Solved Virus spotted on computer

Ahiggins

Posts: 44   +0
I posted a topic a week or two ago about a problem I had with malware on my computer, but yesterday a different computer in the house appears to have been infected with a virus of some sort. Here are the logs:

Malware Bytes:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.04.08

Windows 7 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Judy :: JUDY-PC [administrator]

6/18/2012 8:38:24 PM
mbam-log-2012-06-18 (21-37-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 240416
Time elapsed: 5 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken.
HKCU\Software\AppDataLow\gvtl (Adware.GameVance) -> No action taken.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_Application (Hijacker.Application) -> Data: http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> No action taken.

Registry Data Items Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&ext=%s) Good: (http://shell.windows.com/fileassoc/x/xml/redir.asp?Ext=%s) -> No action taken.

Folders Detected: 1
C:\Program Files\FunWebProducts (PUP.MyWebSearch) -> No action taken.

Files Detected: 2
C:\Users\Judy\AppData\Local\Temp\0.6814292786207503.exe (Exploit.Drop.2) -> No action taken.
C:\Users\Judy\AppData\Local\Temp\0.614036174061378.exe (Exploit.Drop.2) -> No action taken.

(end)
GMER:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-19 00:51:43
Windows 6.1.7600 Harddisk0\DR0 -> \Device\00000061 ST332081 rev.SD23
Running: c4963hmu.exe; Driver: C:\Users\Judy\AppData\Local\Temp\pxldypob.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 8205C599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82081092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[1324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [741724FA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [7415565B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74155719] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74172575] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [741685D9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74164D8D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74165134] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74165209] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74166736] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74168330] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [7416887F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [741690E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7416E283] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74164CBF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[1944] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6E1DF6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{44131C6E-C08D-D7AE-83C1-BEF0C6BDCC4E}\InProcServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{44131C6E-C08D-D7AE-83C1-BEF0C6BDCC4E}\InProcServer32@fbnghjoapccondnmhenjkjhaipedmnhihppjmnccnlja 0x61 0x65 0x63 0x6D ...
Reg HKLM\SOFTWARE\Classes\CLSID\{44131C6E-C08D-D7AE-83C1-BEF0C6BDCC4E}\InProcServer32@hbnghjoapccondnmhenjkjhaipedmnhihppjmnccnllnjmfi 0x62 0x61 0x6B 0x68 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{44131C6E-C08D-D7AE-83C1-BEF0C6BDCC4E}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{44131C6E-C08D-D7AE-83C1-BEF0C6BDCC4E}@gbimbjdckkappahaogngbjjcehooccjpkndbjjaiheefke 0x62 0x61 0x6B 0x68 ...
---- EOF - GMER 1.0.15 ----
DDS:
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Judy at 16:40:12 on 2012-06-19
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2815.2061 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0807&m=el1310
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0807&m=el1310
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0807&m=el1310
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [hIxvqiEONcrb.exe] c:\programdata\hIxvqiEONcrb.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mExplorerRun: [ukl] c:\programdata\uklpr\wmpusrvc.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: intuit.com\ttlc
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxps://iepdirect.neric.org/ScriptX_6_5/smsx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF} - hxxp://sbpub1.neric.org/forms/jinitiator/jinit.exe
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{03AE7B1F-1569-470C-A453-C84DA62D1459} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{03AE7B1F-1569-470C-A453-C84DA62D1459}\E454750295F425B402F4E454 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8A9D0914-6453-4D1A-85C2-A5CC6AD2BA00} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DC4F88EC-56A9-4225-8903-4B4D589A4CBC} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\judy\appdata\roaming\mozilla\firefox\profiles\ii2k5147.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cbe3293&v=6.010.006.004&I=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJinit13128.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: InvisibleHand: canitbecheaper@trafficbroker.co.uk - %profile%\extensions\canitbecheaper@trafficbroker.co.uk
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8192cu.sys [2012-2-4 728064]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-6-18 612184]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-6-18 337880]
S1 avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-7-12 54112]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-6-18 20696]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-6-18 57688]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-6-18 44768]
S2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2010-9-10 3210176]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-10-11 6104656]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-9-10 265400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca3a335d6f79b7;Google Update Service (gupdate1ca3a335d6f79b7);c:\program files\google\update\GoogleUpdate.exe [2009-9-20 133104]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\system32\nvSCPAPISvr.exe [2009-7-8 239648]
S2 WirelessUSB;WirelessUSB;c:\program files\cnet\wireless lan driver and utility\RtlService.exe [2012-2-4 36864]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 257696]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-10-6 517448]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-9-20 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-1-29 30576]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-8-21 66592]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2010-7-8 603240]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-4 1343400]
S4 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 298448]
.
=============== Created Last 30 ================
.
2012-06-18 22:51:34--------d-----w-c:\users\judy\appdata\roaming\Malwarebytes
2012-06-18 22:51:29--------d-----w-c:\programdata\Malwarebytes
2012-06-18 22:51:2822344----a-w-c:\windows\system32\drivers\mbam.sys
2012-06-18 22:51:28--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-06-18 22:49:3944376----a-w-c:\windows\system32\drivers\aswRdr2.sys
2012-06-18 22:49:38612184----a-w-c:\windows\system32\drivers\aswSnx.sys
2012-06-18 22:49:3757688----a-w-c:\windows\system32\drivers\aswMonFlt.sys
2012-06-18 22:49:3141184----a-w-c:\windows\avastSS.scr
2012-06-18 22:49:21--------d-----w-c:\programdata\AVAST Software
2012-06-18 22:49:21--------d-----w-c:\program files\AVAST Software
2012-06-18 22:16:44346760----a-w-c:\programdata\hIxvqiEONcrb.exe
2012-06-13 22:02:44737072----a-w-c:\programdata\microsoft\ehome\packages\sportsv2\sportstemplatecore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-06-13 22:02:284283672----a-w-c:\programdata\microsoft\ehome\packages\mceclientux\updateablemarkup\markup.dll
2012-06-13 22:02:1642776----a-w-c:\programdata\microsoft\ehome\packages\mceclientux\dsm\StartResources.dll
2012-06-13 22:01:55539984----a-w-c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight-2\SpotlightResources.dll
2012-06-13 21:16:53--------d-----w-c:\program files\Epson Software
2012-06-12 22:23:565120----a-w-c:\windows\system32\wmi.dll
2012-06-12 22:23:5619312----a-w-c:\windows\system32\drivers\fs_rec.sys
2012-06-12 22:23:56172544----a-w-c:\windows\system32\wintrust.dll
2012-06-12 22:23:56158720----a-w-c:\windows\system32\imagehlp.dll
2012-06-12 22:15:26139264----a-w-c:\windows\system32\cryptsvc.dll
2012-06-12 22:15:261156608----a-w-c:\windows\system32\crypt32.dll
2012-06-12 22:15:26103936----a-w-c:\windows\system32\cryptnet.dll
.
==================== Find3M ====================
.
2012-05-17 22:45:371800192----a-w-c:\windows\system32\jscript9.dll
2012-05-17 22:35:471129472----a-w-c:\windows\system32\wininet.dll
2012-05-17 22:35:391427968----a-w-c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45142848----a-w-c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:452382848----a-w-c:\windows\system32\mshtml.tlb
2012-05-15 01:12:092342400----a-w-c:\windows\system32\win32k.sys
2012-05-06 22:56:0470304----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-06 22:56:04419488----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-05-02 04:52:09163328----a-w-c:\windows\system32\profsvc.dll
2012-04-28 03:19:47177152----a-w-c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:48:5257856----a-w-c:\windows\system32\rdpwsx.dll
2012-04-26 04:48:52129536----a-w-c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:43:148192----a-w-c:\windows\system32\rdrmemptylst.exe
2012-04-19 00:56:3094208----a-w-c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56:3069632----a-w-c:\windows\system32\QuickTime.qts
2012-04-07 11:34:372342400----a-w-c:\windows\system32\msi.dll
2012-04-02 04:46:443958128----a-w-c:\windows\system32\ntkrnlpa.exe
2012-04-02 04:46:443902320----a-w-c:\windows\system32\ntoskrnl.exe
2012-03-30 10:29:051287024----a-w-c:\windows\system32\drivers\tcpip.sys
.
============= FINISH: 16:42:12.43 ===============
Attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/2/2009 10:44:31 PM
System Uptime: 6/19/2012 4:37:07 PM (0 hours ago)
.
Motherboard: eMachines | | WMCP78M
Processor: AMD Athlon(tm) Processor LE-1640 | Socket AM2 | 2700/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 285 GiB total, 224.984 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&18018E29&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&18018E29&0
Service: i8042prt
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: avast! Network Shield Support
Device ID: ROOT\LEGACY_ASWTDI\0000
Manufacturer:
Name: avast! Network Shield Support
PNP Device ID: ROOT\LEGACY_ASWTDI\0000
Service: aswTdi
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 6500 E709n
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 6500 E709n
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP301: 5/7/2012 6:45:47 AM - Scheduled Checkpoint
RP302: 5/14/2012 6:52:59 AM - Scheduled Checkpoint
RP303: 5/21/2012 6:32:27 PM - Scheduled Checkpoint
RP304: 5/29/2012 8:37:53 AM - Scheduled Checkpoint
RP305: 6/5/2012 7:04:32 PM - Scheduled Checkpoint
RP306: 6/12/2012 6:19:13 PM - Windows Update
RP308: 6/13/2012 5:08:57 PM - Installed InstallShield Restore Point
RP310: 6/13/2012 5:13:24 PM - Removed EPSON Scan Assistant
RP312: 6/13/2012 5:14:41 PM - Removed Attach To Email
RP314: 6/13/2012 5:15:59 PM - Removed Epson Event Manager
RP316: 6/13/2012 5:18:11 PM - Installed EPSON Perfection V30/V300 Photo Scanner Driver Update
RP318: 6/13/2012 5:19:25 PM - Installed MediaImpression
RP320: 6/13/2012 5:39:56 PM - Installed InstallShield Restore Point
RP322: 6/13/2012 5:42:34 PM - Installed Epson Event Manager
RP324: 6/13/2012 5:43:53 PM - Installed EPSON Scan Assistant
RP326: 6/13/2012 5:45:18 PM - Installed Attach To Email
RP328: 6/13/2012 5:47:08 PM - Installed EPSON Perfection V30/V300 Photo Scanner Driver Update
.
==== Installed Programs ======================
.
.
32 Bit HP CIO Components Installer
6500_E709_eDocs
6500_E709_Help
6500_E709n
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Agere Systems PCI-SV92EX Soft Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaImpression
Ask Toolbar
avast! Internet Security
AVG 2011
Belkin USB Wireless Adaptor
Blio
Bonjour
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Choice Guard
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CNet Wireless LAN Driver and Utility
Compatibility Pack for the 2007 Office system
CyberLink LabelPrint
CyberLink Power2Go
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
DocMgr
DocProc
eMachines Games
Epson Copy Utility 3.4
Epson Event Manager
EPSON Perfection V30/V300 Photo Scanner Driver Update
EPSON Scan
Fax
Free File Viewer 2010
Google Chrome
Google Earth Plug-in
Google Update Helper
GPBaseService2
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP Officejet 6500 E709 Series
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPProductAssistant
iCloud
iTunes
Java Auto Updater
Java(TM) 6 Update 24
Junk Mail filter update
Malwarebytes Anti-Malware version 1.61.0.1400
McAfee Security Scan Plus
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Corporation
Microsoft LifeCam
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft XML Parser
Mozilla Firefox (3.6.10)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
Nikon Message Center
Norton Internet Security
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA Stereoscopic 3D Driver
OCR Software by I.R.I.S. 13.0
OGA Notifier 2.0.0048.0
Oracle JInitiator 1.3.1.28
PictureProject
PlayReady PC Runtime x86
ProductContext
PVSonyDll
QuickTime
Realtek High Definition Audio Driver
Safari
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Skype Click to Call
Skype™ 5.5
SmartWebPrinting
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 9
Status
Toolbox
TrayApp
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wmaiper
TurboTax 2010 wnyiper
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wnyiper
TurboTax 2011 wrapper
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Upgrade Kit
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Word Roots Software A1 Trial
.
==== Event Viewer Messages From Past Week ========
.
6/19/2012 4:40:35 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
6/19/2012 4:39:31 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
6/19/2012 4:39:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/19/2012 4:39:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/19/2012 4:39:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/19/2012 4:39:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/19/2012 4:38:14 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 21
6/19/2012 4:37:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi avgfwfd Avgldx86 Avgmfx86 discache spldr Wanarpv6
6/19/2012 4:37:55 PM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/19/2012 4:35:19 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
6/19/2012 4:35:19 PM, Error: Service Control Manager [7038] - The HPSLPSVC service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
6/19/2012 4:35:19 PM, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: A system shutdown is in progress.
6/19/2012 4:35:19 PM, Error: Service Control Manager [7000] - The Portable Device Enumerator Service service failed to start due to the following error: A system shutdown is in progress.
6/19/2012 4:35:19 PM, Error: Service Control Manager [7000] - The hpqcxs08 service failed to start due to the following error: A system shutdown is in progress.
6/19/2012 4:35:19 PM, Error: Service Control Manager [7000] - The HP Network Devices Support service failed to start due to the following error: The service did not start due to a logon failure.
6/19/2012 4:35:19 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
6/19/2012 4:35:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1115" attempting to start the service hpqcxs08 with arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}
6/19/2012 4:35:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service HPSLPSVC with arguments "" in order to run the server: {10DA4F3C-CC99-4190-BE4D-58330754E882}
6/19/2012 4:35:18 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgfwfd
6/19/2012 4:35:08 PM, Error: Service Control Manager [7023] - The IP Helper service terminated with the following error: The specified module could not be found.
6/19/2012 4:35:02 PM, Error: Service Control Manager [7024] - The AVG WatchDog service terminated with service-specific error %%-536805315.
6/19/2012 4:35:02 PM, Error: Service Control Manager [7000] - The KLPP2Drv service failed to start due to the following error: The system cannot find the path specified.
6/19/2012 3:55:52 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer ADAM-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{03AE7B1F-1569-470C-A453-C84DA62D14. The master browser is stopping or an election is being forced.
6/18/2012 6:49:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service gupdate1ca3a335d6f79b7 with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
6/18/2012 6:49:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
6/18/2012 6:46:50 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgfwfd Avgldx86 Avgmfx86 discache spldr Wanarpv6
6/18/2012 6:26:36 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
6/15/2012 4:13:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WirelessUSB service.
6/13/2012 5:21:24 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows 7 Service Pack 1 (KB976932).
.
==== End Of File ===========================
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==========================================================

Your MBAM log says "No action taken".
Re-run MBAM, fix all issues and post new log.

You're running two AV programs, AVG and Avast.
You must uninstall one of them.
If AVG use AVG Remover: http://www.avg.com/us-en/utilities

Next....

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
Okay I re-did the Malwarebytes scan, and I quarantined the found issues.

Here are the logs:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.04.08

Windows 7 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Judy :: JUDY-PC [administrator]

6/19/2012 9:31:11 PM
mbam-log-2012-06-19 (21-31-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 240365
Time elapsed: 5 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken.
HKCU\Software\AppDataLow\gvtl (Adware.GameVance) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_Application (Hijacker.Application) -> Data: http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> Quarantined and deleted successfully.

Registry Data Items Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&ext=%s) Good: (http://shell.windows.com/fileassoc/x/xml/redir.asp?Ext=%s) -> Quarantined and repaired successfully.

Folders Detected: 1
C:\Program Files\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Files Detected: 2
C:\Users\Judy\AppData\Local\Temp\0.6814292786207503.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
C:\Users\Judy\AppData\Local\Temp\0.614036174061378.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

(end)
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 19-06-2012
Ran by SYSTEM at 20-06-2012 15:45:44
Running from H:\
Windows 7 Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6793760 2005-12-25] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2005-12-25] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" [119152 2010-03-01] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [x]
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe [591696 2008-05-07] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4241512 2012-03-06] (AVAST Software)
HKU\Guest\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\Guest\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [x]
HKU\Guest\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [65024 2009-07-13] (Microsoft Corporation)
HKU\Guest\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [17351304 2011-10-13] (Skype Technologies S.A.)
HKU\Guest\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Judy\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [x]
HKU\Judy\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [65024 2009-07-13] (Microsoft Corporation)
HKU\Judy\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Judy\...\Run: [hIxvqiEONcrb.exe] C:\ProgramData\hIxvqiEONcrb.exe [346760 2012-06-18] ()
HKU\Mike\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\Mike\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [x]
HKU\Mike\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [65024 2009-07-13] (Microsoft Corporation)
HKU\Mike\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [17351304 2011-10-13] (Skype Technologies S.A.)
HKU\Mike\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1082440 2012-04-04] (Malwarebytes Corporation)
HKLM\...\Policies\Explorer\Run: [ukl] C:\ProgramData\uklpr\wmpusrvc.exe [x]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
================================ Services (Whitelisted) ==================
2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44768 2012-03-06] (AVAST Software)
2 EFS; C:\Windows\System32\lsass.exe [22528 2011-11-16] (Microsoft Corporation)
3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [556032 2010-08-03] (Microsoft Corporation)
3 ehSched; C:\Windows\ehome\ehsched.exe [94720 2009-07-13] (Microsoft Corporation)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
3 Fax; C:\Windows\System32\fxssvc.exe [522752 2009-07-13] (Microsoft Corporation)
3 GameConsoleService; "C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe" [246520 2010-04-16] (WildTangent, Inc.)
2 gupdate1ca3a335d6f79b7; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [133104 2009-09-20] (Google Inc.)
2 IntuitUpdateService; "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" [13672 2010-08-23] (Intuit Inc.)
2 IntuitUpdateServiceV4; "C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" [13672 2011-08-25] (Intuit Inc.)
3 KeyIso; C:\Windows\System32\lsass.exe [22528 2011-11-16] (Microsoft Corporation)
3 McComponentHostService; "C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
3 Microsoft SharePoint Workspace Audit Service; "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice [31125880 2011-06-12] (Microsoft Corporation)
3 MSDTC; C:\Windows\System32\msdtc.exe [134144 2009-07-13] (Microsoft Corporation)
2 msiserver; C:\Windows\System32\msiexec.exe /V [73216 2009-07-13] (Microsoft Corporation)
3 Netlogon; C:\Windows\System32\lsass.exe [22528 2011-11-16] (Microsoft Corporation)
3 ProtectedStorage; C:\Windows\System32\lsass.exe [22528 2011-11-16] (Microsoft Corporation)
3 RpcLocator; C:\Windows\System32\locator.exe [9216 2009-07-13] (Microsoft Corporation)
2 SamSs; C:\Windows\System32\lsass.exe [22528 2011-11-16] (Microsoft Corporation)
3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [12800 2009-07-13] (Microsoft Corporation)
2 Spooler; C:\Windows\System32\spoolsv.exe [316928 2010-08-20] (Microsoft Corporation)
2 sppsvc; C:\Windows\System32\sppsvc.exe [3179520 2009-07-13] (Microsoft Corporation)
2 Stereo Service; C:\Windows\System32\nvSCPAPISvr.exe [239648 2009-07-08] (NVIDIA Corporation)
3 UI0Detect; C:\Windows\System32\UI0Detect.exe [35840 2009-07-13] (Microsoft Corporation)
3 VaultSvc; C:\Windows\System32\lsass.exe [22528 2011-11-16] (Microsoft Corporation)
3 vds; C:\Windows\System32\vds.exe [452608 2009-07-13] (Microsoft Corporation)
3 VSS; C:\Windows\System32\vssvc.exe [1025536 2009-07-13] (Microsoft Corporation)
3 wbengine; "C:\Windows\system32\wbengine.exe" [1202688 2009-07-13] (Microsoft Corporation)
2 WirelessUSB; C:\Program Files\CNet\Wireless LAN Driver and Utility\RtlService.exe [36864 2010-04-16] (Realtek)
========================== Drivers (Whitelisted) =============
3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
3 AGERESoftModem; C:\Windows\System32\DRIVERS\AGRSM.sys [1035776 2009-07-13] (LSI Corp)
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [20696 2012-03-06] (AVAST Software)
2 aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [57688 2012-03-06] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [44376 2012-03-06] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [612184 2012-03-06] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [337880 2012-03-06] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [53848 2012-03-06] (AVAST Software)
3 iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [41040 2009-07-13] (Intel Corp./ICP vortex GmbH)
3 MSHUSBVideo; C:\Windows\System32\Drivers\nx6000.sys [30576 2010-01-28] (Microsoft Corporation)
3 NVENETFD; C:\Windows\System32\DRIVERS\nvm62x32.sys [347264 2009-07-13] (NVIDIA Corporation)
3 NVNET; C:\Windows\System32\DRIVERS\nvmf6232.sys [287392 2009-06-30] (NVIDIA Corporation)
3 nvsmu; C:\Windows\System32\DRIVERS\nvsmu.sys [17920 2009-06-28] (NVIDIA Corporation)
3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [728064 2011-02-10] (Realtek Semiconductor Corporation )
3 RTL8192su; C:\Windows\System32\DRIVERS\RTL8192su.sys [603240 2010-07-08] (Realtek Semiconductor Corporation )
4 AVGIDSShim; C:\Windows\System32\DRIVERS\AVGIDSShim.Sys [x]
2 KLPP2Drv; \??\C:\ProgramData\uklpr\klpp2drv.sys [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-06-20 15:45 - 2012-06-20 15:46 - 00000000 ____D C:\FRST
2012-06-20 11:38 - 2012-06-20 11:38 - 00240958 ____A C:\Users\Judy\Desktop\avgremover.log
2012-06-18 14:51 - 2012-06-18 14:51 - 00000000 ____D C:\Users\Judy\AppData\Roaming\Malwarebytes
2012-06-18 14:51 - 2012-06-18 14:51 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-18 14:51 - 2012-06-18 14:51 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-06-18 14:51 - 2012-04-04 11:56 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-18 14:49 - 2012-06-18 14:49 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-06-18 14:49 - 2012-06-18 14:49 - 00000000 ____D C:\Program Files\AVAST Software
2012-06-18 14:49 - 2012-03-06 15:15 - 00201352 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-06-18 14:49 - 2012-03-06 15:15 - 00041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-06-18 14:49 - 2012-03-06 15:03 - 00612184 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-06-18 14:49 - 2012-03-06 15:03 - 00337880 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-06-18 14:49 - 2012-03-06 15:02 - 00044376 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-06-18 14:49 - 2012-03-06 15:01 - 00057688 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-06-18 14:49 - 2012-03-06 15:01 - 00053848 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-06-18 14:49 - 2012-03-06 15:01 - 00020696 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-06-18 14:22 - 2012-06-19 11:50 - 00000256 ____A C:\Users\All Users\qTzu2o6AdZ565w
2012-06-18 14:22 - 2012-06-19 11:50 - 00000160 ____A C:\Users\All Users\-qTzu2o6AdZ565wr
2012-06-18 14:22 - 2012-06-19 11:50 - 00000000 ____A C:\Users\All Users\-qTzu2o6AdZ565w
2012-06-18 14:16 - 2012-06-18 14:14 - 00346760 ____A C:\Users\All Users\hIxvqiEONcrb.exe
2012-06-17 11:58 - 2012-06-17 11:58 - 00240640 ____A C:\Users\Judy\Downloads\CCSS Vocab.ppt
2012-06-13 13:23 - 2012-06-13 13:23 - 00000000 ____D C:\Users\Judy\Documents\Fax
2012-06-13 13:16 - 2012-06-13 13:46 - 00000000 ____D C:\Program Files\Epson Software
2012-06-13 12:42 - 2012-06-13 12:42 - 00000000 ____D C:\Users\Judy\Documents\My Scans
2012-06-12 14:27 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-12 14:27 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-12 14:27 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-12 14:27 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-12 14:27 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-12 14:27 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-12 14:27 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-12 14:27 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-12 14:27 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-12 14:27 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-12 14:27 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-12 14:27 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-12 14:27 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-12 14:27 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-12 14:23 - 2012-02-29 21:53 - 00019312 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-06-12 14:23 - 2012-02-29 21:49 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-06-12 14:23 - 2012-02-29 21:45 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-06-12 14:23 - 2012-02-29 21:40 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-06-12 14:18 - 2012-05-14 17:12 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-12 14:18 - 2012-05-01 20:52 - 00163328 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-12 14:18 - 2012-04-27 19:19 - 00177152 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-12 14:18 - 2012-04-25 20:48 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-12 14:18 - 2012-04-25 20:48 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-12 14:18 - 2012-04-25 20:43 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-12 14:18 - 2012-04-07 03:34 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-12 14:18 - 2012-04-01 20:46 - 03958128 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-06-12 14:18 - 2012-04-01 20:46 - 03902320 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-12 14:18 - 2012-03-30 02:29 - 01287024 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-06-12 14:18 - 2012-03-16 23:20 - 00056688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-06-12 14:18 - 2012-03-02 21:40 - 01170944 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-06-12 14:18 - 2012-03-02 21:40 - 01074176 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-06-12 14:18 - 2012-03-02 21:40 - 00739840 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-06-12 14:18 - 2012-03-02 21:40 - 00218624 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-06-12 14:18 - 2012-03-02 21:40 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-06-12 14:18 - 2012-02-14 21:44 - 00826368 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-06-12 14:18 - 2012-02-14 20:22 - 00024064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-06-12 14:15 - 2012-04-23 20:47 - 01156608 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-12 14:15 - 2012-04-23 20:47 - 00139264 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-12 14:15 - 2012-04-23 20:47 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-05-26 04:22 - 2012-05-26 04:22 - 00004867 ____A C:\Users\Judy\Downloads\01-Apr-2012_to_30-Apr-2012.csv
2012-05-25 13:00 - 2012-05-25 13:00 - 00012091 ____A C:\Users\Judy\Documents\Adam-college costs.xlsx
2012-05-25 06:21 - 2012-05-25 06:21 - 00516136 ____A (Bandoo Media Inc) C:\Users\Judy\Downloads\iLividSetupV1.exe
============ 3 Months Modified Files and Folders ===============
2012-06-20 11:38 - 2012-06-20 11:38 - 00240958 ____A C:\Users\Judy\Desktop\avgremover.log
2012-06-20 11:38 - 2010-10-18 13:12 - 00000000 ____D C:\Users\All Users\MFAData
2012-06-20 05:23 - 2009-12-02 19:07 - 00034492 ____A C:\Windows\PFRO.log
2012-06-20 05:22 - 2010-02-18 12:34 - 00000000 ____D C:\Windows\Minidump
2012-06-19 12:36 - 2009-07-13 20:39 - 50781200 ____A C:\Windows\setupact.log
2012-06-19 12:35 - 2007-08-16 09:35 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-06-19 12:34 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-19 11:57 - 2009-12-02 19:18 - 01081854 ____A C:\Windows\WindowsUpdate.log
2012-06-19 11:56 - 2012-04-01 03:09 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-19 11:56 - 2009-12-02 18:52 - 00011104 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-19 11:56 - 2009-12-02 18:52 - 00011104 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-19 11:56 - 2009-09-20 12:56 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-19 11:55 - 2009-12-02 19:29 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-19 11:53 - 2009-07-13 18:04 - 00002577 ____A C:\Windows\System32\config.nt
2012-06-19 11:52 - 2011-01-10 03:57 - 00000376 ____A C:\Windows\Tasks\Free File Viewer Update Checker.job
2012-06-19 11:50 - 2012-06-18 14:22 - 00000256 ____A C:\Users\All Users\qTzu2o6AdZ565w
2012-06-19 11:50 - 2012-06-18 14:22 - 00000160 ____A C:\Users\All Users\-qTzu2o6AdZ565wr
2012-06-19 11:50 - 2012-06-18 14:22 - 00000000 ____A C:\Users\All Users\-qTzu2o6AdZ565w
2012-06-19 11:48 - 2009-09-20 12:56 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-18 14:51 - 2012-06-18 14:51 - 00000000 ____D C:\Users\Judy\AppData\Roaming\Malwarebytes
2012-06-18 14:51 - 2012-06-18 14:51 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-18 14:51 - 2012-06-18 14:51 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-06-18 14:49 - 2012-06-18 14:49 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-06-18 14:49 - 2012-06-18 14:49 - 00000000 ____D C:\Program Files\AVAST Software
2012-06-18 14:14 - 2012-06-18 14:16 - 00346760 ____A C:\Users\All Users\hIxvqiEONcrb.exe
2012-06-18 12:29 - 2011-07-01 09:20 - 00000000 ____D C:\Users\Judy\Documents\Outlook Files
2012-06-18 04:18 - 2011-02-22 18:08 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Skype
2012-06-17 11:58 - 2012-06-17 11:58 - 00240640 ____A C:\Users\Judy\Downloads\CCSS Vocab.ppt
2012-06-15 07:38 - 2012-01-02 13:34 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Apple Computer
2012-06-14 13:57 - 2011-02-06 13:37 - 00000020 ____H C:\Users\All Users\PKP_DLec.DAT
2012-06-14 13:56 - 2012-04-20 13:57 - 03184071 ____A C:\Users\Judy\Documents\The Core Knowledge Curriculum.pptx
2012-06-14 12:23 - 2009-09-19 16:47 - 00000000 ____D C:\Users\Judy\AppData\Roaming\ArcSoft
2012-06-13 13:48 - 2009-09-19 17:15 - 00000000 ____D C:\Users\Judy\AppData\Roaming\Epson
2012-06-13 13:46 - 2012-06-13 13:16 - 00000000 ____D C:\Program Files\Epson Software
2012-06-13 13:42 - 2009-09-19 16:21 - 00000000 ____D C:\Program Files\epson
2012-06-13 13:42 - 2009-03-16 23:45 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2012-06-13 13:39 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore
2012-06-13 13:23 - 2012-06-13 13:23 - 00000000 ____D C:\Users\Judy\Documents\Fax
2012-06-13 13:21 - 2010-02-16 11:32 - 00000000 ___HD C:\Config.Msi
2012-06-13 12:42 - 2012-06-13 12:42 - 00000000 ____D C:\Users\Judy\Documents\My Scans
2012-06-13 02:04 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2012-06-13 01:34 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2012-06-13 01:24 - 2009-07-13 20:33 - 00438096 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 01:23 - 2011-01-03 17:42 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-06-13 01:22 - 2009-07-13 23:49 - 00000000 ____D C:\Program Files\Windows Journal
2012-06-13 01:21 - 2009-03-16 23:50 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-06-12 14:35 - 2006-11-02 02:23 - 00000254 ____A C:\Windows\win.ini
2012-06-09 03:46 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
2012-06-03 19:35 - 2009-12-08 14:54 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-03 14:21 - 2012-04-13 08:19 - 00012624 ____A C:\Users\Judy\Documents\clothing Spring 2012.xlsx
2012-05-26 04:22 - 2012-05-26 04:22 - 00004867 ____A C:\Users\Judy\Downloads\01-Apr-2012_to_30-Apr-2012.csv
2012-05-25 13:00 - 2012-05-25 13:00 - 00012091 ____A C:\Users\Judy\Documents\Adam-college costs.xlsx
2012-05-25 06:21 - 2012-05-25 06:21 - 00516136 ____A (Bandoo Media Inc) C:\Users\Judy\Downloads\iLividSetupV1.exe
2012-05-21 13:41 - 2011-04-16 05:23 - 00000000 ____D C:\Program Files\QuickTime
2012-05-17 15:11 - 2012-06-12 14:27 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 14:48 - 2012-06-12 14:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 14:45 - 2012-06-12 14:27 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 14:36 - 2012-06-12 14:27 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 14:35 - 2012-06-12 14:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 14:35 - 2012-06-12 14:27 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 14:33 - 2012-06-12 14:27 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 14:31 - 2012-06-12 14:27 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 14:29 - 2012-06-12 14:27 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 14:29 - 2012-06-12 14:27 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 14:27 - 2012-06-12 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 14:25 - 2012-06-12 14:27 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 14:24 - 2012-06-12 14:27 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 14:20 - 2012-06-12 14:27 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-14 17:12 - 2012-06-12 14:18 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-14 13:42 - 2012-01-26 15:20 - 00000000 ____D C:\Program Files\Safari
2012-05-10 17:20 - 2012-05-10 17:20 - 00364447 ____A C:\Users\Mike\Desktop\My Abstract 20120510211800.pdf
2012-05-10 17:18 - 2012-05-10 17:18 - 00364447 ____A C:\Users\Mike\Downloads\My Abstract 20120510211800.pdf
2012-05-06 14:56 - 2012-04-01 03:09 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-05-06 14:56 - 2011-05-14 13:00 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-05-01 20:52 - 2012-06-12 14:18 - 00163328 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-28 04:27 - 2012-04-25 13:42 - 00016511 ____A C:\Users\Judy\Documents\CK Sequence K-5.xlsx
2012-04-27 19:19 - 2012-06-12 14:18 - 00177152 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 20:48 - 2012-06-12 14:18 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 20:48 - 2012-06-12 14:18 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 20:43 - 2012-06-12 14:18 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 20:47 - 2012-06-12 14:15 - 01156608 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 20:47 - 2012-06-12 14:15 - 00139264 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 20:47 - 2012-06-12 14:15 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-18 16:56 - 2012-04-18 16:56 - 00094208 ____A (Apple Inc.) C:\Windows\System32\QuickTimeVR.qtx
2012-04-18 16:56 - 2012-04-18 16:56 - 00069632 ____A (Apple Inc.) C:\Windows\System32\QuickTime.qts
2012-04-17 12:44 - 2012-04-17 12:44 - 00741937 ____A C:\Users\Judy\Downloads\2012_Informational_Sessions_Flyer_93_WPWXI.pdf
2012-04-13 02:38 - 2012-04-13 02:38 - 03923016 ____A C:\Users\Judy\Downloads\CK Early Literacy Pilot 3 12 12.pptx
2012-04-12 11:39 - 2012-04-11 07:37 - 00031878 ____A C:\Users\Judy\Documents\Core Knowledge curriculum calendar.xlsx
2012-04-11 03:21 - 2011-06-17 11:45 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-04-09 10:47 - 2012-01-03 14:18 - 00000000 ___HD C:\Users\Judy\AppData\Local\Apple Computer
2012-04-09 10:47 - 2012-01-03 14:18 - 00000000 ____D C:\Users\Judy\AppData\Roaming\Apple Computer
2012-04-09 10:47 - 2009-09-02 15:24 - 00000000 ___HD C:\Users\Judy\AppData\Local\VirtualStore
2012-04-09 05:50 - 2012-04-09 05:50 - 00001141 ____A C:\Users\Judy\Downloads\01-Feb-2012_to_09-Apr-2012.csv
2012-04-07 03:34 - 2012-06-12 14:18 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-04 11:56 - 2012-06-18 14:51 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-02 13:42 - 2012-04-02 13:41 - 00000000 ____D C:\Program Files\iTunes
2012-04-02 13:41 - 2012-04-02 13:41 - 00000000 ____D C:\Program Files\iPod
2012-04-02 13:41 - 2011-04-16 05:26 - 00000000 ____D C:\Program Files\Common Files\Apple
2012-04-01 20:46 - 2012-06-12 14:18 - 03958128 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-04-01 20:46 - 2012-06-12 14:18 - 03902320 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 02:29 - 2012-06-12 14:18 - 01287024 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 15%
Total physical RAM: 2814.55 MB
Available physical RAM: 2390.95 MB
Total Pagefile: 2812.83 MB
Available Pagefile: 2391.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.56 MB
======================= Partitions =========================
1 Drive c: (OS) (Fixed) (Total:285.09 GB) (Free:225.56 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (PQSERVICE) (Fixed) (Total:13 GB) (Free:5.4 GB) NTFS
6 Drive h: () (Removable) (Total:29.86 GB) (Free:9.35 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 Online 29 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 13 GB 1024 KB
Partition 2 Primary 285 GB 13 GB
======================================================================================================
Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D PQSERVICE NTFS Partition 13 GB Healthy Hidden
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 285 GB Healthy
======================================================================================================
Partitions of Disk 3:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 29 GB 0 B
======================================================================================================
Disk: 3
There is no partition selected.
There is no partition selected.
Please select a partition and try again.
======================================================================================================
==========================================================
Last Boot: 2012-06-18 00:15
======================= End Of Log ==========================
 
MBAM log still says "No action taken".
Redo.

Next....

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Okay I ran Malwarebytes again, and I hit the fix button, and I looked at the log, and from what I can see I think that found objects were gotten rid of. Here are the logs:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.04.08

Windows 7 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Judy :: JUDY-PC [administrator]

6/21/2012 10:41:48 AM
mbam-log-2012-06-21 (10-41-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 239642
Time elapsed: 6 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
ComboFix 12-06-21.02 - Judy 06/21/2012 15:20:37.1.1 - x86 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2815.2253 [GMT -4:00]
Running from: c:\users\Judy\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\hIxvqiEONcrb.exe
c:\programdata\qTzu2o6AdZ565w
c:\users\Judy\Documents\~WRL1368.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 )))))))))))))))))))))))))))))))
.
.
2012-06-21 19:27 . 2012-06-21 19:27--------d-----w-c:\users\Judy\AppData\Local\temp
2012-06-20 23:45 . 2012-06-20 23:47--------d-----w-C:\FRST
2012-06-18 22:51 . 2012-06-18 22:51--------d-----w-c:\users\Judy\AppData\Roaming\Malwarebytes
2012-06-18 22:51 . 2012-06-18 22:51--------d-----w-c:\programdata\Malwarebytes
2012-06-18 22:51 . 2012-06-18 22:51--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-06-18 22:51 . 2012-04-04 19:5622344----a-w-c:\windows\system32\drivers\mbam.sys
2012-06-18 22:49 . 2012-03-06 23:0120696----a-w-c:\windows\system32\drivers\aswFsBlk.sys
2012-06-18 22:49 . 2012-03-06 23:03337880----a-w-c:\windows\system32\drivers\aswSP.sys
2012-06-18 22:49 . 2012-03-06 23:0244376----a-w-c:\windows\system32\drivers\aswRdr2.sys
2012-06-18 22:49 . 2012-03-06 23:0153848----a-w-c:\windows\system32\drivers\aswTdi.sys
2012-06-18 22:49 . 2012-03-06 23:03612184----a-w-c:\windows\system32\drivers\aswSnx.sys
2012-06-18 22:49 . 2012-03-06 23:0157688----a-w-c:\windows\system32\drivers\aswMonFlt.sys
2012-06-18 22:49 . 2012-03-06 23:1541184----a-w-c:\windows\avastSS.scr
2012-06-18 22:49 . 2012-03-06 23:15201352----a-w-c:\windows\system32\aswBoot.exe
2012-06-18 22:49 . 2012-06-18 22:49--------d-----w-c:\programdata\AVAST Software
2012-06-18 22:49 . 2012-06-18 22:49--------d-----w-c:\program files\AVAST Software
2012-06-13 22:02 . 2012-06-13 22:02737072----a-w-c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-06-13 22:02 . 2012-06-13 22:024283672----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-06-13 22:02 . 2012-06-13 22:0242776----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-06-13 22:01 . 2012-06-13 22:01539984----a-w-c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-06-13 21:16 . 2012-06-13 21:46--------d-----w-c:\program files\Epson Software
2012-06-12 22:23 . 2012-03-01 05:5319312----a-w-c:\windows\system32\drivers\fs_rec.sys
2012-06-12 22:23 . 2012-03-01 05:49172544----a-w-c:\windows\system32\wintrust.dll
2012-06-12 22:23 . 2012-03-01 05:45158720----a-w-c:\windows\system32\imagehlp.dll
2012-06-12 22:23 . 2012-03-01 05:405120----a-w-c:\windows\system32\wmi.dll
2012-06-12 22:15 . 2012-04-24 04:47139264----a-w-c:\windows\system32\cryptsvc.dll
2012-06-12 22:15 . 2012-04-24 04:47103936----a-w-c:\windows\system32\cryptnet.dll
2012-06-12 22:15 . 2012-04-24 04:471156608----a-w-c:\windows\system32\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-06 22:56 . 2012-04-01 11:09419488----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-05-06 22:56 . 2011-05-14 21:0070304----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-19 00:56 . 2012-04-19 00:5694208----a-w-c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:5669632----a-w-c:\windows\system32\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-18 00:20279944----a-w-c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-18 279944]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-18 279944]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15123536----a-w-c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-07-14 65024]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2005-12-25 6793760]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2005-12-25 1833504]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-03-02 119152]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-05-07 591696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-04-04 1082440]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2011-2-6 118784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
R2 gupdate1ca3a335d6f79b7;Google Update Service (gupdate1ca3a335d6f79b7);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 133104]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
R2 KLPP2Drv;KLPP2Drv;c:\programdata\uklpr\klpp2drv.sys [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\System32\nvSCPAPISvr.exe [2009-07-08 239648]
R2 WirelessUSB;WirelessUSB;c:\program files\CNet\Wireless LAN Driver and Utility\RtlService.exe [2010-04-16 36864]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 133104]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-01-29 30576]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-08-22 66592]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-07-08 603240]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-04 1343400]
R4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [2011-02-10 728064]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPServiceREG_MULTI_SZ HPSLPSVC
hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 22:56]
.
2012-06-19 c:\windows\Tasks\Free File Viewer Update Checker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2011-01-10 16:25]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 20:45]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 20:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0807&m=el1310
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF} - hxxp://sbpub1.neric.org/forms/jinitiator/jinit.exe
FF - ProfilePath - c:\users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\ii2k5147.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cbe3293&v=6.010.006.004&I=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: InvisibleHand: canitbecheaper@trafficbroker.co.uk - %profile%\extensions\canitbecheaper@trafficbroker.co.uk
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-hIxvqiEONcrb.exe - c:\programdata\hIxvqiEONcrb.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2291824006-2209109356-2683878418-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{44131C6E-C08D-D7AE-83C1-BEF0C6BDCC4E}*]
"gbimbjdckkappahaogngbjjcehooccjpkndbjjaiheefke"=hex:62,61,6b,68,00,5d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44131C6E-C08D-D7AE-83C1-BEF0C6BDCC4E}\InProcServer32*]
"fbnghjoapccondnmhenjkjhaipedmnhihppjmnccnlja"=hex:61,65,63,6d,6f,6f,70,62,6c,
64,70,61,64,61,65,66,6a,6c,63,6d,64,6d,67,6a,67,6a,63,69,64,69,68,64,70,69,\
"hbnghjoapccondnmhenjkjhaipedmnhihppjmnccnllnjmfi"=hex:62,61,6b,68,00,5d
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-21 15:29:47
ComboFix-quarantined-files.txt 2012-06-21 19:29
.
Pre-Run: 242,278,768,640 bytes free
Post-Run: 243,495,960,576 bytes free
.
- - End Of File - - C07C2FA963A01C63907EA5CF3503EB9D
 
Uninstall Ask Toolbar, typical foistware.

Then...

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
RegNull::
[HKEY_USERS\S-1-5-21-2291824006-2209109356-2683878418-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{44131C6E-C08D-D7AE-83C1-BEF0C6BDCC4E}*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44131C6E-C08D-D7AE-83C1-BEF0C6BDCC4E}\InProcServer32*]

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Okay, combofix log here:

ComboFix 12-06-21.02 - Judy 06/22/2012 15:04:07.2.1 - x86 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2815.2038 [GMT -4:00]
Running from: c:\users\Judy\Desktop\ComboFix.exe
Command switches used :: c:\users\Judy\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
.
.
((((((((((((((((((((((((( Files Created from 2012-05-22 to 2012-06-22 )))))))))))))))))))))))))))))))
.
.
2012-06-22 19:08 . 2012-06-22 19:08--------d-----w-c:\users\Judy\AppData\Local\temp
2012-06-22 19:08 . 2012-06-22 19:08--------d-----w-c:\users\Mike\AppData\Local\temp
2012-06-22 19:08 . 2012-06-22 19:08--------d-----w-c:\users\Guest\AppData\Local\temp
2012-06-22 19:08 . 2012-06-22 19:08--------d-----w-c:\users\Default\AppData\Local\temp
2012-06-20 23:45 . 2012-06-20 23:47--------d-----w-C:\FRST
2012-06-18 22:51 . 2012-06-18 22:51--------d-----w-c:\users\Judy\AppData\Roaming\Malwarebytes
2012-06-18 22:51 . 2012-06-18 22:51--------d-----w-c:\programdata\Malwarebytes
2012-06-18 22:51 . 2012-06-18 22:51--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-06-18 22:51 . 2012-04-04 19:5622344----a-w-c:\windows\system32\drivers\mbam.sys
2012-06-18 22:49 . 2012-03-06 23:0120696----a-w-c:\windows\system32\drivers\aswFsBlk.sys
2012-06-18 22:49 . 2012-03-06 23:03337880----a-w-c:\windows\system32\drivers\aswSP.sys
2012-06-18 22:49 . 2012-03-06 23:0244376----a-w-c:\windows\system32\drivers\aswRdr2.sys
2012-06-18 22:49 . 2012-03-06 23:0153848----a-w-c:\windows\system32\drivers\aswTdi.sys
2012-06-18 22:49 . 2012-03-06 23:03612184----a-w-c:\windows\system32\drivers\aswSnx.sys
2012-06-18 22:49 . 2012-03-06 23:0157688----a-w-c:\windows\system32\drivers\aswMonFlt.sys
2012-06-18 22:49 . 2012-03-06 23:1541184----a-w-c:\windows\avastSS.scr
2012-06-18 22:49 . 2012-03-06 23:15201352----a-w-c:\windows\system32\aswBoot.exe
2012-06-18 22:49 . 2012-06-18 22:49--------d-----w-c:\programdata\AVAST Software
2012-06-18 22:49 . 2012-06-18 22:49--------d-----w-c:\program files\AVAST Software
2012-06-13 22:02 . 2012-06-13 22:02737072----a-w-c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-06-13 22:02 . 2012-06-13 22:024283672----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-06-13 22:02 . 2012-06-13 22:0242776----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-06-13 22:01 . 2012-06-13 22:01539984----a-w-c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-06-13 21:16 . 2012-06-13 21:46--------d-----w-c:\program files\Epson Software
2012-06-12 22:23 . 2012-03-01 05:5319312----a-w-c:\windows\system32\drivers\fs_rec.sys
2012-06-12 22:23 . 2012-03-01 05:49172544----a-w-c:\windows\system32\wintrust.dll
2012-06-12 22:23 . 2012-03-01 05:45158720----a-w-c:\windows\system32\imagehlp.dll
2012-06-12 22:23 . 2012-03-01 05:405120----a-w-c:\windows\system32\wmi.dll
2012-06-12 22:15 . 2012-04-24 04:47139264----a-w-c:\windows\system32\cryptsvc.dll
2012-06-12 22:15 . 2012-04-24 04:47103936----a-w-c:\windows\system32\cryptnet.dll
2012-06-12 22:15 . 2012-04-24 04:471156608----a-w-c:\windows\system32\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-06 22:56 . 2012-04-01 11:09419488----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-05-06 22:56 . 2011-05-14 21:0070304----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-19 00:56 . 2012-04-19 00:5694208----a-w-c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:5669632----a-w-c:\windows\system32\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15123536----a-w-c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-07-14 65024]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2005-12-25 6793760]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2005-12-25 1833504]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-03-02 119152]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-05-07 591696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-04-04 1082440]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
R2 gupdate1ca3a335d6f79b7;Google Update Service (gupdate1ca3a335d6f79b7);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 133104]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
R2 KLPP2Drv;KLPP2Drv;c:\programdata\uklpr\klpp2drv.sys [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\System32\nvSCPAPISvr.exe [2009-07-08 239648]
R2 WirelessUSB;WirelessUSB;c:\program files\CNet\Wireless LAN Driver and Utility\RtlService.exe [2010-04-16 36864]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 133104]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-01-29 30576]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-08-22 66592]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-07-08 603240]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-04 1343400]
R4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [2011-02-10 728064]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPServiceREG_MULTI_SZ HPSLPSVC
hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 22:56]
.
2012-06-19 c:\windows\Tasks\Free File Viewer Update Checker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2011-01-10 16:25]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 20:45]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 20:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0807&m=el1310
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF} - hxxp://sbpub1.neric.org/forms/jinitiator/jinit.exe
FF - ProfilePath - c:\users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\ii2k5147.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cbe3293&v=6.010.006.004&I=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: InvisibleHand: canitbecheaper@trafficbroker.co.uk - %profile%\extensions\canitbecheaper@trafficbroker.co.uk
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-22 15:10:29
ComboFix-quarantined-files.txt 2012-06-22 19:10
ComboFix2.txt 2012-06-21 19:29
.
Pre-Run: 243,550,994,432 bytes free
Post-Run: 243,529,080,832 bytes free
.
- - End Of File - - 08BEEDC5A9D5082B4258A223883F2314
 
Looks good.

Any current issues?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /I " " /c
dir /b "%systemroot%\*.exe" | find /I " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
The computer seems to be running better now, here are the logs:

OTL logfile created on: 6/22/2012 10:52:08 PM - Run 1
OTL by OldTimer - Version 3.2.52.0 Folder = C:\Users\Judy\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 60.29% Memory free
5.50 Gb Paging File | 4.32 Gb Available in Paging File | 78.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.09 Gb Total Space | 226.83 Gb Free Space | 79.57% Space Free | Partition Type: NTFS

Computer Name: JUDY-PC | User Name: Judy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/22 22:50:10 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Judy\Desktop\OTL.exe
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/07/16 00:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/03/24 11:12:50 | 001,216,512 | ---- | M] () -- C:\Program Files\CNet\Wireless LAN Driver and Utility\RtWLan.exe
PRC - [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/11 17:12:10 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/04/16 17:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files\CNet\Wireless LAN Driver and Utility\RtlService.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/01 20:37:28 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/08 10:40:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvSCPAPISvr.exe
PRC - [2008/05/07 15:28:32 | 000,591,696 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/06 18:56:04 | 008,797,856 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/11 17:12:10 | 001,016,280 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/05/06 18:56:15 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/06/12 12:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/04/16 19:09:06 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/04/16 17:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files\CNet\Wireless LAN Driver and Utility\RtlService.exe -- (WirelessUSB)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/04 04:01:42 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/01 20:37:28 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/08 10:40:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvSCPAPISvr.exe -- (Stereo Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\ProgramData\uklpr\klpp2drv.sys -- (KLPP2Drv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Judy\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\AVGIDSShim.Sys -- (AVGIDSShim)
DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 19:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 19:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/02/10 06:35:44 | 000,728,064 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192cu.sys -- (RTL8192cu)
DRV - [2010/07/08 16:17:56 | 000,603,240 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2010/01/29 02:03:58 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/01/12 13:03:34 | 011,586,280 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/08/21 21:24:04 | 000,066,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AGERESoftModem)
DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/07/01 00:20:54 | 000,287,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2009/06/30 05:32:54 | 000,212,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2009/06/28 12:36:36 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/11/10 18:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0807&m=el1310
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ACEW


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2291824006-2209109356-2683878418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2291824006-2209109356-2683878418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2291824006-2209109356-2683878418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2291824006-2209109356-2683878418-1000\..\SearchScopes,DefaultScope = {E61FD094-BB00-44CF-9F2A-E7F338DC50EC}
IE - HKU\S-1-5-21-2291824006-2209109356-2683878418-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2291824006-2209109356-2683878418-1000\..\SearchScopes\{30C582EC-7DE3-42DD-9043-1C9AECBF1F02}: "URL" = http://us.yhs.search.yahoo.com/avg/...ahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKU\S-1-5-21-2291824006-2209109356-2683878418-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
IE - HKU\S-1-5-21-2291824006-2209109356-2683878418-1000\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://dl.ask.com/toolbarv/askRedirect.jsp?gct=&gc=1&q={searchTerms}&crm=1&toolbar=GV2
IE - HKU\S-1-5-21-2291824006-2209109356-2683878418-1000\..\SearchScopes\{E61FD094-BB00-44CF-9F2A-E7F338DC50EC}: "URL" = http://www.google.com/search?q={sea...coding}&sourceid=ie7&rlz=1I7ACEW_enUS343US343
IE - HKU\S-1-5-21-2291824006-2209109356-2683878418-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2291824006-2209109356-2683878418-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: canitbecheaper@trafficbroker.co.uk:3.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.13
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cbe3293&v=6.010.006.004&I=26&tp=ab&iy=&ychte=us&lng=en-US&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/16 15:39:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/21 17:41:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/21 17:41:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/16 15:39:00 | 000,000,000 | ---D | M]

[2010/09/02 11:32:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Judy\AppData\Roaming\Mozilla\Extensions
[2012/01/05 18:29:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\ii2k5147.default\extensions
[2011/05/06 11:04:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\ii2k5147.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/05 18:29:08 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\ii2k5147.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/10/20 19:47:26 | 000,000,000 | ---D | M] (InvisibleHand) -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\ii2k5147.default\extensions\canitbecheaper@trafficbroker.co.uk
[2011/08/28 09:29:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/13 15:49:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/10/22 18:38:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/21 17:36:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/21 19:04:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/02/16 15:39:00 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2006/09/28 05:45:46 | 000,053,355 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\NPJinit13128.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\npSkypeChromePlugin.dll
CHR - plugin: Oracle JInitiator (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPJinit13128.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: Skype Click to Call = C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Poppit = C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2012/06/22 15:08:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKU\S-1-5-21-2291824006-2209109356-2683878418-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-2291824006-2209109356-2683878418-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2291824006-2209109356-2683878418-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2291824006-2209109356-2683878418-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2291824006-2209109356-2683878418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2291824006-2209109356-2683878418-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://iepdirect.neric.org/ScriptX_6_5/smsx.cab (MeadCo ScriptX)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF} http://sbpub1.neric.org/forms/jinitiator/jinit.exe (JInitiator 1.3.1.28)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03AE7B1F-1569-470C-A453-C84DA62D1459}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A9D0914-6453-4D1A-85C2-A5CC6AD2BA00}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC4F88EC-56A9-4225-8903-4B4D589A4CBC}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/22 22:49:55 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Judy\Desktop\OTL.exe
[2012/06/22 15:10:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/22 15:10:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/22 15:10:31 | 000,000,000 | ---D | C] -- C:\Users\Judy\AppData\Local\temp
[2012/06/21 15:24:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2012/06/21 15:18:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/21 15:18:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/21 15:18:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/21 15:15:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/21 15:15:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/21 15:15:22 | 004,564,664 | R--- | C] (Swearware) -- C:\Users\Judy\Desktop\ComboFix.exe
[2012/06/20 19:45:37 | 000,000,000 | ---D | C] -- C:\FRST
[2012/06/19 15:52:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2012/06/18 18:51:34 | 000,000,000 | ---D | C] -- C:\Users\Judy\AppData\Roaming\Malwarebytes
[2012/06/18 18:51:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/18 18:51:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/18 18:51:28 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/06/18 18:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/18 18:49:41 | 000,020,696 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/06/18 18:49:40 | 000,337,880 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/06/18 18:49:39 | 000,053,848 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/06/18 18:49:39 | 000,044,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/06/18 18:49:38 | 000,612,184 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/06/18 18:49:37 | 000,057,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/06/18 18:49:31 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/06/18 18:49:30 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/06/18 18:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/06/18 18:49:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/06/18 18:22:38 | 000,000,000 | ---D | C] -- C:\Users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery
[2012/06/13 17:23:37 | 000,000,000 | R--D | C] -- C:\Users\Judy\Documents\Scanned Documents
[2012/06/13 17:23:36 | 000,000,000 | ---D | C] -- C:\Users\Judy\Documents\Fax
[2012/06/13 17:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2012/06/13 17:16:53 | 000,000,000 | ---D | C] -- C:\Program Files\Epson Software
[2012/06/13 16:42:52 | 000,000,000 | ---D | C] -- C:\Users\Judy\Documents\My Scans

========== Files - Modified Within 30 Days ==========

[2012/06/22 22:56:21 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/22 22:56:11 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/22 22:54:08 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/22 22:54:08 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/22 22:51:17 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/22 22:51:17 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/22 22:50:10 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Judy\Desktop\OTL.exe
[2012/06/22 22:49:58 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\Free File Viewer Update Checker.job
[2012/06/22 22:46:39 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/22 22:46:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/22 22:45:40 | 2213,449,728 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/22 15:08:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/06/21 15:11:26 | 004,564,664 | R--- | M] (Swearware) -- C:\Users\Judy\Desktop\ComboFix.exe
[2012/06/19 15:53:25 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/06/19 15:52:03 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012/06/19 15:50:26 | 000,000,160 | ---- | M] () -- C:\ProgramData\-qTzu2o6AdZ565wr
[2012/06/19 15:50:26 | 000,000,000 | ---- | M] () -- C:\ProgramData\-qTzu2o6AdZ565w
[2012/06/18 18:51:29 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/18 18:22:38 | 000,000,681 | -H-- | M] () -- C:\Users\Judy\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/06/14 17:57:05 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLec.DAT
[2012/06/13 17:39:45 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012/06/13 17:21:41 | 000,001,166 | ---- | M] () -- C:\Users\Public\Desktop\Epson V30_V300 User's Guide.lnk
[2012/06/13 17:20:57 | 000,002,087 | ---- | M] () -- C:\Users\Public\Desktop\Media Impression.lnk
[2012/06/13 05:24:01 | 000,438,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/12 17:59:52 | 000,002,159 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========
 
[2012/06/21 15:24:23 | 000,002,071 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/06/21 15:24:23 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfeeSecurity Scan Plus.lnk
[2012/06/21 15:24:14 | 000,002,491 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2012/06/21 15:24:14 | 000,001,894 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetZero Internet.lnk
[2012/06/21 15:24:14 | 000,001,515 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/06/21 15:24:14 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/06/21 15:24:14 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/06/21 15:24:14 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/06/21 15:24:14 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/06/21 15:24:14 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/06/21 15:24:14 | 000,001,018 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2012/06/21 15:24:13 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/06/21 15:24:13 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/06/21 15:24:13 | 000,002,501 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2011.lnk
[2012/06/21 15:24:13 | 000,002,479 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/06/21 15:24:13 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/06/21 15:24:13 | 000,002,159 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/06/21 15:24:13 | 000,002,096 | ---- | C] () -- C:\Users\Public\Desktop\CNet Wireless LAN Utility.lnk
[2012/06/21 15:24:13 | 000,002,087 | ---- | C] () -- C:\Users\Public\Desktop\Media Impression.lnk
[2012/06/21 15:24:13 | 000,002,009 | ---- | C] () -- C:\Users\Public\Desktop\PictureProject.lnk
[2012/06/21 15:24:13 | 000,002,001 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk
[2012/06/21 15:24:13 | 000,001,991 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/06/21 15:24:13 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2012/06/21 15:24:13 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012/06/21 15:24:13 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/21 15:24:13 | 000,001,817 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/06/21 15:24:13 | 000,001,755 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/21 15:24:13 | 000,001,635 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EarthLink TotalAccess.lnk
[2012/06/21 15:24:13 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/06/21 15:24:13 | 000,001,166 | ---- | C] () -- C:\Users\Public\Desktop\Epson V30_V300 User's Guide.lnk
[2012/06/21 15:24:13 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/21 15:24:13 | 000,001,028 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2012/06/21 15:24:13 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012/06/21 15:24:13 | 000,000,893 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
[2012/06/21 15:18:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/21 15:18:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/21 15:18:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/21 15:18:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/21 15:18:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/18 18:22:39 | 000,000,160 | ---- | C] () -- C:\ProgramData\-qTzu2o6AdZ565wr
[2012/06/18 18:22:39 | 000,000,000 | ---- | C] () -- C:\ProgramData\-qTzu2o6AdZ565w
[2012/06/18 18:22:38 | 000,000,681 | -H-- | C] () -- C:\Users\Judy\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/02/07 19:56:42 | 000,000,451 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/04 09:52:21 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2011/02/06 17:37:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLec.DAT
[2011/02/02 08:01:21 | 000,036,962 | ---- | C] () -- C:\Windows\System32\ActPanel.dll
[2010/06/16 18:12:08 | 000,000,016 | ---- | C] () -- C:\Users\Judy\persistent_state
[2009/12/02 23:45:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/02 20:13:43 | 000,000,000 | ---- | C] () -- C:\Users\Judy\AppData\Roaming\wklnhst.dat

========== LOP Check ==========

[2011/05/06 11:04:36 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\AVG10
[2010/06/24 14:24:46 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Epson
[2010/10/19 20:12:34 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\AVG10
[2010/01/20 17:37:55 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\AVG9
[2010/10/01 16:28:37 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\Blio
[2012/06/13 17:48:31 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\Epson
[2011/12/05 19:27:16 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\FreeFileViewer
[2009/12/02 23:05:47 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\Leadertech
[2011/02/06 17:48:44 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\Nikon
[2010/10/28 17:24:15 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\Sammsoft
[2009/12/02 23:06:03 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\Template
[2009/12/02 23:06:03 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\WildTangent
[2010/12/11 08:52:01 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\AVG10
[2010/06/24 14:22:56 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Epson
[2012/06/22 22:49:58 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\Free File Viewer Update Checker.job
[2011/01/02 17:37:05 | 000,032,656 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/06/10 17:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/11/20 08:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2009/12/03 01:48:11 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/06/22 15:10:29 | 000,013,511 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 17:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2012/06/22 22:45:40 | 2213,449,728 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/17 03:56:07 | 000,000,165 | ---- | M] () -- C:\Labelprint.log
[2012/06/22 22:45:51 | 2951,270,400 | -HS- | M] () -- C:\pagefile.sys
[2007/08/16 13:39:02 | 000,000,163 | ---- | M] () -- C:\power2go.log
[2009/03/17 03:47:11 | 000,001,650 | ---- | M] () -- C:\RHDSetup.log

< %systemroot%\Fonts\*.com >
[2009/07/14 00:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 17:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/01/20 20:23:16 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\1_HPZPPLHN.DLL
[2008/01/20 20:23:16 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\2_HPZPPLHN.DLL
[2008/01/20 20:23:16 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\3_HPZPPLHN.DLL
[2008/01/20 20:23:16 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\4_HPZPPLHN.DLL
[2008/08/12 11:58:10 | 000,314,880 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpfpp082.dll
[2008/01/20 20:23:16 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2009/07/13 21:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 22:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll
[2009/07/13 21:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2012/03/06 19:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2008/12/05 01:55:20 | 000,307,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 00:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/10/27 07:39:12 | 000,000,574 | -HS- | M] () -- C:\Users\Judy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2011/08/22 09:12:35 | 000,000,221 | -HS- | M] () -- C:\Users\Judy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/06/21 15:11:26 | 004,564,664 | R--- | M] (Swearware) -- C:\Users\Judy\Desktop\ComboFix.exe
[2012/06/22 22:50:10 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Judy\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/06/22 22:56:21 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/22 22:49:58 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\Free File Viewer Update Checker.job
[2012/06/22 22:46:39 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/22 22:56:11 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/22 22:46:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2011/01/02 17:37:05 | 000,032,656 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/03/03 07:39:12 | 000,000,402 | -HS- | M] () -- C:\Users\Judy\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2012/06/19 15:50:26 | 000,000,000 | ---- | M] () -- C:\ProgramData\-qTzu2o6AdZ565w
[2012/06/19 15:50:26 | 000,000,160 | ---- | M] () -- C:\ProgramData\-qTzu2o6AdZ565wr
[2010/02/16 15:48:23 | 000,000,838 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2012/02/12 07:02:18 | 000,000,451 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

< dir /b "%systemroot%\*.exe" | find /I " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

< End of report >
 
OTL Extras logfile created on: 6/22/2012 10:52:08 PM - Run 1
OTL by OldTimer - Version 3.2.52.0 Folder = C:\Users\Judy\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 60.29% Memory free
5.50 Gb Paging File | 4.32 Gb Available in Paging File | 78.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.09 Gb Total Space | 226.83 Gb Free Space | 79.57% Space Free | Partition Type: NTFS

Computer Name: JUDY-PC | User Name: Judy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F54E800-5BE7-46A4-BEE8-F5FEDC47DC6B}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{16EC05E9-6AF0-40C0-A67C-7931852868B8}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{2559A179-0E33-48CF-8EFF-790053108398}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{62390589-9298-4282-BB4C-3D43E69F3423}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C52FA9C-F723-4E28-BF14-44B0D2A10454}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{837787AF-2F32-4F57-8DF6-50AD1BDDAB4B}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdater.exe |
"{8EE18DB1-C455-4EE0-8B2E-8EB339D58810}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{C6A4CC4C-6D51-4D41-92AB-E2AE45A2AF8F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{CEF178EC-80E1-4C41-A734-43F0F2554543}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{E0A35E4B-793E-4210-B329-AD4C9E8DE941}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{E1CF1A99-28E0-4058-BF50-AC0EA2FF83B5}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{E8F5E443-4759-4FB1-9333-0B0EA87B4180}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{F061871D-783B-4C91-8716-AF247C6EDF28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FC1AFA78-4268-48B4-A7E7-3D78BB6D8659}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdateservice.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00114D68-07D1-4D22-A4E8-56EE97B8250D}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{05D265F6-0B50-4BEC-918C-6ACBF8473634}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{05F49B7F-7B35-47AE-9EC9-AAA321216314}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{061BE041-E50E-4232-9B6C-F3E3175B7982}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{06A3D828-1D28-4152-80D4-AF89B1E06FDF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{09757F29-5CD0-40D9-88B0-C4E431A2EADF}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{0C00ADF7-733F-4141-A646-BBE842CE627D}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{0CBAA2BB-CE79-49F9-8E6D-5D36E6DED488}" = protocol=17 | dir=in | app=c:\program files\cnet\wireless lan driver and utility\rtwlan.exe |
"{0FF6E26B-D7C9-4ADE-B271-8DC4E9C44D77}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{16F19D54-32AF-491C-BD57-A3B6FD61D072}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{1B16594F-8F54-40E8-9D81-D82A80E79B8D}" = protocol=6 | dir=in | app=c:\program files\cnet\wireless lan driver and utility\rtwlan.exe |
"{1F46043E-6241-4F07-B704-F0F7951DFF0D}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{2E664CBB-8DE6-43F4-B7D8-A717BAA43B9D}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{2F40BD02-FB44-4CC4-BCF4-DE8A7F212E75}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{36877A2F-44B2-4B79-BC07-0698363ADB21}" = protocol=6 | dir=in | app=c:\program files\cnet\wireless lan driver and utility\rtwlan.exe |
"{375A240F-341D-468B-88F4-5E00768AE3C6}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{3B10C7F3-DAA1-403A-9D26-032710F60079}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{3CF2E93A-B67C-4575-9711-A463BD35CBFA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{452BA2A0-40BF-4092-9537-6CAEC1238A1B}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{46193E47-F131-441F-B1A3-50A19CF0D126}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{4630598B-7B79-4188-BEFC-1B9C79F15192}" = dir=in | app=c:\program files\freefileviewer\ffvcheckforupdates.exe |
"{48596855-1526-4CD3-A4A7-D4E217956020}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{4E214ABF-935E-4EE5-9F34-1FE20490F0C6}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{52721F0B-D2D7-47A4-90F5-41985C1711C1}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{5ADD1718-2773-4C10-9439-1B59A6EF1507}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{7D78D3C2-2E88-4F7C-8D77-B5577BD53107}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{81930451-309D-4D75-9929-B7BEB3A7D814}" = dir=in | app=d:\setup\hpznui01.exe |
"{8B02D066-00CD-4A4E-842F-15EB08CBEBDF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{9499CA00-4AD2-410F-9CEB-035DA538589D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{94A13AC3-97E7-4440-9031-AAFE15F2B5DA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{970097DB-5367-4914-AF15-B85261BBDCCB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9CD9775E-EE32-451D-842B-118D9CD0FE2B}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{9EDEDD27-C3DE-4833-A91A-03BFC69738D9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A15D8E2A-DC3A-4494-B6DB-4E9D70ECB019}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{A57C1751-CDC3-4873-ABA3-E6E5CBB349E4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{AB1BA80F-DCA0-46EF-8BD1-B5EA21FF4B4C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{B76A00B8-81F1-459A-8363-9405FB776414}" = protocol=17 | dir=in | app=c:\program files\cnet\wireless lan driver and utility\rtwlan.exe |
"{BA47AA99-D366-4A90-A31E-C07CE9FDE33B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{BE8F350E-7CB9-4EA0-9F2F-1A6F1CEEC66D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C25D760E-19B7-422F-8A9C-EEAFC774ACDA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{C9AD5BD3-0D58-4A5C-A3DF-141361C81FA7}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{C9BBF47B-CB20-4D51-9612-040BF35C1989}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{D74905A1-ADFC-4691-8D84-B868C19F9CC1}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{F2C481B1-DF02-4F3D-BA73-D1137E06C81B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F8F40569-F6C9-460B-B903-25D9F4EE9D45}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{FEB6BD74-BF69-4CCA-9DBE-6F62EA7C7155}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"TCP Query User{8B3B6A82-4790-465F-9503-4529BF08F138}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{ACF1988E-97F0-4C21-8360-BDE251EB1F7F}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{364806CC-BF38-4C57-9C6F-114B02C6EE4D}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{AC8D4014-227B-4060-A6FB-D86D476BA197}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03DF638A-D61C-4893-B8B9-845900C03163}" = TurboTax 2010 wnyiper
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1D0C8FEA-F9E6-4272-8465-58903F1946D0}" = TurboTax 2011 wnyiper
"{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2}" = Upgrade Kit
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 24
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2E1B4B42-069F-4F53-9966-9B9B938D7FE5}" = HP Officejet 6500 E709 Series
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{3B03E732-6150-4D0A-849F-C6F4141EA78C}" = EPSON Perfection V30/V300 Photo Scanner Driver Update
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{531F0013-964C-4BE6-B382-4117DC8BCDF9}" = ArcSoft MediaImpression
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{83C57C58-FDD7-4d86-BFCC-9D31CC4EFA71}" = 6500_E709n
"{8524BBAC-E3A7-42F5-9B9A-5AE50A10C500}" = Belkin USB Wireless Adaptor
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D12314F45EB}" = CNet Wireless LAN Driver and Utility
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}" = Epson Copy Utility 3.4
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AD13DB89-BD2E-46BF-8DFA-578B1B12DFA3}" = Blio
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C383CBAD-61FA-417E-B784-2E9F1E843DF2}" = TurboTax 2010 wmaiper
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CAFECAFE-0013-0001-0128-ABCDEFABCDEF}" = Oracle JInitiator 1.3.1.28
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DCF60B7D-5830-4AF6-998F-1CD79E1A4BF6}" = Microsoft LifeCam
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems PCI-SV92EX Soft Modem
"avast" = avast! Internet Security
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"EPSON Scanner" = EPSON Scan
"FreeFileViewer_is1" = Free File Viewer 2010
"Google Chrome" = Google Chrome
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{8524BBAC-E3A7-42F5-9B9A-5AE50A10C500}" = Belkin USB Wireless Adaptor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"TurboTax 2010" = TurboTax 2010
"TurboTax 2011" = TurboTax 2011
"WildTangent emachines Master Uninstall" = eMachines Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"Word Roots Software A1 Trial" = Word Roots Software A1 Trial

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/1/2012 10:38:58 AM | Computer Name = Judy-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_HPSLPSVC, version: 6.1.7600.16385,
time stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x00660073 Faulting process id:
0x930 Faulting application start time: 0x01cd3f70d3c3c510 Faulting application path:
C:\Windows\system32\svchost.exe Faulting module path: unknown Report Id: 853e83a0-abf7-11e1-bdb7-001d72bfa518

Error - 6/2/2012 8:00:13 AM | Computer Name = Judy-PC | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2. Multiple
requestedPrivileges elements are not allowed in manifest.

Error - 6/2/2012 8:38:00 AM | Computer Name = Judy-PC | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2. Multiple
requestedPrivileges elements are not allowed in manifest.

Error - 6/2/2012 8:39:42 AM | Computer Name = Judy-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/2/2012 8:39:42 AM | Computer Name = Judy-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/2/2012 8:39:42 AM | Computer Name = Judy-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/2/2012 8:39:42 AM | Computer Name = Judy-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/5/2012 5:23:49 PM | Computer Name = Judy-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/5/2012 8:10:20 PM | Computer Name = Judy-PC | Source = Application Error | ID = 1000
Description = Faulting application name: hpqtra08.exe, version: 130.0.422.0, time
stamp: 0x4abb0686 Faulting module name: msvcrt.dll, version: 7.0.7600.16930, time
stamp: 0x4eeaf834 Exception code: 0xc00000fd Fault offset: 0x0000cd12 Faulting process
id: 0x91c Faulting application start time: 0x01cd4362887ad620 Faulting application
path: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe Faulting module path:
C:\Windows\system32\msvcrt.dll Report Id: 0016f9a0-af6c-11e1-a479-001d72bfa518

Error - 6/12/2012 5:25:06 AM | Computer Name = Judy-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/12/2012 5:53:16 PM | Computer Name = Judy-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 5/1/2011 9:17:10 AM | Computer Name = Judy-PC | Source = MCUpdate | ID = 0
Description = 9:17:10 AM - Error connecting to the internet. 9:17:10 AM - Unable
to contact server..

Error - 5/1/2011 9:17:21 AM | Computer Name = Judy-PC | Source = MCUpdate | ID = 0
Description = 9:17:15 AM - Error connecting to the internet. 9:17:15 AM - Unable
to contact server..

Error - 5/1/2011 2:35:37 PM | Computer Name = Judy-PC | Source = MCUpdate | ID = 0
Description = 2:35:36 PM - Error connecting to the internet. 2:35:36 PM - Unable
to contact server..

Error - 5/1/2011 2:35:54 PM | Computer Name = Judy-PC | Source = MCUpdate | ID = 0
Description = 2:35:42 PM - Error connecting to the internet. 2:35:42 PM - Unable
to contact server..

Error - 5/5/2011 7:23:50 AM | Computer Name = Judy-PC | Source = MCUpdate | ID = 0
Description = 7:23:50 AM - Error connecting to the internet. 7:23:50 AM - Unable
to contact server..

Error - 5/5/2011 7:24:04 AM | Computer Name = Judy-PC | Source = MCUpdate | ID = 0
Description = 7:23:55 AM - Error connecting to the internet. 7:23:55 AM - Unable
to contact server..

Error - 5/5/2011 4:01:20 PM | Computer Name = Judy-PC | Source = MCUpdate | ID = 0
Description = 4:01:20 PM - Error connecting to the internet. 4:01:20 PM - Unable
to contact server..

Error - 5/5/2011 4:01:31 PM | Computer Name = Judy-PC | Source = MCUpdate | ID = 0
Description = 4:01:26 PM - Error connecting to the internet. 4:01:26 PM - Unable
to contact server..

Error - 5/6/2011 2:44:13 AM | Computer Name = Judy-PC | Source = MCUpdate | ID = 0
Description = 2:44:13 AM - Error connecting to the internet. 2:44:13 AM - Unable
to contact server..

Error - 5/6/2011 2:44:23 AM | Computer Name = Judy-PC | Source = MCUpdate | ID = 0
Description = 2:44:18 AM - Error connecting to the internet. 2:44:18 AM - Unable
to contact server..

[ System Events ]
Error - 6/22/2012 10:39:42 PM | Computer Name = Judy-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 6/22/2012 10:44:42 PM | Computer Name = Judy-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 6/22/2012 10:44:42 PM | Computer Name = Judy-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 6/22/2012 10:44:42 PM | Computer Name = Judy-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 6/22/2012 10:46:18 PM | Computer Name = Judy-PC | Source = Service Control Manager | ID = 7000
Description = The KLPP2Drv service failed to start due to the following error: %%3

Error - 6/22/2012 10:46:20 PM | Computer Name = Judy-PC | Source = Service Control Manager | ID = 7023
Description = The IP Helper service terminated with the following error: %%126

Error - 6/22/2012 10:46:55 PM | Computer Name = Judy-PC | Source = bowser | ID = 8003
Description =

Error - 6/22/2012 10:58:50 PM | Computer Name = Judy-PC | Source = bowser | ID = 8003
Description =

Error - 6/22/2012 11:10:53 PM | Computer Name = Judy-PC | Source = bowser | ID = 8003
Description =

Error - 6/22/2012 11:22:54 PM | Computer Name = Judy-PC | Source = bowser | ID = 8003
Description =


< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKU\S-1-5-21-2291824006-2209109356-2683878418-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
    O15 - HKU\S-1-5-21-2291824006-2209109356-2683878418-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    [2012/06/18 18:22:39 | 000,000,160 | ---- | C] () -- C:\ProgramData\-qTzu2o6AdZ565wr
    [2012/06/18 18:22:39 | 000,000,000 | ---- | C] () -- C:\ProgramData\-qTzu2o6AdZ565w
    [2012/06/18 18:22:38 | 000,000,681 | -H-- | C] () -- C:\Users\Judy\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
    [2011/05/06 11:04:36 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\AVG10
    [2010/10/19 20:12:34 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\AVG10
    [2010/01/20 17:37:55 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\AVG9
    [2010/12/11 08:52:01 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\AVG10
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

===========================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
OTL:


All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_USERS\S-1-5-21-2291824006-2209109356-2683878418-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2291824006-2209109356-2683878418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\ProgramData\-qTzu2o6AdZ565wr moved successfully.
C:\ProgramData\-qTzu2o6AdZ565w moved successfully.
C:\Users\Judy\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk moved successfully.
C:\Users\Guest\AppData\Roaming\AVG10\cfgall folder moved successfully.
C:\Users\Guest\AppData\Roaming\AVG10 folder moved successfully.
C:\Users\Judy\AppData\Roaming\AVG10\cfgall folder moved successfully.
C:\Users\Judy\AppData\Roaming\AVG10 folder moved successfully.
C:\Users\Judy\AppData\Roaming\AVG9\cfgall folder moved successfully.
C:\Users\Judy\AppData\Roaming\AVG9 folder moved successfully.
C:\Users\Mike\AppData\Roaming\AVG10\cfgall folder moved successfully.
C:\Users\Mike\AppData\Roaming\AVG10 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 38751942 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 24231006 bytes
->Google Chrome cache emptied: 29997182 bytes
->Flash cache emptied: 1959 bytes

User: Judy
->Temp folder emptied: 2000 bytes
->Temporary Internet Files folder emptied: 212071648 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 44967755 bytes
->Google Chrome cache emptied: 443367848 bytes
->Apple Safari cache emptied: 1818624 bytes
->Flash cache emptied: 369086 bytes

User: Mike
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 79472614 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 153056703 bytes
->Google Chrome cache emptied: 226103635 bytes
->Flash cache emptied: 9927 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 154252 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 569328 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,197.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Guest
->Java cache emptied: 0 bytes

User: Judy
->Java cache emptied: 0 bytes

User: Mike
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Judy
->Flash cache emptied: 0 bytes

User: Mike
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.52.0 log created on 06222012_235135

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Security Checkup:
Results of screen317's Security Check version 0.99.24
Windows 7 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Internet Security
Norton Internet Security
McAfee Security Scan Plus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:

Java(TM) 6 Update 24
Out of date Java installed!
Adobe Flash Player 11.3.300.262
Mozilla Firefox (3.6.10) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````
FSS:
Farbar Service Scanner Version: 22-06-2012 01
Ran by Judy (administrator) on 23-06-2012 at 00:11:43
Running from "C:\Users\Judy\Desktop"
Microsoft Windows 7 Home Premium (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-06-12 18:18] - [2012-03-30 06:29] - 1287024 ____A (Microsoft Corporation) 55E9965552741F3850CB22CBBA9671ED
C:\Windows\system32\dnsrslvr.dll
[2011-05-06 11:18] - [2011-03-03 01:29] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9
C:\Windows\system32\mpssvc.dll
[2009-07-13 19:53] - [2009-07-13 21:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E
C:\Windows\system32\bfe.dll
[2009-07-13 19:54] - [2009-07-13 21:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll
[2009-07-13 19:23] - [2009-07-13 21:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446
C:\Windows\system32\vssvc.exe
[2009-07-13 19:24] - [2009-07-13 21:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C
C:\Windows\system32\wscsvc.dll
[2011-02-09 19:00] - [2010-12-21 01:38] - 0073728 ____A (Microsoft Corporation) A661A76333057B383A06E65F0073222F
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll
[2009-07-13 20:15] - [2009-07-13 21:16] - 1912832 ____A (Microsoft Corporation) A33408CC036F9C08142B11BE5E93F0A1
C:\Windows\system32\qmgr.dll
[2009-07-13 19:30] - [2009-07-13 21:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-06-12 18:15] - [2012-04-24 00:47] - 0139264 ____A (Microsoft Corporation) 520A108A2657F4BCA7FCED9CA7D885DE
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
**** End of log ****
ESET Scan:
C:\Qoobox\Quarantine\C\ProgramData\hIxvqiEONcrb.exe.vira variant of Win32/Kryptik.AHCT trojancleaned by deleting - quarantined
 
You're running two AV programs, Norton and Avast.
One of them has to go.
If Norton use this tool: http://majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html

Uninstall McAfee Security Scan Plus, typical foistware.

===================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

=========================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current (including Service Pack 1 installation!!)

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
Back