Inactive-A Need help to uninstall xVidly

Status
Not open for further replies.
Here is the FRST.txt log.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-05-2013 02
Ran by Mom and Dad (administrator) on 22-05-2013 22:23:52
Running from C:\Documents and Settings\Mom and Dad\Desktop
Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehRecvr.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehSched.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(RealNetworks, Inc.) C:\program files\real\realplayer\update\realsched.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(New Boundary Technologies, Inc.) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard) C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicatorCom.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
(Yahoo! Inc.) C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehmsas.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.355.0\SeaPort.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Farbar) C:\Documents and Settings\Mom and Dad\Desktop\FRST.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)
HKLM\...\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe [x]
HKLM\...\Run: [SkyTel] SkyTel.EXE [x]
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [110696 2010-10-16] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [13851752 2010-10-16] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet [1753192 2010-08-26] ()
HKLM\...\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot [295512 2013-04-27] (RealNetworks, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [61440 2010-02-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM Group Policy restriction on software: %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* <====== ATTENTION
HKLM\...\Winlogon: [System]
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
HKCU\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet [6595928 2012-05-25] (Yahoo! Inc.)
HKCU\...\Run: [HP Photosmart 6510 series (NET)] "C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN22E470FS05QB:NW" -scfn "HP Photosmart 6510 series (NET)" -AutoStart 1 [1837672 2012-10-17] (Hewlett-Packard Co.)
HKCU\...\Run: [HP Photosmart 6520 series (NET)] "C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN29F1520705TZ:NW" -scfn "HP Photosmart 6520 series (NET)" -AutoStart 1 [1837672 2012-10-17] (Hewlett-Packard Co.)
Lsa: [Authentication Packages] msv1_0 nwprovau
Startup: C:\Documents and Settings\Mom and Dad\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6510 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 6510 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 6510 series\bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\Mom and Dad\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6510 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 6510 series.lnk -> (No File)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM - {2381E4B7-5C04-459E-9D46-2F9AC1608B66} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ysp
SearchScopes: HKCU - {2381E4B7-5C04-459E-9D46-2F9AC1608B66} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: Yahooo Search Protection - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: LessTabs - {3178A392-8963-471E-B7A2-969CB58D6496} - C:\Program Files\LessTabs\IE32\LessTabsClientIE.dll (LessTabs)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Get Lyrics - {AF5B5C22-498A-4239-9A51-82BDD99C6A44} - C:\Program Files\GetLyrics\getlrcs.dll (LEV Addons)
BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll No File
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll No File
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.355.0\BingExt.dll" No File
PDF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
PDF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
PDF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll No File
Winsock: Catalog5 04 %SystemRoot%\System32\nwprovau.dll [142336] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\fr6afugt.default
FF Homepage: hxxp://www.msn.com/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Garmin Communicator - C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\fr6afugt.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF Extension: Yahoo! Toolbar - C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\fr6afugt.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: HP Detect - C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\fr6afugt.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
FF Extension: tineye - C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\fr6afugt.default\Extensions\tineye@ideeinc.com.xpi
FF Extension: No Name - C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Firefox\Profiles\fr6afugt.default\Extensions\{1266764D-FC4F-4FA7-B63B-884D53B1680F}.xpi

Chrome:
=======
CHR Extension: (Google Docs) - C:\Documents and Settings\Mom and Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Documents and Settings\Mom and Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Documents and Settings\Mom and Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Documents and Settings\Mom and Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (RealDownloader) - C:\Documents and Settings\Mom and Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0
CHR Extension: (Gmail) - C:\Documents and Settings\Mom and Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

========================== Services (Whitelisted) =================

S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2010-02-10] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
R2 MSSQL$ONDSQL; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 NWCWorkstation; C:\Windows\System32\nwwks.dll [65536 2008-04-13] (Microsoft Corporation)
R2 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [65536 2011-12-23] (New Boundary Technologies, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [3565056 2010-02-11] (ATI Technologies Inc.)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [145920 2005-01-07] (Windows (R) Server 2003 DDK provider)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider)
R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [1035008 2005-07-22] (Conexant Systems, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 mxnic; C:\Windows\System32\DRIVERS\mxnic.sys [19968 2001-08-17] (Macronix International Co., Ltd. )
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R0 nvata; C:\Windows\System32\DRIVERS\nvata.sys [98432 2005-08-12] (NVIDIA Corporation)
S3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [34048 2005-07-29] (NVIDIA Corporation)
S3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [12928 2005-07-29] (NVIDIA Corporation)
R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2004-08-10] (Microsoft Corporation)
R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-10] (Microsoft Corporation)
R3 NWRDR; C:\Windows\System32\DRIVERS\nwrdr.sys [163584 2008-04-13] (Microsoft Corporation)
S1 P3; C:\Windows\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
S3 rt2870; C:\Windows\System32\DRIVERS\rt2870.sys [724736 2009-08-03] (Ralink Technology, Corp.)
S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
S3 sonypvs1; C:\Windows\System32\DRIVERS\sonypvs1.sys [102220 2002-10-15] (Sony Corporation)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
S4 Abiosdsk; No ImagePath
S4 Atdisk; No ImagePath
S3 catchme; \??\C:\DOCUME~1\MOMAND~1\LOCALS~1\Temp\catchme.sys [x]
S1 Changer; No ImagePath
S1 ctxusbm; system32\DRIVERS\ctxusbm.sys [x]
S1 lbrtfdc; No ImagePath
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 Simbad; No ImagePath
S3 WDICA; No ImagePath

==================== NetSvcs (Whitelisted) ===================

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

2013-05-22 22:23 - 2013-05-22 22:23 - 00000000 ____D C:\FRST
2013-05-22 22:22 - 2013-05-22 22:23 - 01318449 ____A (Farbar) C:\Documents and Settings\Mom and Dad\Desktop\FRST.exe
2013-05-22 22:18 - 2013-05-22 22:18 - 00000724 ____A C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2013-05-22 22:18 - 2013-05-22 22:18 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-05-22 01:49 - 2013-05-22 01:50 - 00000000 ____D C:\Program Files\Hosts_Anti_Adwares_PUPs
2013-05-22 00:50 - 2013-05-22 00:50 - 00009340 ____A C:\Documents and Settings\Mom and Dad\Desktop\JRT.txt
2013-05-22 00:44 - 2013-05-22 00:44 - 00000000 ____D C:\Windows\ERUNT
2013-05-22 00:44 - 2013-05-22 00:44 - 00000000 ____D C:\JRT
2013-05-22 00:42 - 2013-05-22 00:42 - 00545954 ____A (Oleg N. Scherbakov) C:\Documents and Settings\Mom and Dad\Desktop\JRT.exe
2013-05-22 00:38 - 2013-05-22 00:38 - 00077333 ____A C:\Documents and Settings\Mom and Dad\Desktop\AdwCleaner[S1].txt
2013-05-22 00:29 - 2013-05-22 00:30 - 00077333 ____A C:\AdwCleaner[S1].txt
2013-05-22 00:26 - 2013-05-22 00:27 - 00632031 ____A C:\Documents and Settings\Mom and Dad\Desktop\adwcleaner.exe
2013-05-21 23:41 - 2013-05-21 23:41 - 00026358 ____A C:\ComboFix.txt
2013-05-21 23:03 - 2013-05-21 23:04 - 05068564 ____R (Swearware) C:\Documents and Settings\Mom and Dad\Desktop\combofix.exe.exe
2013-05-21 11:56 - 2013-05-21 11:57 - 00000000 ____D C:\Documents and Settings\Mom and Dad\My Documents\Advance Auto Parts Shopping Cart_files
2013-05-21 11:56 - 2013-05-21 11:56 - 00185274 ____A C:\Documents and Settings\Mom and Dad\My Documents\Advance Auto Parts Shopping Cart.htm
2013-05-21 00:36 - 2013-05-21 00:36 - 00000000 RASHD C:\cmdcons
2013-05-21 00:36 - 2011-12-23 19:24 - 00000199 ____A C:\Boot.bak
2013-05-21 00:36 - 2004-08-03 23:00 - 00260272 _RASH C:\cmldr
2013-05-21 00:34 - 2013-05-21 23:42 - 00000000 ___AD C:\Qoobox
2013-05-21 00:34 - 2011-06-26 01:45 - 00256000 ____A C:\Windows\PEV.exe
2013-05-21 00:34 - 2010-11-07 12:20 - 00208896 ____A C:\Windows\MBR.exe
2013-05-21 00:34 - 2009-04-19 23:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-05-21 00:34 - 2000-08-30 19:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-05-21 00:34 - 2000-08-30 19:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-05-21 00:34 - 2000-08-30 19:00 - 00212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe
2013-05-21 00:34 - 2000-08-30 19:00 - 00098816 ____A C:\Windows\sed.exe
2013-05-21 00:34 - 2000-08-30 19:00 - 00080412 ____A C:\Windows\grep.exe
2013-05-21 00:34 - 2000-08-30 19:00 - 00068096 ____A C:\Windows\zip.exe
2013-05-21 00:33 - 2013-05-21 23:40 - 00000000 ____D C:\Windows\erdnt
2013-05-16 17:56 - 2013-05-22 20:40 - 00000462 ____A C:\Windows\Tasks\At6.job
2013-05-16 17:56 - 2013-05-22 17:56 - 00000462 ____A C:\Windows\Tasks\At7.job
2013-05-16 17:56 - 2013-05-22 14:00 - 00000462 ____A C:\Windows\Tasks\At8.job
2013-05-16 17:56 - 2013-05-22 10:10 - 00000462 ____A C:\Windows\Tasks\At5.job
2013-05-16 17:55 - 2013-05-16 17:55 - 00001993 ____A C:\Documents and Settings\All Users\Desktop\HP Photosmart 6520 series.lnk
2013-05-16 17:55 - 2013-05-16 17:55 - 00000925 ____A C:\Documents and Settings\All Users\Desktop\Shop for Supplies - HP Photosmart 6520 series.lnk
2013-05-16 17:55 - 2012-10-17 04:04 - 00580712 ____N (Hewlett-Packard Co.) C:\Windows\System32\HPDiscoPMAF11.dll
2013-05-16 14:32 - 2012-10-17 12:46 - 02216336 ___RA (Hewlett-Packard Co.) C:\Windows\System32\hpinkinsAF11.exe
2013-05-16 14:32 - 2012-10-17 12:46 - 00529808 ___RA (Hewlett-Packard Co.) C:\Windows\System32\hpinkstsAF11.dll
2013-05-16 14:32 - 2012-10-17 12:46 - 00268688 ___RA (Hewlett-Packard Co.) C:\Windows\System32\hpinkstsAF11LM.dll
2013-05-16 14:32 - 2012-10-17 12:46 - 00220560 ___RA (Hewlett-Packard Co.) C:\Windows\System32\hpinkcoiAF11.dll
2013-05-16 14:31 - 2012-10-17 12:46 - 01979280 ___RA (Hewlett-Packard Co.) C:\Windows\System32\HPScanTRDrv_PS6520.dll
2013-05-16 14:31 - 2012-10-17 12:46 - 00495504 ___RA (Hewlett-Packard) C:\Windows\System32\HPWia1_PS6520.dll
2013-05-16 03:37 - 2013-05-16 03:39 - 00021894 ____A C:\Windows\KB2829530-IE8.log
2013-05-16 03:32 - 2013-05-16 03:32 - 00006563 ____A C:\Windows\KB2847204-IE8.log
2013-05-16 03:31 - 2013-05-16 03:31 - 00007135 ____A C:\Windows\KB2820197.log
2013-05-16 03:31 - 2013-05-16 03:31 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
2013-05-16 03:01 - 2013-05-16 03:01 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-05-15 11:47 - 2013-05-15 11:47 - 00000800 ____A C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
2013-05-15 08:23 - 2013-05-16 03:01 - 00010910 ____A C:\Windows\KB2829361.log
2013-05-03 11:16 - 2013-05-03 11:16 - 00000000 ____D C:\Documents and Settings\Mom and Dad\Local Settings\Application Data\PCHealth
2013-05-02 03:27 - 2013-05-22 22:06 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-05-01 12:01 - 2006-09-13 14:00 - 00197632 ____A (CANON INC.) C:\Windows\System32\CNMLM7W.DLL
2013-04-30 16:46 - 2013-04-30 16:46 - 00000000 ___HD C:\Program Files\CanonBJ
2013-04-28 15:09 - 2013-04-09 17:56 - 00001906 ____A C:\Documents and Settings\All Users\Desktop\VAFPlayer.lnk
2013-04-28 15:08 - 2013-04-28 15:08 - 00000000 ____D C:\Program Files\Tuguu SL
2013-04-28 15:08 - 2013-04-09 17:56 - 00000000 ____D C:\Documents and Settings\Mom and Dad\Application Data\player
2013-04-27 13:48 - 2013-04-27 13:48 - 00000929 ____A C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
2013-04-27 13:48 - 2013-04-27 13:48 - 00000000 ____D C:\Program Files\RealNetworks
2013-04-27 13:48 - 2013-04-27 13:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RealNetworks
2013-04-27 13:32 - 2013-04-27 13:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
2013-04-27 13:31 - 2013-04-27 13:31 - 00000000 ____D C:\Documents and Settings\Mom and Dad\Local Settings\Application Data\AVG SafeGuard toolbar
2013-04-27 13:31 - 2013-04-27 13:31 - 00000000 ____D C:\Documents and Settings\Mom and Dad\Application Data\1O1L1I1PtF1F1C1N
2013-04-27 13:30 - 2013-04-29 15:47 - 00033112 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2013-04-27 13:30 - 2013-04-29 15:47 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar
2013-04-27 13:30 - 2013-04-28 13:29 - 00000000 ____A C:\Windows\System32\TempWmicBatchFile.bat
2013-04-27 13:30 - 2013-04-27 13:30 - 00000000 ____D C:\Documents and Settings\Mom and Dad\Application Data\AVG SafeGuard toolbar
2013-04-26 18:36 - 2013-04-26 18:36 - 00000000 ____D C:\Documents and Settings\Mom and Dad\Desktop\New Folder

==================== One Month Modified Files and Folders ========

2013-05-22 22:23 - 2013-05-22 22:23 - 00000000 ____D C:\FRST
2013-05-22 22:23 - 2013-05-22 22:22 - 01318449 ____A (Farbar) C:\Documents and Settings\Mom and Dad\Desktop\FRST.exe
2013-05-22 22:18 - 2013-05-22 22:18 - 00000724 ____A C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2013-05-22 22:18 - 2013-05-22 22:18 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-05-22 22:17 - 2013-04-11 21:34 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-22 22:06 - 2013-05-02 03:27 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-05-22 22:01 - 2005-01-09 20:10 - 01432742 ____A C:\Windows\WindowsUpdate.log
2013-05-22 21:59 - 2013-04-09 20:43 - 00000374 ____A C:\Windows\Tasks\Get Lyrics Update.job
2013-05-22 21:59 - 2012-12-22 00:54 - 00000298 ____A C:\Windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2110839388-3549234766-3366838200-1006.job
2013-05-22 21:59 - 2012-12-22 00:54 - 00000290 ____A C:\Windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2110839388-3549234766-3366838200-1006.job
2013-05-22 21:59 - 2005-01-09 20:07 - 00000000 ____D C:\Windows\Registration
2013-05-22 21:58 - 2005-01-09 12:03 - 00000159 ____A C:\Windows\wiadebug.log
2013-05-22 21:58 - 2005-01-09 12:03 - 00000049 ____A C:\Windows\wiaservc.log
2013-05-22 21:57 - 2012-12-22 11:08 - 00000406 ____A C:\Windows\Tasks\ProgramUpdateCheck.job
2013-05-22 21:57 - 2012-10-24 15:48 - 00000290 ____A C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2110839388-3549234766-3366838200-1006.job
2013-05-22 21:57 - 2011-12-29 12:18 - 00000398 ____A C:\Windows\Tasks\Final Media Player Update Checker.job
2013-05-22 21:56 - 2013-01-11 23:44 - 00000312 ____A C:\Windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2110839388-3549234766-3366838200-1006.job
2013-05-22 21:56 - 2011-12-23 20:34 - 00000062 __ASH C:\Documents and Settings\Mom and Dad\Local Settings\desktop.ini
2013-05-22 21:56 - 2005-01-09 20:19 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-05-22 21:56 - 2005-01-09 20:19 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-05-22 21:56 - 2005-01-09 20:19 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-22 20:54 - 2012-12-14 00:47 - 00524288 ____A C:\Windows\System32\config\ACEEvent.evt
2013-05-22 20:54 - 2011-12-23 20:34 - 00000278 ___SH C:\Documents and Settings\Mom and Dad\ntuser.ini
2013-05-22 20:54 - 2005-01-09 20:19 - 00032544 ____A C:\Windows\SchedLgU.Txt
2013-05-22 20:46 - 2012-04-11 07:49 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-22 20:40 - 2013-05-16 17:56 - 00000462 ____A C:\Windows\Tasks\At6.job
2013-05-22 20:40 - 2012-04-16 00:05 - 00000460 ____A C:\Windows\Tasks\At2.job
2013-05-22 20:30 - 2012-06-23 22:20 - 00000502 ____A C:\Windows\Tasks\HP Photo Creations Communicator.job
2013-05-22 17:56 - 2013-05-16 17:56 - 00000462 ____A C:\Windows\Tasks\At7.job
2013-05-22 14:00 - 2013-05-16 17:56 - 00000462 ____A C:\Windows\Tasks\At8.job
2013-05-22 14:00 - 2012-04-16 00:05 - 00000460 ____A C:\Windows\Tasks\At4.job
2013-05-22 11:05 - 2012-06-27 23:41 - 00000000 ____D C:\Documents and Settings\All Users\Documents\Invoices
2013-05-22 10:54 - 2012-01-24 20:36 - 01739414 __ASH C:\Documents and Settings\Mom and Dad\My Documents\Thumbs.db
2013-05-22 10:37 - 2012-04-16 00:05 - 00000460 ____A C:\Windows\Tasks\At3.job
2013-05-22 10:10 - 2013-05-16 17:56 - 00000462 ____A C:\Windows\Tasks\At5.job
2013-05-22 10:10 - 2012-12-22 11:10 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\FileTypeAssistant
2013-05-22 10:10 - 2012-12-22 11:08 - 00000462 ____A C:\Windows\Tasks\ProgramRefresh-ATFST.job
2013-05-22 10:10 - 2012-04-16 00:05 - 00000460 ____A C:\Windows\Tasks\At1.job
2013-05-22 10:10 - 2011-12-29 12:18 - 00000000 ____D C:\Program Files\File Type Assistant
2013-05-22 09:53 - 2011-12-24 10:08 - 00039424 ____A C:\Documents and Settings\Mom and Dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-22 01:50 - 2013-05-22 01:49 - 00000000 ____D C:\Program Files\Hosts_Anti_Adwares_PUPs
2013-05-22 00:50 - 2013-05-22 00:50 - 00009340 ____A C:\Documents and Settings\Mom and Dad\Desktop\JRT.txt
2013-05-22 00:44 - 2013-05-22 00:44 - 00000000 ____D C:\Windows\ERUNT
2013-05-22 00:44 - 2013-05-22 00:44 - 00000000 ____D C:\JRT
2013-05-22 00:42 - 2013-05-22 00:42 - 00545954 ____A (Oleg N. Scherbakov) C:\Documents and Settings\Mom and Dad\Desktop\JRT.exe
2013-05-22 00:38 - 2013-05-22 00:38 - 00077333 ____A C:\Documents and Settings\Mom and Dad\Desktop\AdwCleaner[S1].txt
2013-05-22 00:30 - 2013-05-22 00:29 - 00077333 ____A C:\AdwCleaner[S1].txt
2013-05-22 00:27 - 2013-05-22 00:26 - 00632031 ____A C:\Documents and Settings\Mom and Dad\Desktop\adwcleaner.exe
2013-05-21 23:42 - 2013-05-21 00:34 - 00000000 ___AD C:\Qoobox
2013-05-21 23:41 - 2013-05-21 23:41 - 00026358 ____A C:\ComboFix.txt
2013-05-21 23:40 - 2013-05-21 00:33 - 00000000 ____D C:\Windows\erdnt
2013-05-21 23:39 - 2005-01-09 18:48 - 00000246 ____A C:\Windows\system.ini
2013-05-21 23:04 - 2013-05-21 23:03 - 05068564 ____R (Swearware) C:\Documents and Settings\Mom and Dad\Desktop\combofix.exe.exe
2013-05-21 23:00 - 2013-01-10 04:33 - 02026016 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2013-05-21 15:54 - 2012-09-03 21:43 - 00012262 ____A C:\Documents and Settings\Mom and Dad\Application Data\Rim.Desktop.Exception.log
2013-05-21 15:53 - 2012-09-03 21:43 - 00003311 ____A C:\Documents and Settings\Mom and Dad\Application Data\Rim.DesktopHelper.Exception.log
2013-05-21 11:57 - 2013-05-21 11:56 - 00000000 ____D C:\Documents and Settings\Mom and Dad\My Documents\Advance Auto Parts Shopping Cart_files
2013-05-21 11:56 - 2013-05-21 11:56 - 00185274 ____A C:\Documents and Settings\Mom and Dad\My Documents\Advance Auto Parts Shopping Cart.htm
2013-05-21 08:40 - 2012-11-05 11:02 - 00000000 ____D C:\Documents and Settings\Mom and Dad\Application Data\vlc
2013-05-21 00:36 - 2013-05-21 00:36 - 00000000 RASHD C:\cmdcons
2013-05-21 00:36 - 2005-01-09 18:49 - 00000314 _RASH C:\boot.ini
2013-05-21 00:09 - 2012-04-16 00:01 - 00000000 ____D C:\Documents and Settings\Mom and Dad\Local Settings\Application Data\HP
2013-05-20 10:10 - 2012-12-22 11:08 - 00000000 ____D C:\Documents and Settings\Mom and Dad\Local Settings\Application Data\FileTypeAssistant
2013-05-18 10:52 - 2012-12-22 00:15 - 00380713 ____A C:\Windows\setupapi.log
2013-05-17 23:41 - 2012-10-24 15:48 - 00000298 ____A C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2110839388-3549234766-3366838200-1006.job
2013-05-17 22:44 - 2013-01-11 23:44 - 00000320 ____A C:\Windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2110839388-3549234766-3366838200-1006.job
2013-05-16 17:55 - 2013-05-16 17:55 - 00001993 ____A C:\Documents and Settings\All Users\Desktop\HP Photosmart 6520 series.lnk
2013-05-16 17:55 - 2013-05-16 17:55 - 00000925 ____A C:\Documents and Settings\All Users\Desktop\Shop for Supplies - HP Photosmart 6520 series.lnk
2013-05-16 17:53 - 2005-01-09 11:50 - 00000000 ____D C:\Windows\twain_32
2013-05-16 17:51 - 2012-04-16 00:02 - 00000000 ____D C:\Program Files\HP
2013-05-16 14:31 - 2012-04-16 00:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HP
2013-05-16 12:11 - 2005-01-09 20:06 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-16 08:26 - 2005-01-09 11:59 - 00189000 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-16 03:39 - 2013-05-16 03:37 - 00021894 ____A C:\Windows\KB2829530-IE8.log
2013-05-16 03:39 - 2005-01-09 20:28 - 00232399 ____A C:\Windows\updspapi.log
2013-05-16 03:39 - 2005-01-09 12:00 - 02315226 ____A C:\Windows\FaxSetup.log
2013-05-16 03:39 - 2005-01-09 12:00 - 01124743 ____A C:\Windows\ocgen.log
2013-05-16 03:39 - 2005-01-09 12:00 - 01071600 ____A C:\Windows\tsoc.log
2013-05-16 03:39 - 2005-01-09 12:00 - 00715024 ____A C:\Windows\msmqinst.log
2013-05-16 03:39 - 2005-01-09 12:00 - 00658742 ____A C:\Windows\comsetup.log
2013-05-16 03:39 - 2005-01-09 12:00 - 00535447 ____A C:\Windows\iis6.log
2013-05-16 03:39 - 2005-01-09 12:00 - 00421436 ____A C:\Windows\netfxocm.log
2013-05-16 03:39 - 2005-01-09 12:00 - 00399217 ____A C:\Windows\ntdtcsetup.log
2013-05-16 03:39 - 2005-01-09 12:00 - 00265608 ____A C:\Windows\plusoc.log
2013-05-16 03:39 - 2005-01-09 12:00 - 00251543 ____A C:\Windows\MedCtrOC.log
2013-05-16 03:39 - 2005-01-09 12:00 - 00125888 ____A C:\Windows\ehOCGen.log
2013-05-16 03:39 - 2005-01-09 12:00 - 00117142 ____A C:\Windows\tabletoc.log
2013-05-16 03:39 - 2005-01-09 12:00 - 00116642 ____A C:\Windows\msgsocm.log
2013-05-16 03:39 - 2005-01-09 12:00 - 00108854 ____A C:\Windows\ocmsn.log
2013-05-16 03:39 - 2005-01-09 12:00 - 00001374 ____A C:\Windows\imsins.log
2013-05-16 03:38 - 2011-12-24 21:39 - 00000000 ____D C:\Windows\ie8updates
2013-05-16 03:36 - 2005-01-09 12:00 - 00696352 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-16 03:32 - 2013-05-16 03:32 - 00006563 ____A C:\Windows\KB2847204-IE8.log
2013-05-16 03:32 - 2005-01-09 12:00 - 00001374 ____A C:\Windows\imsins.BAK
2013-05-16 03:31 - 2013-05-16 03:31 - 00007135 ____A C:\Windows\KB2820197.log
2013-05-16 03:31 - 2013-05-16 03:31 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
2013-05-16 03:31 - 2005-01-09 20:21 - 00000000 ___HD C:\Windows\$hf_mig$
2013-05-16 03:16 - 2011-12-24 19:22 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-16 03:01 - 2013-05-16 03:01 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-05-16 03:01 - 2013-05-15 08:23 - 00010910 ____A C:\Windows\KB2829361.log
2013-05-15 11:47 - 2013-05-15 11:47 - 00000800 ____A C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
2013-05-15 10:46 - 2012-04-11 07:49 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-05-15 10:46 - 2011-12-24 09:54 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-05-14 08:20 - 2012-04-16 00:04 - 00000000 ____D C:\Documents and Settings\Mom and Dad\Application Data\HpUpdate
2013-05-14 08:13 - 2005-01-09 18:48 - 00001170 ____A C:\Windows\System32\wpa.dbl
2013-05-06 23:27 - 2011-12-23 19:19 - 06015488 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-06 23:27 - 2010-04-16 10:36 - 06015488 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll
2013-05-03 11:16 - 2013-05-03 11:16 - 00000000 ____D C:\Documents and Settings\Mom and Dad\Local Settings\Application Data\PCHealth
2013-05-02 12:55 - 2005-01-09 20:26 - 00045104 ____A C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-05-02 10:28 - 2011-12-23 21:30 - 00238872 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-05-02 03:17 - 2011-12-23 21:20 - 00001919 ____A C:\Windows\epplauncher.mif
2013-05-01 11:56 - 2013-04-09 16:01 - 00065536 ____A C:\Windows\System32\config\TuneUp.evt
2013-04-30 20:32 - 2011-12-24 19:27 - 00302001 ____A C:\Windows\ie8_main.log
2013-04-30 20:24 - 2005-01-09 11:59 - 00402398 ____A C:\Windows\setupact.log
2013-04-30 19:48 - 2005-01-09 20:38 - 00111649 ____A C:\Windows\spupdsvc.log
2013-04-30 17:54 - 2012-01-09 04:00 - 00013423 ____A C:\Windows\KB929399.log
2013-04-30 16:46 - 2013-04-30 16:46 - 00000000 ___HD C:\Program Files\CanonBJ
2013-04-29 15:47 - 2013-04-27 13:30 - 00033112 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2013-04-29 15:47 - 2013-04-27 13:30 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar
2013-04-28 15:09 - 2011-12-23 20:34 - 00045104 ____A C:\Documents and Settings\Mom and Dad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-04-28 15:08 - 2013-04-28 15:08 - 00000000 ____D C:\Program Files\Tuguu SL
2013-04-28 13:29 - 2013-04-27 13:30 - 00000000 ____A C:\Windows\System32\TempWmicBatchFile.bat
2013-04-27 13:49 - 2012-08-11 14:20 - 00000000 ____D C:\Documents and Settings\Mom and Dad\Application Data\RealNetworks
2013-04-27 13:48 - 2013-04-27 13:48 - 00000929 ____A C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
2013-04-27 13:48 - 2013-04-27 13:48 - 00000000 ____D C:\Program Files\RealNetworks
2013-04-27 13:48 - 2013-04-27 13:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RealNetworks
2013-04-27 13:46 - 2012-08-11 13:50 - 00201872 ____A (RealNetworks, Inc.) C:\Windows\System32\rmoc3260.dll
2013-04-27 13:45 - 2012-08-11 13:50 - 00272896 ____A (Progressive Networks) C:\Windows\System32\pncrt.dll
2013-04-27 13:45 - 2012-08-11 13:50 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5016.dll
2013-04-27 13:45 - 2012-08-11 13:50 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5032.dll
2013-04-27 13:43 - 2012-08-11 13:50 - 00499712 ____A (Microsoft Corporation) C:\Windows\System32\msvcp71.dll
2013-04-27 13:43 - 2012-08-11 13:50 - 00348160 ____A (Microsoft Corporation) C:\Windows\System32\msvcr71.dll
2013-04-27 13:32 - 2013-04-27 13:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
2013-04-27 13:31 - 2013-04-27 13:31 - 00000000 ____D C:\Documents and Settings\Mom and Dad\Local Settings\Application Data\AVG SafeGuard toolbar
2013-04-27 13:31 - 2013-04-27 13:31 - 00000000 ____D C:\Documents and Settings\Mom and Dad\Application Data\1O1L1I1PtF1F1C1N
2013-04-27 13:30 - 2013-04-27 13:30 - 00000000 ____D C:\Documents and Settings\Mom and Dad\Application Data\AVG SafeGuard toolbar
2013-04-26 18:53 - 2012-08-11 21:44 - 00000564 ____A C:\Windows\PStudio.ini
2013-04-26 18:36 - 2013-04-26 18:36 - 00000000 ____D C:\Documents and Settings\Mom and Dad\Desktop\New Folder
2013-04-23 21:52 - 2012-01-23 23:25 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR

Other Malware:
===========
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
 
Here is the addition.txt log

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-05-2013 02
Ran by Mom and Dad at 2013-05-22 22:24:58 Run:
Running from C:\Documents and Settings\Mom and Dad\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
American Greetings CreataCard Platinum 6
ArcSoft Panorama Maker 4
ATI - Software Uninstall Utility (Version: 6.14.10.1022)
ATI Catalyst Control Center (Version: 2.010.0210.2338)
ATI Display Driver (Version: 8.593.100-100210a-095952E-ATI)
Bing Bar (Version: 7.1.355.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
BlackBerry Device Software Updater (Version: 7.1.0.34)
BlackBerry Device Software v4.6.1 for the BlackBerry 8520 smartphone (Version: 4.6.1.259 (Platform 4.2.0.116))
BlackBerry Device Software v5.0.0 for the BlackBerry 8520 smartphone (Version: 5.0.0.900 (Platform 5.2.0.96))
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Full Existing (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Full New (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Light (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Previews Common (Version: 2010.0210.2339.42455)
Catalyst Control Center HydraVision Full (Version: 2010.0210.2339.42455)
Catalyst Control Center Localization All (Version: 2010.0210.2339.42455)
CCC Help Chinese Standard (Version: 2010.0210.2338.42455)
CCC Help Chinese Traditional (Version: 2010.0210.2338.42455)
CCC Help Czech (Version: 2010.0210.2338.42455)
CCC Help Danish (Version: 2010.0210.2338.42455)
CCC Help Dutch (Version: 2010.0210.2338.42455)
CCC Help English (Version: 2010.0210.2338.42455)
CCC Help Finnish (Version: 2010.0210.2338.42455)
CCC Help French (Version: 2010.0210.2338.42455)
CCC Help German (Version: 2010.0210.2338.42455)
CCC Help Greek (Version: 2010.0210.2338.42455)
CCC Help Hungarian (Version: 2010.0210.2338.42455)
CCC Help Italian (Version: 2010.0210.2338.42455)
CCC Help Japanese (Version: 2010.0210.2338.42455)
CCC Help Korean (Version: 2010.0210.2338.42455)
CCC Help Norwegian (Version: 2010.0210.2338.42455)
CCC Help Polish (Version: 2010.0210.2338.42455)
CCC Help Portuguese (Version: 2010.0210.2338.42455)
CCC Help Russian (Version: 2010.0210.2338.42455)
CCC Help Spanish (Version: 2010.0210.2338.42455)
CCC Help Swedish (Version: 2010.0210.2338.42455)
CCC Help Thai (Version: 2010.0210.2338.42455)
CCC Help Turkish (Version: 2010.0210.2338.42455)
ccc-core-preinstall (Version: 2010.0210.2339.42455)
ccc-core-static (Version: 2010.0210.2339.42455)
ccc-utility (Version: 2010.0210.2339.42455)
Citrix online plug-in (DV) (Version: 12.0.0.6410)
Citrix online plug-in (HDX) (Version: 12.0.0.6410)
Citrix online plug-in (USB) (Version: 12.0.0.6410)
Citrix online plug-in (Web) (Version: 12.0.0.6410)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
File Type Assistant (Version: 2013.4.8.0)
Final Media Player 2012 (Version: 2012.10.9.0)
Garmin USB Drivers (Version: 2.3.1.0)
Garmin WebUpdater (Version: 2.5.6)
Get Lyrics
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HP FWUpdateEDO2 (Version: 1.2.0.0)
HP Photo Creations (Version: 1.0.0.11502)
HP Photosmart 6510 series Basic Device Software (Version: 28.0.1315.0)
HP Photosmart 6510 series Help (Version: 140.0.2.2)
HP Photosmart 6510 series Product Improvement Study (Version: 28.0.1315.0)
HP Photosmart 6520 series Basic Device Software (Version: 28.0.1315.0)
HP Photosmart 6520 series Help (Version: 28.0.0)
HP Photosmart 6520 series Product Improvement Study (Version: 28.0.1315.0)
HP Product Detection (Version: 11.14.0001)
HP Update (Version: 5.003.003.001)
HPDiagnosticAlert (Version: 1.00.0000)
Image Transfer
ImageMixer for Sony
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
Java(TM) 6 Update 33 (Version: 6.0.330)
JavaFX 2.1.1 (Version: 2.1.1)
LessTabs (Version: 1.7.1.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (ONDSQL) (Version: 9.4.5000.00)
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Web Publishing Wizard 1.52
Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (Version: 6.10.1129.0)
Nikon Message Center (Version: 0.92.000)
Nikon Transfer (Version: 1.0.2)
NVIDIA Control Panel 260.99 (Version: 260.99)
NVIDIA Drivers
NVIDIA Graphics Driver 260.99 (Version: 260.99)
NVIDIA Install Application (Version: 2.0.14.0)
NVIDIA nView 135.36 (Version: 135.36)
NVIDIA nView Desktop Manager (Version: 6.14.10.13065)
PASS Gallery (Version: 1.0.735)
Ralink RT2870 Wireless LAN Card (Version: 1.5.4.0)
RDC-4300 Software Suite
RealDownloader (Version: 1.3.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 15.0.6)
RealPlayer (Version: 16.0.0)
Realtek High Definition Audio Driver (Version: 5.10.0.5324)
RealUpgrade 1.1 (Version: 1.1.0)
Sierra Electrical Wiring
Sierra Utilities
Skins (Version: 2010.0210.2339.42455)
Soft Data Fax Modem with SmartCP
Sonic Encoders (Version: 1.00)
Sony USB Driver
TeamViewer 8 (Version: 8.0.16642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB953356) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update Rollup 2 for Windows XP Media Center Edition 2005
Video Downloader (Version: 1.14)
Video Downloader version 2.0 (Version: 2.0)
VLC media player 2.0.6 (Version: 2.0.6)
WebFldrs XP (Version: 9.50.7523)
Windows Backup Utility (Version: 5.1)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)
xVidly (Version: 1.0)
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update

==================== Restore Points =========================

22-02-2013 07:33:03 Software Distribution Service 3.0
23-02-2013 00:49:34 Software Distribution Service 3.0
23-02-2013 07:57:27 Software Distribution Service 3.0
24-02-2013 00:49:47 Software Distribution Service 3.0
24-02-2013 07:31:57 Software Distribution Service 3.0
25-02-2013 00:49:49 Software Distribution Service 3.0
25-02-2013 07:32:55 Software Distribution Service 3.0
26-02-2013 00:49:34 Software Distribution Service 3.0
26-02-2013 07:31:56 Software Distribution Service 3.0
27-02-2013 07:42:02 System Checkpoint
27-02-2013 08:05:53 Software Distribution Service 3.0
28-02-2013 02:50:21 Software Distribution Service 3.0
28-02-2013 08:06:12 Software Distribution Service 3.0
01-03-2013 02:49:58 Software Distribution Service 3.0
01-03-2013 08:05:41 Software Distribution Service 3.0
02-03-2013 02:51:59 Software Distribution Service 3.0
03-03-2013 02:50:06 Software Distribution Service 3.0
03-03-2013 08:06:15 Software Distribution Service 3.0
04-03-2013 02:50:06 Software Distribution Service 3.0
04-03-2013 08:20:30 Software Distribution Service 3.0
05-03-2013 07:16:11 Software Distribution Service 3.0
06-03-2013 07:16:11 Software Distribution Service 3.0
07-03-2013 07:17:38 Software Distribution Service 3.0
08-03-2013 07:14:42 Software Distribution Service 3.0
09-03-2013 07:15:37 Software Distribution Service 3.0
09-03-2013 08:20:20 Software Distribution Service 3.0
10-03-2013 07:15:48 Software Distribution Service 3.0
11-03-2013 07:24:13 Software Distribution Service 3.0
12-03-2013 01:04:02 Software Distribution Service 3.0
13-03-2013 01:37:29 System Checkpoint
13-03-2013 06:51:30 Software Distribution Service 3.0
13-03-2013 22:26:17 Software Distribution Service 3.0
14-03-2013 06:49:41 Software Distribution Service 3.0
14-03-2013 08:00:21 Software Distribution Service 3.0
15-03-2013 06:59:02 Software Distribution Service 3.0
16-03-2013 06:59:14 Software Distribution Service 3.0
16-03-2013 13:03:27 Software Distribution Service 3.0
17-03-2013 05:32:20 Unsigned driver install
17-03-2013 06:59:00 Software Distribution Service 3.0
17-03-2013 13:03:16 Software Distribution Service 3.0
18-03-2013 06:59:20 Software Distribution Service 3.0
18-03-2013 13:04:40 Software Distribution Service 3.0
19-03-2013 06:58:15 Software Distribution Service 3.0
19-03-2013 13:03:26 Software Distribution Service 3.0
20-03-2013 06:59:46 Software Distribution Service 3.0
20-03-2013 13:04:52 Software Distribution Service 3.0
21-03-2013 06:59:16 Software Distribution Service 3.0
21-03-2013 13:03:18 Software Distribution Service 3.0
22-03-2013 04:33:24 Software Distribution Service 3.0
22-03-2013 04:57:34 Software Distribution Service 3.0
22-03-2013 07:23:28 Software Distribution Service 3.0
22-03-2013 18:23:07 Removed Microsoft WSE 3.0 Runtime
22-03-2013 18:26:49 Removed WinZip 17.0
23-03-2013 00:05:38 Installed Strongvault Online Backup
23-03-2013 00:07:37 Removed Strongvault Online Backup
23-03-2013 00:07:53 Removed Strongvault Online Backup
23-03-2013 07:06:25 Software Distribution Service 3.0
23-03-2013 22:57:23 Software Distribution Service 3.0
24-03-2013 07:04:51 Software Distribution Service 3.0
24-03-2013 22:57:09 Software Distribution Service 3.0
25-03-2013 02:23:04 Installed TI Connect 1.6
25-03-2013 07:03:21 Software Distribution Service 3.0
26-03-2013 02:24:13 Software Distribution Service 3.0
26-03-2013 07:02:15 Software Distribution Service 3.0
27-03-2013 02:20:41 Software Distribution Service 3.0
27-03-2013 07:04:05 Software Distribution Service 3.0
27-03-2013 08:00:19 Software Distribution Service 3.0
28-03-2013 01:07:14 Removed TI Connect 1.6
28-03-2013 02:19:22 Software Distribution Service 3.0
28-03-2013 07:02:12 Software Distribution Service 3.0
29-03-2013 02:18:09 Software Distribution Service 3.0
29-03-2013 07:02:13 Software Distribution Service 3.0
30-03-2013 06:49:14 Software Distribution Service 3.0
31-03-2013 07:06:25 Software Distribution Service 3.0
31-03-2013 22:46:02 Software Distribution Service 3.0
01-04-2013 23:26:46 System Checkpoint
02-04-2013 12:32:36 Software Distribution Service 3.0
03-04-2013 06:43:56 Software Distribution Service 3.0
03-04-2013 12:30:31 Software Distribution Service 3.0
04-04-2013 12:38:55 System Checkpoint
05-04-2013 07:23:53 Software Distribution Service 3.0
05-04-2013 11:48:13 Software Distribution Service 3.0
06-04-2013 07:23:17 Software Distribution Service 3.0
06-04-2013 11:43:49 Software Distribution Service 3.0
07-04-2013 07:23:06 Software Distribution Service 3.0
08-04-2013 07:23:03 Software Distribution Service 3.0
08-04-2013 11:41:31 Software Distribution Service 3.0
09-04-2013 07:23:07 Software Distribution Service 3.0
09-04-2013 11:42:10 Software Distribution Service 3.0
09-04-2013 23:11:49 Removed AVG PC TuneUp
09-04-2013 23:12:55 Removed AVG PC TuneUp Language Pack (en-US)
10-04-2013 07:23:03 Software Distribution Service 3.0
10-04-2013 11:42:23 Software Distribution Service 3.0
11-04-2013 07:21:53 Software Distribution Service 3.0
11-04-2013 08:00:24 Software Distribution Service 3.0
12-04-2013 07:25:37 Software Distribution Service 3.0
12-04-2013 08:00:20 Software Distribution Service 3.0
12-04-2013 13:34:29 Software Distribution Service 3.0
13-04-2013 07:25:18 Software Distribution Service 3.0
13-04-2013 13:33:48 Software Distribution Service 3.0
14-04-2013 07:26:23 Software Distribution Service 3.0
14-04-2013 13:33:54 Software Distribution Service 3.0
15-04-2013 07:25:33 Software Distribution Service 3.0
15-04-2013 13:35:19 Software Distribution Service 3.0
16-04-2013 07:26:00 Software Distribution Service 3.0
17-04-2013 13:03:14 Software Distribution Service 3.0
18-04-2013 06:46:43 Software Distribution Service 3.0
18-04-2013 13:04:36 Software Distribution Service 3.0
19-04-2013 06:50:28 Software Distribution Service 3.0
19-04-2013 14:24:04 Software Distribution Service 3.0
20-04-2013 06:50:01 Software Distribution Service 3.0
20-04-2013 14:23:01 Software Distribution Service 3.0
21-04-2013 07:11:21 Software Distribution Service 3.0
22-04-2013 02:12:09 Software Distribution Service 3.0
22-04-2013 07:10:41 Software Distribution Service 3.0
23-04-2013 02:13:02 Software Distribution Service 3.0
24-04-2013 05:04:21 System Checkpoint
24-04-2013 06:57:19 Software Distribution Service 3.0
24-04-2013 13:04:18 Software Distribution Service 3.0
25-04-2013 06:55:50 Software Distribution Service 3.0
25-04-2013 13:01:25 Software Distribution Service 3.0
26-04-2013 06:57:14 Software Distribution Service 3.0
26-04-2013 13:02:49 Software Distribution Service 3.0
27-04-2013 06:56:59 Software Distribution Service 3.0
27-04-2013 13:02:35 Software Distribution Service 3.0
28-04-2013 06:57:07 Software Distribution Service 3.0
28-04-2013 13:02:40 Software Distribution Service 3.0
28-04-2013 20:00:17 Installed Strongvault Online Backup
28-04-2013 20:37:23 Removed MSXML 6.0 Parser
28-04-2013 20:38:13 Removed Strongvault Online Backup
28-04-2013 20:38:40 Removed Strongvault Online Backup
29-04-2013 06:41:21 Software Distribution Service 3.0
29-04-2013 08:00:17 Software Distribution Service 3.0
29-04-2013 20:58:38 Software Distribution Service 3.0
30-04-2013 06:41:10 Software Distribution Service 3.0
30-04-2013 08:00:21 Software Distribution Service 3.0
30-04-2013 22:53:43 Software Distribution Service 3.0
01-05-2013 07:21:05 Software Distribution Service 3.0
01-05-2013 15:32:44 Software Distribution Service 3.0
01-05-2013 16:50:20 wed may 1-2013 restore point
01-05-2013 16:56:15 Restore Operation
01-05-2013 17:02:49 Software Distribution Service 3.0
01-05-2013 17:31:06 Restore Operation
01-05-2013 17:37:20 Software Distribution Service 3.0
02-05-2013 07:00:25 Software Distribution Service 3.0
02-05-2013 08:00:34 Software Distribution Service 3.0
02-05-2013 17:41:04 Restore Operation
02-05-2013 17:46:35 Software Distribution Service 3.0
02-05-2013 18:03:57 Software Distribution Service 3.0
03-05-2013 06:57:47 Software Distribution Service 3.0
03-05-2013 08:00:47 Software Distribution Service 3.0
03-05-2013 17:57:19 Software Distribution Service 3.0
04-05-2013 06:57:03 Software Distribution Service 3.0
04-05-2013 08:00:22 Software Distribution Service 3.0
04-05-2013 17:57:01 Software Distribution Service 3.0
05-05-2013 06:58:03 Software Distribution Service 3.0
05-05-2013 08:00:22 Software Distribution Service 3.0
05-05-2013 17:58:09 Software Distribution Service 3.0
06-05-2013 06:56:37 Software Distribution Service 3.0
06-05-2013 08:00:23 Software Distribution Service 3.0
06-05-2013 17:56:59 Software Distribution Service 3.0
07-05-2013 06:57:19 Software Distribution Service 3.0
07-05-2013 08:00:22 Software Distribution Service 3.0
07-05-2013 17:57:04 Software Distribution Service 3.0
08-05-2013 06:57:29 Software Distribution Service 3.0
08-05-2013 08:00:22 Software Distribution Service 3.0
08-04-2013 16:47:13 System Checkpoint
09-04-2013 17:57:12 Software Distribution Service 3.0
09-04-2013 22:41:53 Installed Strongvault Online Backup
09-04-2013 23:01:24 Removed Strongvault Online Backup
09-04-2013 23:01:44 Removed Strongvault Online Backup
09-04-2013 23:13:56 Software Distribution Service 3.0
10-04-2013 01:40:59 Installed Strongvault Online Backup
10-04-2013 01:50:18 Software Distribution Service 3.0
10-04-2013 02:09:31 Removed Strongvault Online Backup
10-04-2013 02:10:29 Removed Strongvault Online Backup
10-04-2013 03:11:00 Software Distribution Service 3.0
10-04-2013 04:59:27 Software Distribution Service 3.0
10-04-2013 06:49:16 Software Distribution Service 3.0
10-04-2013 08:00:20 Software Distribution Service 3.0
11-04-2013 03:06:38 Software Distribution Service 3.0
11-04-2013 03:26:00 Software Distribution Service 3.0
11-04-2013 06:32:29 Software Distribution Service 3.0
11-04-2013 08:00:50 Software Distribution Service 3.0
11-04-2013 16:23:13 Software Distribution Service 3.0
12-04-2013 02:21:18 Software Distribution Service 3.0
12-04-2013 06:33:24 Software Distribution Service 3.0
12-04-2013 08:00:21 Software Distribution Service 3.0
12-04-2013 22:49:45 Software Distribution Service 3.0
13-04-2013 06:03:14 Software Distribution Service 3.0
14-05-2013 06:29:33 Software Distribution Service 3.0
14-05-2013 13:24:16 Software Distribution Service 3.0
14-05-2013 14:08:23 Software Distribution Service 3.0
15-05-2013 06:18:51 Software Distribution Service 3.0
16-05-2013 07:18:47 Software Distribution Service 3.0
16-05-2013 08:00:33 Software Distribution Service 3.0
16-05-2013 13:39:02 Software Distribution Service 3.0
17-05-2013 07:13:16 Software Distribution Service 3.0
17-05-2013 08:00:22 Software Distribution Service 3.0
17-05-2013 13:37:50 Software Distribution Service 3.0
18-05-2013 07:12:52 Software Distribution Service 3.0
18-05-2013 08:00:23 Software Distribution Service 3.0
18-05-2013 13:39:57 Software Distribution Service 3.0
19-05-2013 07:12:28 Software Distribution Service 3.0
19-05-2013 08:00:22 Software Distribution Service 3.0
19-05-2013 13:39:53 Software Distribution Service 3.0
20-05-2013 07:12:42 Software Distribution Service 3.0
20-05-2013 08:00:21 Software Distribution Service 3.0
20-05-2013 13:39:56 Software Distribution Service 3.0
21-05-2013 05:15:29 before combofix download
21-05-2013 08:00:26 Software Distribution Service 3.0
21-05-2013 13:42:57 Software Distribution Service 3.0
22-05-2013 03:31:02 before combofix download take 2
22-05-2013 07:05:12 Software Distribution Service 3.0
22-05-2013 08:00:22 Software Distribution Service 3.0

==================== Faulty Device Manager Devices =============

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/22/2013 10:05:24 PM) (Source: Application Hang) (User: )
Description: Hanging application OTL.exe, version 3.2.69.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/22/2013 03:14:14 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4 Client Profile - Update 'KB2656351' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\KB2656351_20130522_030033187-Microsoft .NET Framework 4 Client Profile-MSP0.txt.

Error: (05/22/2013 01:41:38 AM) (Source: Application Hang) (User: )
Description: Fault bucket -1117197148.

Error: (05/22/2013 01:41:27 AM) (Source: Application Hang) (User: )
Description: Hanging application OTL.exe, version 3.2.69.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/22/2013 01:35:16 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.2.223.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (05/22/2013 01:33:47 AM) (Source: Application Hang) (User: )
Description: Fault bucket -1117197148.

Error: (05/22/2013 01:33:45 AM) (Source: Application Hang) (User: )
Description: Hanging application OTL.exe, version 3.2.69.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/21/2013 11:24:36 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.2.223.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (05/21/2013 11:23:53 PM) (Source: Application Error) (User: )
Description: Fault bucket -1173431414.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (05/21/2013 11:22:13 PM) (Source: Application Error) (User: )
Description: Faulting application rndlresolversvc.exe, version 0.0.0.0, faulting module rndlresolversvc.exe, version 0.0.0.0, fault address 0x00003035.
Processing media-specific event for [rndlresolversvc.exe!ws!]


System errors:
=============
Error: (05/22/2013 09:58:53 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ctxusbm

Error: (05/22/2013 03:15:41 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2656351).

Error: (05/22/2013 00:37:00 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ctxusbm

Error: (05/21/2013 11:23:18 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ctxusbm

Error: (05/21/2013 11:00:10 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ctxusbm

Error: (05/21/2013 11:00:05 PM) (Source: Service Control Manager) (User: )
Description: The TeamViewer 8 service failed to start due to the following error:
%%1053

Error: (05/21/2013 11:00:05 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the TeamViewer 8 service to connect.

Error: (05/21/2013 03:17:31 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2656351).

Error: (05/20/2013 03:14:45 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2656351).

Error: (05/19/2013 03:15:58 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2656351).


Microsoft Office Sessions:
=========================
Error: (05/22/2013 10:05:24 PM) (Source: Application Hang)(User: )
Description: OTL.exe3.2.69.0hungapp0.0.0.000000000

Error: (05/22/2013 03:14:14 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft .NET Framework 4 Client ProfileKB26563511603C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\KB2656351_20130522_030033187-Microsoft .NET Framework 4 Client Profile-MSP0.txt

Error: (05/22/2013 01:41:38 AM) (Source: Application Hang)(User: )
Description: -1117197148

Error: (05/22/2013 01:41:27 AM) (Source: Application Hang)(User: )
Description: OTL.exe3.2.69.0hungapp0.0.0.000000000

Error: (05/22/2013 01:35:16 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.2.223.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (05/22/2013 01:33:47 AM) (Source: Application Hang)(User: )
Description: -1117197148

Error: (05/22/2013 01:33:45 AM) (Source: Application Hang)(User: )
Description: OTL.exe3.2.69.0hungapp0.0.0.000000000

Error: (05/21/2013 11:24:36 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.2.223.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (05/21/2013 11:23:53 PM) (Source: Application Error)(User: )
Description: -1173431414

Error: (05/21/2013 11:22:13 PM) (Source: Application Error)(User: )
Description: rndlresolversvc.exe0.0.0.0rndlresolversvc.exe0.0.0.000003035


==================== Memory info ===========================

Percentage of memory in use: 49%
Total physical RAM: 1917.57 MB
Available physical RAM: 970.18 MB
Total Pagefile: 3107.04 MB
Available Pagefile: 2220.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1962.94 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.88 GB) (Free:186.35 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (HP PS6520) (CDROM) (Total:0.45 GB) (Free:0 GB) CDFS
Drive e: () (Fixed) (Total:186.31 GB) (Free:28 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive j: (USB20FD) (Removable) (Total:14.92 GB) (Free:6.35 GB) FAT32
Drive k: (USB20FD) (Removable) (Total:14.92 GB) (Free:7.59 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 186 GB) (Disk ID: EDAAEDAA)
Partition 1: (Active) - (Size=186 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 233 GB) (Disk ID: 14CB14CB)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 15 GB) (Disk ID: 04030201)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)

========================================================
Disk: 7 (Size: 15 GB) (Disk ID: 04030201)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)

==================== End Of Log ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    1.1 KB · Views: 1
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-05-2013 02
Ran by Mom and Dad at 2013-05-22 22:41:41 Run:1
Running from C:\Documents and Settings\Mom and Dad\Desktop
Boot Mode: Normal

==============================================

HKLM => Group Policy Restriction on software restored successfully.
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 6510 series.lnk -> (No File) not found.
HKCR\PROTOCOLS\Filter\application/x-ica => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key deleted successfully.
HKCR\PROTOCOLS\Filter\ica => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
Abiosdsk => Service deleted successfully.
Atdisk => Service deleted successfully.
catchme => Service deleted successfully.
Changer => Service deleted successfully.
ctxusbm => Service deleted successfully.
lbrtfdc => Service deleted successfully.
PCIDump => Service deleted successfully.
PDCOMP => Service deleted successfully.
PDFRAME => Service deleted successfully.
PDRELI => Service deleted successfully.
PDRFRAME => Service deleted successfully.
Simbad => Service deleted successfully.
WDICA => Service deleted successfully.
C:\Windows\Tasks\At1.job => Moved successfully.
C:\Windows\Tasks\At2.job => Moved successfully.
C:\Windows\Tasks\At3.job => Moved successfully.
C:\Windows\Tasks\At4.job => Moved successfully.
C:\Windows\Tasks\At5.job => Moved successfully.
C:\Windows\Tasks\At6.job => Moved successfully.
C:\Windows\Tasks\At7.job => Moved successfully.
C:\Windows\Tasks\At8.job => Moved successfully.

==== End of Fixlog ====
 
How is computer doing?

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
It seems like the pop ads are worse than ever.


Here is the Security check log

Results of screen317's Security Check version 0.99.64
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
JavaFX 2.1.1
Java(TM) 6 Update 33
Java 7 Update 9
Java version out of Date!
Adobe Flash Player 11.7.700.202
Adobe Reader XI
Mozilla Firefox (21.0)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 9%
````````````````````End of Log``````````````````````

Here is the FSS log

Farbar Service Scanner Version: 14-04-2013
Ran by Mom and Dad (administrator) on 22-05-2013 at 23:20:41
Running from "C:\Documents and Settings\Mom and Dad\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) NwlnkIpx(8) NwlnkNb(9) PSched(7) Tcpip(3)
0x09000000040000000100000002000000030000000500000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****


I tried several times to run the Temp File Cleaner, but each time it was stopping all the processes it would quit responding and I would have to do a hard reboot.

Here is the ESETs log

C:\Documents and Settings\Mom and Dad\My Documents\Downloads\Driver_Wizard.exe a variant of Win32/Adware.SpeedingUpMyPC.C application cleaned by deleting - quarantined
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP959\A0084824.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
E:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
E:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\gfqnoxh4.default\extensions\plugin@yontoo.com.xpi Win32/Adware.Yontoo application deleted - quarantined
E:\Documents and Settings\Mom\Local Settings\Temp\air72.exe multiple threats cleaned by deleting - quarantined
E:\Documents and Settings\Mom\Local Settings\Temp\air7D.exe multiple threats cleaned by deleting - quarantined
E:\Documents and Settings\Mom\Local Settings\Temp\YontooSetup-S.exe multiple threats cleaned by deleting - quarantined
E:\Program Files\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
 
I did the FixIt for Internet Explorer and it seems to have fixed it. Before I was getting random underlined words that if you hovered over them there was an ad. Now I don't seem to be getting that. Also I was getting all these ads that said they were not from this site and they seem to be gone too.

What do I need to do to reset Firefox?
 
Reset Firefox, but I still have the problems that I mentioned. Random underlined words that if you hover over there is an ad and ads that are all over the place and flashing.
 
Didn't make a difference.

When I uninstalled, did I need to make the selection to "Remove my Firefox personal data and customizations." I did not do this because I didn't want to lose all of my bookmarks.
 
Yes, I am. I just haven't had time to sit down at the computer for a few days. And tomorrow I am going out of town for work for a few days. I will be able to work on this on Saturday. I will post then. Thanks and sorry for being so slow. I really appreciate your time and help.
 
I uninstalled everything on Firefox and then re-installed and I still have the random underlined words that will pop up ads. Also, on Internet Explorer, I had this problem start again so I re-ran the FixIt. I think it resolved it.
 
This topic is marked as abandoned and closed due to inactivity.
This member will NOT be eligible to receive any more help in malware removal forum.
 
Status
Not open for further replies.

Similar threads

E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
464
eriksnyman1
E
Mickey1
PC Freezes & won't open anything
Replies
3
Views
507
info12345
info12345
A
Google Play will soon let users remotely uninstall apps
Replies
1
Views
208
hahahanoobs
hahahanoobs

Latest posts

Back