 2012-04-11 07:49 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2013-05-15 10:46 - 2011-12-24 09:54 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2013-05-14 08:20 - 2012-04-16 00:04 - 00000000 ____D C:\Documents and Settings\Mom and Dad\Application Data\HpUpdate
    2013-05-14 08:13 - 2005-01-09 18:48 - 00001170 ____A C:\Windows\System32\wpa.dbl
    2013-05-06 23:27 - 2011-12-23 19:19 - 06015488 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-05-06 23:27 - 2010-04-16 10:36 - 06015488 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll
    2013-05-03 11:16 - 2013-05-03 11:16 - 00000000 ____D C:\Documents and Settings\Mom and Dad\Local Settings\Application Data\PCHealth
    2013-05-02 12:55 - 2005-01-09 20:26 - 00045104 ____A C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2013-05-02 10:28 - 2011-12-23 21:30 - 00238872 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2013-05-02 03:17 - 2011-12-23 21:20 - 00001919 ____A C:\Windows\epplauncher.mif
    2013-05-01 11:56 - 2013-04-09 16:01 - 00065536 ____A C:\Windows\System32\config\TuneUp.evt
    2013-04-30 20:32 - 2011-12-24 19:27 - 00302001 ____A C:\Windows\ie8_main.log
    2013-04-30 20:24 - 2005-01-09 11:59 - 00402398 ____A C:\Windows\setupact.log
    2013-04-30 19:48 - 2005-01-09 20:38 - 00111649 ____A C:\Windows\spupdsvc.log
    2013-04-30 17:54 - 2012-01-09 04:00 - 00013423 ____A C:\Windows\KB929399.log
    2013-04-30 16:46 - 2013-04-30 16:46 - 00000000 ___HD C:\Program Files\CanonBJ
    2013-04-29 15:47 - 2013-04-27 13:30 - 00033112 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
    2013-04-29 15:47 - 2013-04-27 13:30 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar
    2013-04-28 15:09 - 2011-12-23 20:34 - 00045104 ____A C:\Documents and Settings\Mom and Dad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2013-04-28 15:08 - 2013-04-28 15:08 - 00000000 ____D C:\Program Files\Tuguu SL
    2013-04-28 13:29 - 2013-04-27 13:30 - 00000000 ____A C:\Windows\System32\TempWmicBatchFile.bat
    2013-04-27 13:49 - 2012-08-11 14:20 - 00000000 ____D C:\Documents and Settings\Mom and Dad\Application Data\RealNetworks
    2013-04-27 13:48 - 2013-04-27 13:48 - 00000929 ____A C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
    2013-04-27 13:48 - 2013-04-27 13:48 - 00000000 ____D C:\Program Files\RealNetworks
    2013-04-27 13:48 - 2013-04-27 13:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RealNetworks
    2013-04-27 13:46 - 2012-08-11 13:50 - 00201872 ____A (RealNetworks, Inc.) C:\Windows\System32\rmoc3260.dll
    2013-04-27 13:45 - 2012-08-11 13:50 - 00272896 ____A (Progressive Networks) C:\Windows\System32\pncrt.dll
    2013-04-27 13:45 - 2012-08-11 13:50 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5016.dll
    2013-04-27 13:45 - 2012-08-11 13:50 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5032.dll
    2013-04-27 13:43 - 2012-08-11 13:50 - 00499712 ____A (Microsoft Corporation) C:\Windows\System32\msvcp71.dll
    2013-04-27 13:43 - 2012-08-11 13:50 - 00348160 ____A (Microsoft Corporation) C:\Windows\System32\msvcr71.dll
    2013-04-27 13:32 - 2013-04-27 13:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
    2013-04-27 13:31 - 2013-04-27 13:31 - 00000000 ____D C:\Documents and Settings\Mom and Dad\Local Settings\Application Data\AVG SafeGuard toolbar
    2013-04-27 13:31 - 2013-04-27 13:31 - 00000000 ____D C:\Documents and Settings\Mom and Dad\Application Data\1O1L1I1PtF1F1C1N
    2013-04-27 13:30 - 2013-04-27 13:30 - 00000000 ____D C:\Documents and Settings\Mom and Dad\Application Data\AVG SafeGuard toolbar
    2013-04-26 18:53 - 2012-08-11 21:44 - 00000564 ____A C:\Windows\PStudio.ini
    2013-04-26 18:36 - 2013-04-26 18:36 - 00000000 ____D C:\Documents and Settings\Mom and Dad\Desktop\New Folder
    2013-04-23 21:52 - 2012-01-23 23:25 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR

    Other Malware:
    ===========
    C:\Windows\Tasks\At1.job
    C:\Windows\Tasks\At2.job
    C:\Windows\Tasks\At3.job
    C:\Windows\Tasks\At4.job
    C:\Windows\Tasks\At5.job
    C:\Windows\Tasks\At6.job
    C:\Windows\Tasks\At7.job
    C:\Windows\Tasks\At8.job

    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== End Of Log ============================
  2. Rbell

    Rbell Newcomer, in training Topic Starter Posts: 27

    Here is the addition.txt log

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-05-2013 02
    Ran by Mom and Dad at 2013-05-22 22:24:58 Run:
    Running from C:\Documents and Settings\Mom and Dad\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Installed Programs =======================

    Adobe AIR (Version: 3.1.0.4880)
    Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
    Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
    Adobe Reader XI (11.0.03) (Version: 11.0.03)
    American Greetings CreataCard Platinum 6
    ArcSoft Panorama Maker 4
    ATI - Software Uninstall Utility (Version: 6.14.10.1022)
    ATI Catalyst Control Center (Version: 2.010.0210.2338)
    ATI Display Driver (Version: 8.593.100-100210a-095952E-ATI)
    Bing Bar (Version: 7.1.355.0)
    Bing Rewards Client Installer (Version: 16.0.345.0)
    BlackBerry Device Software Updater (Version: 7.1.0.34)
    BlackBerry Device Software v4.6.1 for the BlackBerry 8520 smartphone (Version: 4.6.1.259 (Platform 4.2.0.116))
    BlackBerry Device Software v5.0.0 for the BlackBerry 8520 smartphone (Version: 5.0.0.900 (Platform 5.2.0.96))
    Catalyst Control Center - Branding (Version: 1.00.0000)
    Catalyst Control Center Core Implementation (Version: 2010.0210.2339.42455)
    Catalyst Control Center Graphics Full Existing (Version: 2010.0210.2339.42455)
    Catalyst Control Center Graphics Full New (Version: 2010.0210.2339.42455)
    Catalyst Control Center Graphics Light (Version: 2010.0210.2339.42455)
    Catalyst Control Center Graphics Previews Common (Version: 2010.0210.2339.42455)
    Catalyst Control Center HydraVision Full (Version: 2010.0210.2339.42455)
    Catalyst Control Center Localization All (Version: 2010.0210.2339.42455)
    CCC Help Chinese Standard (Version: 2010.0210.2338.42455)
    CCC Help Chinese Traditional (Version: 2010.0210.2338.42455)
    CCC Help Czech (Version: 2010.0210.2338.42455)
    CCC Help Danish (Version: 2010.0210.2338.42455)
    CCC Help Dutch (Version: 2010.0210.2338.42455)
    CCC Help English (Version: 2010.0210.2338.42455)
    CCC Help Finnish (Version: 2010.0210.2338.42455)
    CCC Help French (Version: 2010.0210.2338.42455)
    CCC Help German (Version: 2010.0210.2338.42455)
    CCC Help Greek (Version: 2010.0210.2338.42455)
    CCC Help Hungarian (Version: 2010.0210.2338.42455)
    CCC Help Italian (Version: 2010.0210.2338.42455)
    CCC Help Japanese (Version: 2010.0210.2338.42455)
    CCC Help Korean (Version: 2010.0210.2338.42455)
    CCC Help Norwegian (Version: 2010.0210.2338.42455)
    CCC Help Polish (Version: 2010.0210.2338.42455)
    CCC Help Portuguese (Version: 2010.0210.2338.42455)
    CCC Help Russian (Version: 2010.0210.2338.42455)
    CCC Help Spanish (Version: 2010.0210.2338.42455)
    CCC Help Swedish (Version: 2010.0210.2338.42455)
    CCC Help Thai (Version: 2010.0210.2338.42455)
    CCC Help Turkish (Version: 2010.0210.2338.42455)
    ccc-core-preinstall (Version: 2010.0210.2339.42455)
    ccc-core-static (Version: 2010.0210.2339.42455)
    ccc-utility (Version: 2010.0210.2339.42455)
    Citrix online plug-in (DV) (Version: 12.0.0.6410)
    Citrix online plug-in (HDX) (Version: 12.0.0.6410)
    Citrix online plug-in (USB) (Version: 12.0.0.6410)
    Citrix online plug-in (Web) (Version: 12.0.0.6410)
    Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
    File Type Assistant (Version: 2013.4.8.0)
    Final Media Player 2012 (Version: 2012.10.9.0)
    Garmin USB Drivers (Version: 2.3.1.0)
    Garmin WebUpdater (Version: 2.5.6)
    Get Lyrics
    Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
    High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
    HP FWUpdateEDO2 (Version: 1.2.0.0)
    HP Photo Creations (Version: 1.0.0.11502)
    HP Photosmart 6510 series Basic Device Software (Version: 28.0.1315.0)
    HP Photosmart 6510 series Help (Version: 140.0.2.2)
    HP Photosmart 6510 series Product Improvement Study (Version: 28.0.1315.0)
    HP Photosmart 6520 series Basic Device Software (Version: 28.0.1315.0)
    HP Photosmart 6520 series Help (Version: 28.0.0)
    HP Photosmart 6520 series Product Improvement Study (Version: 28.0.1315.0)
    HP Product Detection (Version: 11.14.0001)
    HP Update (Version: 5.003.003.001)
    HPDiagnosticAlert (Version: 1.00.0000)
    Image Transfer
    ImageMixer for Sony
    Java 7 Update 9 (Version: 7.0.90)
    Java Auto Updater (Version: 2.1.9.0)
    Java(TM) 6 Update 33 (Version: 6.0.330)
    JavaFX 2.1.1 (Version: 2.1.1)
    LessTabs (Version: 1.7.1.0)
    Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
    Microsoft .NET Framework 1.0 Hotfix (KB2572066)
    Microsoft .NET Framework 1.0 Hotfix (KB2604042)
    Microsoft .NET Framework 1.0 Hotfix (KB2656378)
    Microsoft .NET Framework 1.0 Security Update (KB2698035)
    Microsoft .NET Framework 1.1 (Version: 1.1.4322)
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 1.1 Security Update (KB2698023)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
    Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
    Microsoft Application Error Reporting (Version: 12.0.6012.5000)
    Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
    Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
    Microsoft Security Client (Version: 4.2.0223.1)
    Microsoft Security Essentials (Version: 4.2.223.1)
    Microsoft Silverlight (Version: 5.1.20125.0)
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (ONDSQL) (Version: 9.4.5000.00)
    Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00)
    Microsoft SQL Server Native Client (Version: 9.00.5000.00)
    Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
    Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
    Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
    Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
    Microsoft Web Publishing Wizard 1.52
    Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)
    Mozilla Maintenance Service (Version: 21.0)
    MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
    MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
    MSXML 6.0 Parser (Version: 6.10.1129.0)
    Nikon Message Center (Version: 0.92.000)
    Nikon Transfer (Version: 1.0.2)
    NVIDIA Control Panel 260.99 (Version: 260.99)
    NVIDIA Drivers
    NVIDIA Graphics Driver 260.99 (Version: 260.99)
    NVIDIA Install Application (Version: 2.0.14.0)
    NVIDIA nView 135.36 (Version: 135.36)
    NVIDIA nView Desktop Manager (Version: 6.14.10.13065)
    PASS Gallery (Version: 1.0.735)
    Ralink RT2870 Wireless LAN Card (Version: 1.5.4.0)
    RDC-4300 Software Suite
    RealDownloader (Version: 1.3.0)
    RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
    RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
    RealPlayer (Version: 15.0.6)
    RealPlayer (Version: 16.0.0)
    Realtek High Definition Audio Driver (Version: 5.10.0.5324)
    RealUpgrade 1.1 (Version: 1.1.0)
    Sierra Electrical Wiring
    Sierra Utilities
    Skins (Version: 2010.0210.2339.42455)
    Soft Data Fax Modem with SmartCP
    Sonic Encoders (Version: 1.00)
    Sony USB Driver
    TeamViewer 8 (Version: 8.0.16642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
    Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
    Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB2345886) (Version: 1)
    Update for Windows XP (KB2467659) (Version: 1)
    Update for Windows XP (KB2541763) (Version: 1)
    Update for Windows XP (KB2641690) (Version: 1)
    Update for Windows XP (KB2661254-v2) (Version: 2)
    Update for Windows XP (KB2718704) (Version: 1)
    Update for Windows XP (KB2736233) (Version: 1)
    Update for Windows XP (KB2749655) (Version: 1)
    Update for Windows XP (KB951978) (Version: 1)
    Update for Windows XP (KB953356) (Version: 1)
    Update for Windows XP (KB955759) (Version: 1)
    Update for Windows XP (KB967715) (Version: 1)
    Update for Windows XP (KB968389) (Version: 1)
    Update for Windows XP (KB971029) (Version: 1)
    Update for Windows XP (KB971737) (Version: 1)
    Update for Windows XP (KB973687) (Version: 1)
    Update for Windows XP (KB973815) (Version: 1)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    Video Downloader (Version: 1.14)
    Video Downloader version 2.0 (Version: 2.0)
    VLC media player 2.0.6 (Version: 2.0.6)
    WebFldrs XP (Version: 9.50.7523)
    Windows Backup Utility (Version: 5.1)
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
    Windows Internet Explorer 8 (Version: 20090308.140743)
    Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player Firefox Plugin (Version: 1.0.0.8)
    Windows XP Media Center Edition 2005 KB2502898
    Windows XP Media Center Edition 2005 KB2619340
    Windows XP Media Center Edition 2005 KB2628259
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3 (Version: 20080414.031525)
    xVidly (Version: 1.0)
    Yahoo! Messenger
    Yahoo! Search Protection
    Yahoo! Software Update

    ==================== Restore Points =========================

    22-02-2013 07:33:03 Software Distribution Service 3.0
    23-02-2013 00:49:34 Software Distribution Service 3.0
    23-02-2013 07:57:27 Software Distribution Service 3.0
    24-02-2013 00:49:47 Software Distribution Service 3.0
    24-02-2013 07:31:57 Software Distribution Service 3.0
    25-02-2013 00:49:49 Software Distribution Service 3.0
    25-02-2013 07:32:55 Software Distribution Service 3.0
    26-02-2013 00:49:34 Software Distribution Service 3.0
    26-02-2013 07:31:56 Software Distribution Service 3.0
    27-02-2013 07:42:02 System Checkpoint
    27-02-2013 08:05:53 Software Distribution Service 3.0
    28-02-2013 02:50:21 Software Distribution Service 3.0
    28-02-2013 08:06:12 Software Distribution Service 3.0
    01-03-2013 02:49:58 Software Distribution Service 3.0
    01-03-2013 08:05:41 Software Distribution Service 3.0
    02-03-2013 02:51:59 Software Distribution Service 3.0
    03-03-2013 02:50:06 Software Distribution Service 3.0
    03-03-2013 08:06:15 Software Distribution Service 3.0
    04-03-2013 02:50:06 Software Distribution Service 3.0
    04-03-2013 08:20:30 Software Distribution Service 3.0
    05-03-2013 07:16:11 Software Distribution Service 3.0
    06-03-2013 07:16:11 Software Distribution Service 3.0
    07-03-2013 07:17:38 Software Distribution Service 3.0
    08-03-2013 07:14:42 Software Distribution Service 3.0
    09-03-2013 07:15:37 Software Distribution Service 3.0
    09-03-2013 08:20:20 Software Distribution Service 3.0
    10-03-2013 07:15:48 Software Distribution Service 3.0
    11-03-2013 07:24:13 Software Distribution Service 3.0
    12-03-2013 01:04:02 Software Distribution Service 3.0
    13-03-2013 01:37:29 System Checkpoint
    13-03-2013 06:51:30 Software Distribution Service 3.0
    13-03-2013 22:26:17 Software Distribution Service 3.0
    14-03-2013 06:49:41 Software Distribution Service 3.0
    14-03-2013 08:00:21 Software Distribution Service 3.0
    15-03-2013 06:59:02 Software Distribution Service 3.0
    16-03-2013 06:59:14 Software Distribution Service 3.0
    16-03-2013 13:03:27 Software Distribution Service 3.0
    17-03-2013 05:32:20 Unsigned driver install
    17-03-2013 06:59:00 Software Distribution Service 3.0
    17-03-2013 13:03:16 Software Distribution Service 3.0
    18-03-2013 06:59:20 Software Distribution Service 3.0
    18-03-2013 13:04:40 Software Distribution Service 3.0
    19-03-2013 06:58:15 Software Distribution Service 3.0
    19-03-2013 13:03:26 Software Distribution Service 3.0
    20-03-2013 06:59:46 Software Distribution Service 3.0
    20-03-2013 13:04:52 Software Distribution Service 3.0
    21-03-2013 06:59:16 Software Distribution Service 3.0
    21-03-2013 13:03:18 Software Distribution Service 3.0
    22-03-2013 04:33:24 Software Distribution Service 3.0
    22-03-2013 04:57:34 Software Distribution Service 3.0
    22-03-2013 07:23:28 Software Distribution Service 3.0
    22-03-2013 18:23:07 Removed Microsoft WSE 3.0 Runtime
    22-03-2013 18:26:49 Removed WinZip 17.0
    23-03-2013 00:05:38 Installed Strongvault Online Backup
    23-03-2013 00:07:37 Removed Strongvault Online Backup
    23-03-2013 00:07:53 Removed Strongvault Online Backup
    23-03-2013 07:06:25 Software Distribution Service 3.0
    23-03-2013 22:57:23 Software Distribution Service 3.0
    24-03-2013 07:04:51 Software Distribution Service 3.0
    24-03-2013 22:57:09 Software Distribution Service 3.0
    25-03-2013 02:23:04 Installed TI Connect 1.6
    25-03-2013 07:03:21 Software Distribution Service 3.0
    26-03-2013 02:24:13 Software Distribution Service 3.0
    26-03-2013 07:02:15 Software Distribution Service 3.0
    27-03-2013 02:20:41 Software Distribution Service 3.0
    27-03-2013 07:04:05 Software Distribution Service 3.0
    27-03-2013 08:00:19 Software Distribution Service 3.0
    28-03-2013 01:07:14 Removed TI Connect 1.6
    28-03-2013 02:19:22 Software Distribution Service 3.0
    28-03-2013 07:02:12 Software Distribution Service 3.0
    29-03-2013 02:18:09 Software Distribution Service 3.0
    29-03-2013 07:02:13 Software Distribution Service 3.0
    30-03-2013 06:49:14 Software Distribution Service 3.0
    31-03-2013 07:06:25 Software Distribution Service 3.0
    31-03-2013 22:46:02 Software Distribution Service 3.0
    01-04-2013 23:26:46 System Checkpoint
    02-04-2013 12:32:36 Software Distribution Service 3.0
    03-04-2013 06:43:56 Software Distribution Service 3.0
    03-04-2013 12:30:31 Software Distribution Service 3.0
    04-04-2013 12:38:55 System Checkpoint
    05-04-2013 07:23:53 Software Distribution Service 3.0
    05-04-2013 11:48:13 Software Distribution Service 3.0
    06-04-2013 07:23:17 Software Distribution Service 3.0
    06-04-2013 11:43:49 Software Distribution Service 3.0
    07-04-2013 07:23:06 Software Distribution Service 3.0
    08-04-2013 07:23:03 Software Distribution Service 3.0
    08-04-2013 11:41:31 Software Distribution Service 3.0
    09-04-2013 07:23:07 Software Distribution Service 3.0
    09-04-2013 11:42:10 Software Distribution Service 3.0
    09-04-2013 23:11:49 Removed AVG PC TuneUp
    09-04-2013 23:12:55 Removed AVG PC TuneUp Language Pack (en-US)
    10-04-2013 07:23:03 Software Distribution Service 3.0
    10-04-2013 11:42:23 Software Distribution Service 3.0
    11-04-2013 07:21:53 Software Distribution Service 3.0
    11-04-2013 08:00:24 Software Distribution Service 3.0
    12-04-2013 07:25:37 Software Distribution Service 3.0
    12-04-2013 08:00:20 Software Distribution Service 3.0
    12-04-2013 13:34:29 Software Distribution Service 3.0
    13-04-2013 07:25:18 Software Distribution Service 3.0
    13-04-2013 13:33:48 Software Distribution Service 3.0
    14-04-2013 07:26:23 Software Distribution Service 3.0
    14-04-2013 13:33:54 Software Distribution Service 3.0
    15-04-2013 07:25:33 Software Distribution Service 3.0
    15-04-2013 13:35:19 Software Distribution Service 3.0
    16-04-2013 07:26:00 Software Distribution Service 3.0
    17-04-2013 13:03:14 Software Distribution Service 3.0
    18-04-2013 06:46:43 Software Distribution Service 3.0
    18-04-2013 13:04:36 Software Distribution Service 3.0
    19-04-2013 06:50:28 Software Distribution Service 3.0
    19-04-2013 14:24:04 Software Distribution Service 3.0
    20-04-2013 06:50:01 Software Distribution Service 3.0
    20-04-2013 14:23:01 Software Distribution Service 3.0
    21-04-2013 07:11:21 Software Distribution Service 3.0
    22-04-2013 02:12:09 Software Distribution Service 3.0
    22-04-2013 07:10:41 Software Distribution Service 3.0
    23-04-2013 02:13:02 Software Distribution Service 3.0
    24-04-2013 05:04:21 System Checkpoint
    24-04-2013 06:57:19 Software Distribution Service 3.0
    24-04-2013 13:04:18 Software Distribution Service 3.0
    25-04-2013 06:55:50 Software Distribution Service 3.0
    25-04-2013 13:01:25 Software Distribution Service 3.0
    26-04-2013 06:57:14 Software Distribution Service 3.0
    26-04-2013 13:02:49 Software Distribution Service 3.0
    27-04-2013 06:56:59 Software Distribution Service 3.0
    27-04-2013 13:02:35 Software Distribution Service 3.0
    28-04-2013 06:57:07 Software Distribution Service 3.0
    28-04-2013 13:02:40 Software Distribution Service 3.0
    28-04-2013 20:00:17 Installed Strongvault Online Backup
    28-04-2013 20:37:23 Removed MSXML 6.0 Parser
    28-04-2013 20:38:13 Removed Strongvault Online Backup
    28-04-2013 20:38:40 Removed Strongvault Online Backup
    29-04-2013 06:41:21 Software Distribution Service 3.0
    29-04-2013 08:00:17 Software Distribution Service 3.0
    29-04-2013 20:58:38 Software Distribution Service 3.0
    30-04-2013 06:41:10 Software Distribution Service 3.0
    30-04-2013 08:00:21 Software Distribution Service 3.0
    30-04-2013 22:53:43 Software Distribution Service 3.0
    01-05-2013 07:21:05 Software Distribution Service 3.0
    01-05-2013 15:32:44 Software Distribution Service 3.0
    01-05-2013 16:50:20 wed may 1-2013 restore point
    01-05-2013 16:56:15 Restore Operation
    01-05-2013 17:02:49 Software Distribution Service 3.0
    01-05-2013 17:31:06 Restore Operation
    01-05-2013 17:37:20 Software Distribution Service 3.0
    02-05-2013 07:00:25 Software Distribution Service 3.0
    02-05-2013 08:00:34 Software Distribution Service 3.0
    02-05-2013 17:41:04 Restore Operation
    02-05-2013 17:46:35 Software Distribution Service 3.0
    02-05-2013 18:03:57 Software Distribution Service 3.0
    03-05-2013 06:57:47 Software Distribution Service 3.0
    03-05-2013 08:00:47 Software Distribution Service 3.0
    03-05-2013 17:57:19 Software Distribution Service 3.0
    04-05-2013 06:57:03 Software Distribution Service 3.0
    04-05-2013 08:00:22 Software Distribution Service 3.0
    04-05-2013 17:57:01 Software Distribution Service 3.0
    05-05-2013 06:58:03 Software Distribution Service 3.0
    05-05-2013 08:00:22 Software Distribution Service 3.0
    05-05-2013 17:58:09 Software Distribution Service 3.0
    06-05-2013 06:56:37 Software Distribution Service 3.0
    06-05-2013 08:00:23 Software Distribution Service 3.0
    06-05-2013 17:56:59 Software Distribution Service 3.0
    07-05-2013 06:57:19 Software Distribution Service 3.0
    07-05-2013 08:00:22 Software Distribution Service 3.0
    07-05-2013 17:57:04 Software Distribution Service 3.0
    08-05-2013 06:57:29 Software Distribution Service 3.0
    08-05-2013 08:00:22 Software Distribution Service 3.0
    08-04-2013 16:47:13 System Checkpoint
    09-04-2013 17:57:12 Software Distribution Service 3.0
    09-04-2013 22:41:53 Installed Strongvault Online Backup
    09-04-2013 23:01:24 Removed Strongvault Online Backup
    09-04-2013 23:01:44 Removed Strongvault Online Backup
    09-04-2013 23:13:56 Software Distribution Service 3.0
    10-04-2013 01:40:59 Installed Strongvault Online Backup
    10-04-2013 01:50:18 Software Distribution Service 3.0
    10-04-2013 02:09:31 Removed Strongvault Online Backup
    10-04-2013 02:10:29 Removed Strongvault Online Backup
    10-04-2013 03:11:00 Software Distribution Service 3.0
    10-04-2013 04:59:27 Software Distribution Service 3.0
    10-04-2013 06:49:16 Software Distribution Service 3.0
    10-04-2013 08:00:20 Software Distribution Service 3.0
    11-04-2013 03:06:38 Software Distribution Service 3.0
    11-04-2013 03:26:00 Software Distribution Service 3.0
    11-04-2013 06:32:29 Software Distribution Service 3.0
    11-04-2013 08:00:50 Software Distribution Service 3.0
    11-04-2013 16:23:13 Software Distribution Service 3.0
    12-04-2013 02:21:18 Software Distribution Service 3.0
    12-04-2013 06:33:24 Software Distribution Service 3.0
    12-04-2013 08:00:21 Software Distribution Service 3.0
    12-04-2013 22:49:45 Software Distribution Service 3.0
    13-04-2013 06:03:14 Software Distribution Service 3.0
    14-05-2013 06:29:33 Software Distribution Service 3.0
    14-05-2013 13:24:16 Software Distribution Service 3.0
    14-05-2013 14:08:23 Software Distribution Service 3.0
    15-05-2013 06:18:51 Software Distribution Service 3.0
    16-05-2013 07:18:47 Software Distribution Service 3.0
    16-05-2013 08:00:33 Software Distribution Service 3.0
    16-05-2013 13:39:02 Software Distribution Service 3.0
    17-05-2013 07:13:16 Software Distribution Service 3.0
    17-05-2013 08:00:22 Software Distribution Service 3.0
    17-05-2013 13:37:50 Software Distribution Service 3.0
    18-05-2013 07:12:52 Software Distribution Service 3.0
    18-05-2013 08:00:23 Software Distribution Service 3.0
    18-05-2013 13:39:57 Software Distribution Service 3.0
    19-05-2013 07:12:28 Software Distribution Service 3.0
    19-05-2013 08:00:22 Software Distribution Service 3.0
    19-05-2013 13:39:53 Software Distribution Service 3.0
    20-05-2013 07:12:42 Software Distribution Service 3.0
    20-05-2013 08:00:21 Software Distribution Service 3.0
    20-05-2013 13:39:56 Software Distribution Service 3.0
    21-05-2013 05:15:29 before combofix download
    21-05-2013 08:00:26 Software Distribution Service 3.0
    21-05-2013 13:42:57 Software Distribution Service 3.0
    22-05-2013 03:31:02 before combofix download take 2
    22-05-2013 07:05:12 Software Distribution Service 3.0
    22-05-2013 08:00:22 Software Distribution Service 3.0

    ==================== Faulty Device Manager Devices =============

    Name: SM Bus Controller
    Description: SM Bus Controller
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/22/2013 10:05:24 PM) (Source: Application Hang) (User: )
    Description: Hanging application OTL.exe, version 3.2.69.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (05/22/2013 03:14:14 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
    Description: Product: Microsoft .NET Framework 4 Client Profile - Update 'KB2656351' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\KB2656351_20130522_030033187-Microsoft .NET Framework 4 Client Profile-MSP0.txt.

    Error: (05/22/2013 01:41:38 AM) (Source: Application Hang) (User: )
    Description: Fault bucket -1117197148.

    Error: (05/22/2013 01:41:27 AM) (Source: Application Hang) (User: )
    Description: Hanging application OTL.exe, version 3.2.69.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (05/22/2013 01:35:16 AM) (Source: MPSampleSubmission) (User: )
    Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.2.223.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

    Error: (05/22/2013 01:33:47 AM) (Source: Application Hang) (User: )
    Description: Fault bucket -1117197148.

    Error: (05/22/2013 01:33:45 AM) (Source: Application Hang) (User: )
    Description: Hanging application OTL.exe, version 3.2.69.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (05/21/2013 11:24:36 PM) (Source: MPSampleSubmission) (User: )
    Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.2.223.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

    Error: (05/21/2013 11:23:53 PM) (Source: Application Error) (User: )
    Description: Fault bucket -1173431414.
    The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

    Error: (05/21/2013 11:22:13 PM) (Source: Application Error) (User: )
    Description: Faulting application rndlresolversvc.exe, version 0.0.0.0, faulting module rndlresolversvc.exe, version 0.0.0.0, fault address 0x00003035.
    Processing media-specific event for [rndlresolversvc.exe!ws!]


    System errors:
    =============
    Error: (05/22/2013 09:58:53 PM) (Source: Service Control Manager) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    ctxusbm

    Error: (05/22/2013 03:15:41 AM) (Source: Windows Update Agent) (User: )
    Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2656351).

    Error: (05/22/2013 00:37:00 AM) (Source: Service Control Manager) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    ctxusbm

    Error: (05/21/2013 11:23:18 PM) (Source: Service Control Manager) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    ctxusbm

    Error: (05/21/2013 11:00:10 PM) (Source: Service Control Manager) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    ctxusbm

    Error: (05/21/2013 11:00:05 PM) (Source: Service Control Manager) (User: )
    Description: The TeamViewer 8 service failed to start due to the following error:
    %%1053

    Error: (05/21/2013 11:00:05 PM) (Source: Service Control Manager) (User: )
    Description: Timeout (30000 milliseconds) waiting for the TeamViewer 8 service to connect.

    Error: (05/21/2013 03:17:31 AM) (Source: Windows Update Agent) (User: )
    Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2656351).

    Error: (05/20/2013 03:14:45 AM) (Source: Windows Update Agent) (User: )
    Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2656351).

    Error: (05/19/2013 03:15:58 AM) (Source: Windows Update Agent) (User: )
    Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2656351).


    Microsoft Office Sessions:
    =========================
    Error: (05/22/2013 10:05:24 PM) (Source: Application Hang)(User: )
    Description: OTL.exe3.2.69.0hungapp0.0.0.000000000

    Error: (05/22/2013 03:14:14 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
    Description: Microsoft .NET Framework 4 Client ProfileKB26563511603C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\KB2656351_20130522_030033187-Microsoft .NET Framework 4 Client Profile-MSP0.txt

    Error: (05/22/2013 01:41:38 AM) (Source: Application Hang)(User: )
    Description: -1117197148

    Error: (05/22/2013 01:41:27 AM) (Source: Application Hang)(User: )
    Description: OTL.exe3.2.69.0hungapp0.0.0.000000000

    Error: (05/22/2013 01:35:16 AM) (Source: MPSampleSubmission)(User: )
    Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.2.223.0unspecifiedunspecifiedunspecifiedNILNILNIL

    Error: (05/22/2013 01:33:47 AM) (Source: Application Hang)(User: )
    Description: -1117197148

    Error: (05/22/2013 01:33:45 AM) (Source: Application Hang)(User: )
    Description: OTL.exe3.2.69.0hungapp0.0.0.000000000

    Error: (05/21/2013 11:24:36 PM) (Source: MPSampleSubmission)(User: )
    Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.2.223.0unspecifiedunspecifiedunspecifiedNILNILNIL

    Error: (05/21/2013 11:23:53 PM) (Source: Application Error)(User: )
    Description: -1173431414

    Error: (05/21/2013 11:22:13 PM) (Source: Application Error)(User: )
    Description: rndlresolversvc.exe0.0.0.0rndlresolversvc.exe0.0.0.000003035


    ==================== Memory info ===========================

    Percentage of memory in use: 49%
    Total physical RAM: 1917.57 MB
    Available physical RAM: 970.18 MB
    Total Pagefile: 3107.04 MB
    Available Pagefile: 2220.45 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1962.94 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:232.88 GB) (Free:186.35 GB) NTFS ==>[Drive with boot components (Windows XP)]
    Drive d: (HP PS6520) (CDROM) (Total:0.45 GB) (Free:0 GB) CDFS
    Drive e: () (Fixed) (Total:186.31 GB) (Free:28 GB) NTFS ==>[Drive with boot components (Windows XP)]
    Drive j: (USB20FD) (Removable) (Total:14.92 GB) (Free:6.35 GB) FAT32
    Drive k: (USB20FD) (Removable) (Total:14.92 GB) (Free:7.59 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 186 GB) (Disk ID: EDAAEDAA)
    Partition 1: (Active) - (Size=186 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 233 GB) (Disk ID: 14CB14CB)
    Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 6 (Size: 15 GB) (Disk ID: 04030201)
    Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)

    ========================================================
    Disk: 7 (Size: 15 GB) (Disk ID: 04030201)
    Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)

    ==================== End Of Log ============================
  3. Broni

    Broni Malware Annihilator Posts: 46,416   +252

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    Attached Files:

  4. Rbell

    Rbell Newcomer, in training Topic Starter Posts: 27

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-05-2013 02
    Ran by Mom and Dad at 2013-05-22 22:41:41 Run:1
    Running from C:\Documents and Settings\Mom and Dad\Desktop
    Boot Mode: Normal

    ==============================================

    HKLM => Group Policy Restriction on software restored successfully.
    ShortcutTarget: Monitor Ink Alerts - HP Photosmart 6510 series.lnk -> (No File) not found.
    HKCR\PROTOCOLS\Filter\application/x-ica => Key deleted successfully.
    HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key deleted successfully.
    HKCR\PROTOCOLS\Filter\ica => Key deleted successfully.
    HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
    Abiosdsk => Service deleted successfully.
    Atdisk => Service deleted successfully.
    catchme => Service deleted successfully.
    Changer => Service deleted successfully.
    ctxusbm => Service deleted successfully.
    lbrtfdc => Service deleted successfully.
    PCIDump => Service deleted successfully.
    PDCOMP => Service deleted successfully.
    PDFRAME => Service deleted successfully.
    PDRELI => Service deleted successfully.
    PDRFRAME => Service deleted successfully.
    Simbad => Service deleted successfully.
    WDICA => Service deleted successfully.
    C:\Windows\Tasks\At1.job => Moved successfully.
    C:\Windows\Tasks\At2.job => Moved successfully.
    C:\Windows\Tasks\At3.job => Moved successfully.
    C:\Windows\Tasks\At4.job => Moved successfully.
    C:\Windows\Tasks\At5.job => Moved successfully.
    C:\Windows\Tasks\At6.job => Moved successfully.
    C:\Windows\Tasks\At7.job => Moved successfully.
    C:\Windows\Tasks\At8.job => Moved successfully.

    ==== End of Fixlog ====
  5. Broni

    Broni Malware Annihilator Posts: 46,416   +252

    How is computer doing?

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  6. Rbell

    Rbell Newcomer, in training Topic Starter Posts: 27

    It seems like the pop ads are worse than ever.


    Here is the Security check log

    Results of screen317's Security Check version 0.99.64
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.75.0.1300
    JavaFX 2.1.1
    Java(TM) 6 Update 33
    Java 7 Update 9
    Java version out of Date!
    Adobe Flash Player 11.7.700.202
    Adobe Reader XI
    Mozilla Firefox (21.0)
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 9%
    ````````````````````End of Log``````````````````````

    Here is the FSS log

    Farbar Service Scanner Version: 14-04-2013
    Ran by Mom and Dad (administrator) on 22-05-2013 at 23:20:41
    Running from "C:\Documents and Settings\Mom and Dad\Desktop"
    Microsoft Windows XP Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Attempt to access Yahoo IP returned error. Yahoo IP is offline
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    Gpc(6) IPSec(4) NetBT(5) NwlnkIpx(8) NwlnkNb(9) PSched(7) Tcpip(3)
    0x09000000040000000100000002000000030000000500000006000000070000000800000009000000
    IpSec Tag value is correct.

    **** End of log ****


    I tried several times to run the Temp File Cleaner, but each time it was stopping all the processes it would quit responding and I would have to do a hard reboot.

    Here is the ESETs log

    C:\Documents and Settings\Mom and Dad\My Documents\Downloads\Driver_Wizard.exe a variant of Win32/Adware.SpeedingUpMyPC.C application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP959\A0084824.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
    E:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
    E:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\gfqnoxh4.default\extensions\plugin@yontoo.com.xpi Win32/Adware.Yontoo application deleted - quarantined
    E:\Documents and Settings\Mom\Local Settings\Temp\air72.exe multiple threats cleaned by deleting - quarantined
    E:\Documents and Settings\Mom\Local Settings\Temp\air7D.exe multiple threats cleaned by deleting - quarantined
    E:\Documents and Settings\Mom\Local Settings\Temp\YontooSetup-S.exe multiple threats cleaned by deleting - quarantined
    E:\Program Files\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
  7. Broni

    Broni Malware Annihilator Posts: 46,416   +252

    What browser?
  8. Rbell

    Rbell Newcomer, in training Topic Starter Posts: 27

    The popup ads are in both Firefox and Internet Explorer browsers.
  9. Broni

    Broni Malware Annihilator Posts: 46,416   +252

    Reset Internet Explorer.
    Go here: http://support.microsoft.com/kb/923737 and run "FixIt" procedure.
    Make sure you follow ALL steps listed there.

    See how it goes...
    Then we'll take a look at Firefox.
  10. Rbell

    Rbell Newcomer, in training Topic Starter Posts: 27

    I did the FixIt for Internet Explorer and it seems to have fixed it. Before I was getting random underlined words that if you hovered over them there was an ad. Now I don't seem to be getting that. Also I was getting all these ads that said they were not from this site and they seem to be gone too.

    What do I need to do to reset Firefox?
  11. Broni

    Broni Malware Annihilator Posts: 46,416   +252

     
  12. Rbell

    Rbell Newcomer, in training Topic Starter Posts: 27

    Reset Firefox, but I still have the problems that I mentioned. Random underlined words that if you hover over there is an ad and ads that are all over the place and flashing.
  13. Broni

    Broni Malware Annihilator Posts: 46,416   +252

  14. Rbell

    Rbell Newcomer, in training Topic Starter Posts: 27

    Didn't make a difference.

    When I uninstalled, did I need to make the selection to "Remove my Firefox personal data and customizations." I did not do this because I didn't want to lose all of my bookmarks.
  15. Broni

    Broni Malware Annihilator Posts: 46,416   +252

  16. Broni

    Broni Malware Annihilator Posts: 46,416   +252

    Still with me?
  17. Rbell

    Rbell Newcomer, in training Topic Starter Posts: 27

    Yes, I am. I just haven't had time to sit down at the computer for a few days. And tomorrow I am going out of town for work for a few days. I will be able to work on this on Saturday. I will post then. Thanks and sorry for being so slow. I really appreciate your time and help.
  18. Broni

    Broni Malware Annihilator Posts: 46,416   +252

  19. Rbell

    Rbell Newcomer, in training Topic Starter Posts: 27

    I uninstalled everything on Firefox and then re-installed and I still have the random underlined words that will pop up ads. Also, on Internet Explorer, I had this problem start again so I re-ran the FixIt. I think it resolved it.
  20. Broni

    Broni Malware Annihilator Posts: 46,416   +252

  21. Broni

    Broni Malware Annihilator Posts: 46,416   +252

    Still with me?
  22. Broni

    Broni Malware Annihilator Posts: 46,416   +252

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.