1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

strongvault removel

Discussion in 'Virus & Other Malware Removal' started by pokey2, Feb 13, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. pokey2

    pokey2 Thread Starter

    Joined:
    Jan 24, 2008
    Messages:
    90
    HI I have this program called strongvault online backup that I didn't install. I am trying to remove it, but can not. I have manuley deleted the files that it would let me, but their are 8 files that I cannot delete. I have tried microsoft fixit with no luck. Can you help. Please see below three of the four logs you requested. I am unable to get gmer to respond. A line on the program says that my rootkits belong to us????????

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:20:12 AM, on 2/13/2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\IncrediMail\bin\IncMail.exe
    C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Strongvault Online Backup\ClientMessenger.exe
    C:\Program Files\IncrediMail\Bin\ImApp.exe
    C:\Program Files\Strongvault Online Backup\ClientMessenger.exe
    C:\Program Files\Strongvault Online Backup\ClientMessenger.exe
    C:\Program Files\Strongvault Online Backup\ClientMessenger.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\Larry\My Documents\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.134284196011134974.1.1.Run.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/410
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: SelectionLinksBHO - {300BEC06-B743-4D19-86B9-11DC711D7FFB} - (no file)
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Messenger] "C:\Program Files\Strongvault Online Backup\ClientMessenger.exe"
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1360267042484
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: c:\docume~1\alluse~1\applic~1\browse~2\251005~1.80\{c16c1~1\browse~1.dll
    O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

    --
    End of file - 6607 bytes

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702
    Run by Larry at 11:21:18 on 2013-02-13
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1209 [GMT -5:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ================
    .
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\IncrediMail\bin\IncMail.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Strongvault Online Backup\ClientMessenger.exe
    C:\Program Files\IncrediMail\Bin\ImApp.exe
    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    C:\Program Files\Strongvault Online Backup\ClientMessenger.exe
    C:\Program Files\Strongvault Online Backup\ClientMessenger.exe
    C:\Program Files\Strongvault Online Backup\ClientMessenger.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.searchnu.com/410
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {300BEC06-B743-4D19-86B9-11DC711D7FFB} - <orphaned>
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
    uRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
    uRun: [DW7] "c:\program files\the weather channel\the weather channel app\TWCApp.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Messenger] "c:\program files\strongvault online backup\ClientMessenger.exe"
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1360267042484
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{2090FB9A-AF35-496D-84AE-18812705D7FC} : DHCPNameServer = 192.168.1.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs= c:\docume~1\alluse~1\applic~1\browse~2\251005~1.80\{c16c1~1\browse~1.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\larry\application data\mozilla\firefox\profiles\u72wne48.default-1353340976468\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.charter.net/
    FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=100&systemid=410&apn_dtid=BND410&apn_ptnrs=AGA&apn_uid=6083327038014274&o=APN10649&q=
    FF - plugin: c:\documents and settings\larry\application data\mozilla\plugins\npPxPlay.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_149.dll
    .
    ---- FIREFOX POLICIES ----
    user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    FF - user.js: browser.sessionstore.resume_from_crash - false
    FF - user.js: extensions.claro.tlbrSrchUrl -
    FF - user.js: extensions.claro.id - 74767341000000000000000d096226d9
    FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}
    FF - user.js: extensions.claro.instlDay - 15699
    FF - user.js: extensions.claro.vrsn - 1.8.8.5
    FF - user.js: extensions.claro.vrsni - 1.8.8.5
    FF - user.js: extensions.claro_i.vrsnTs - 1.8.8.510:23:24
    FF - user.js: extensions.claro.prtnrId - claro
    FF - user.js: extensions.claro.prdct - claro
    FF - user.js: extensions.claro.aflt - babsst
    FF - user.js: extensions.claro_i.smplGrp - none
    FF - user.js: extensions.claro.tlbrId - claro
    FF - user.js: extensions.claro.instlRef - sst
    FF - user.js: extensions.claro.dfltLng - en
    FF - user.js: extensions.claro_i.excTlbr - false
    FF - user.js: extensions.claro.excTlbr - false
    FF - user.js: extensions.claro.admin - false
    FF - user.js: extensions.claro.autoRvrt - false
    FF - user.js: extensions.claro.rvrt - false
    FF - user.js: extensions.claro_i.newTab - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-7-11 738504]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-7-11 361032]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-7-11 21256]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-7-11 44808]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2010-11-27 398176]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-8-28 92632]
    R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2010-12-4 2074480]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
    S0 szkg5;szkg5;c:\windows\system32\drivers\szkg.sys --> c:\windows\system32\drivers\szkg.sys [?]
    S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
    S3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-4-12 245760]
    S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
    S3 RAPIProtocol;Ralink RAPI Protocol Driver;c:\windows\system32\drivers\RAPIProtocol.sys [2010-12-6 16512]
    S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2010-12-10 966912]
    .
    =============== Created Last 30 ================
    .
    2013-02-13 00:38:03 -------- d-----w- c:\documents and settings\larry\application data\tiger-k
    2013-02-13 00:38:02 -------- d-----w- c:\documents and settings\larry\application data\Leawo
    2013-02-13 00:38:02 -------- d-----w- c:\documents and settings\all users\application data\Leawo
    2013-02-13 00:37:43 175616 ----a-w- c:\windows\system32\unrar.dll
    2013-02-13 00:37:39 -------- d-----w- c:\program files\K-Lite Codec Pack
    2013-02-13 00:37:24 606208 ----a-w- c:\windows\system32\xvidcore.dll
    2013-02-13 00:37:24 139264 ----a-w- c:\windows\system32\xvid.ax
    2013-02-13 00:36:57 -------- d-----w- c:\program files\Leawo
    2013-02-13 00:27:16 -------- d-----w- C:\videodvdmaker
    2013-02-13 00:27:16 -------- d-----w- c:\documents and settings\larry\application data\Video DVD Maker FREE
    2013-02-13 00:23:59 -------- d-----w- c:\documents and settings\larry\local settings\application data\Strongvault
    2013-02-13 00:23:58 -------- d-----w- c:\program files\Strongvault Online Backup
    2013-02-13 00:23:43 -------- d-sh--w- C:\AI_RecycleBin
    2013-02-13 00:23:29 -------- d-----w- c:\documents and settings\larry\local settings\application data\Updater21804
    2013-02-11 15:10:14 -------- d-----w- c:\program files\Free mp3 Wma Converter
    2013-02-11 14:57:24 -------- d-----w- c:\documents and settings\all users\application data\18213
    2013-02-06 20:50:01 96664 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
    2013-02-06 20:50:01 271768 ----a-w- c:\program files\mozilla firefox\updater.exe
    2013-02-06 20:50:01 19352 ----a-w- c:\program files\mozilla firefox\xpcom.dll
    2013-02-06 20:50:01 17804184 ----a-w- c:\program files\mozilla firefox\xul.dll
    2013-02-06 20:50:01 157712 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
    2013-02-06 20:50:00 92056 ----a-w- c:\program files\mozilla firefox\smime3.dll
    2013-02-06 20:50:00 864656 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
    2013-02-06 20:50:00 155544 ----a-w- c:\program files\mozilla firefox\ssl3.dll
    2013-02-06 20:50:00 151960 ----a-w- c:\program files\mozilla firefox\softokn3.dll
    2013-02-06 00:01:18 -------- d-----w- c:\documents and settings\larry\application data\TechSmith
    2013-02-06 00:01:10 -------- d-----w- c:\documents and settings\larry\local settings\application data\TechSmith
    2013-02-05 23:45:15 -------- d-----w- c:\documents and settings\all users\application data\Wondershare
    2013-02-05 23:44:28 -------- d-----w- c:\documents and settings\larry\local settings\application data\Wondershare
    2013-02-05 17:27:09 -------- d-----w- c:\program files\Photodex Presenter
    2013-02-05 17:26:56 -------- d-----w- c:\program files\Photodex
    .
    ==================== Find3M ====================
    .
    2013-02-08 16:39:16 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-02-08 16:39:16 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
    2013-01-07 01:19:45 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-01-07 00:37:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
    2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax
    2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
    2012-12-26 20:16:29 916480 ----a-w- c:\windows\system32\wininet.dll
    2012-12-26 20:16:28 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-12-26 20:16:28 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-12-24 06:40:59 385024 ------w- c:\windows\system32\html.iec
    2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-27 13:52:58 571392 ----a-w- c:\windows\system32\tsccvid.dll
    2012-11-26 23:20:50 234496 ----a-w- c:\windows\system32\tsc2_codec32.dll
    2012-11-18 22:17:21 109838 ----a-w- c:\windows\system32\ffdshow.reg
    .
    ============= FINISH: 11:21:48.76 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/2/2010 9:23:11 PM
    System Uptime: 2/13/2013 9:36:25 AM (2 hours ago)
    .
    Motherboard: Hewlett-Packard | | 0A60h
    Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | XU1 PROCESSOR | 3192/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 75 GiB total, 40.687 GiB free.
    D: is CDROM (CDFS)
    G: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: 802.11n Wireless LAN Card
    Device ID: PCI\VEN_1814&DEV_0601&SUBSYS_28601814&REV_00\4&3721BFB3&0&20F0
    Manufacturer: Ralink Technology, Corp.
    Name: 802.11n Wireless LAN Card
    PNP Device ID: PCI\VEN_1814&DEV_0601&SUBSYS_28601814&REV_00\4&3721BFB3&0&20F0
    Service: RT80x86
    .
    ==== System Restore Points ===================
    .
    RP717: 1/14/2013 4:58:50 PM - System Checkpoint
    RP718: 1/15/2013 9:31:34 AM - Software Distribution Service 3.0
    RP719: 1/16/2013 8:17:13 PM - System Checkpoint
    RP720: 1/17/2013 1:22:59 PM - Installed TurboTax 2012 wmiiper
    RP721: 1/18/2013 3:54:02 PM - System Checkpoint
    RP722: 1/19/2013 4:36:20 PM - System Checkpoint
    RP723: 1/20/2013 4:50:06 PM - System Checkpoint
    RP724: 1/21/2013 5:15:48 PM - System Checkpoint
    RP725: 1/22/2013 5:29:01 PM - System Checkpoint
    RP726: 1/23/2013 6:08:09 PM - System Checkpoint
    RP727: 1/24/2013 8:15:44 PM - System Checkpoint
    RP728: 1/25/2013 8:42:34 PM - System Checkpoint
    RP729: 1/26/2013 9:08:10 PM - System Checkpoint
    RP730: 1/27/2013 9:48:52 PM - System Checkpoint
    RP731: 1/28/2013 10:19:06 PM - System Checkpoint
    RP732: 1/29/2013 10:23:30 PM - System Checkpoint
    RP733: 1/30/2013 10:35:57 PM - System Checkpoint
    RP734: 1/31/2013 10:47:30 PM - System Checkpoint
    RP735: 2/1/2013 11:11:05 PM - System Checkpoint
    RP736: 2/3/2013 12:59:02 AM - System Checkpoint
    RP737: 2/3/2013 11:47:00 AM - Removed QuickTime
    RP738: 2/3/2013 1:47:29 PM - Removed Apple Mobile Device Support
    RP739: 2/3/2013 1:48:18 PM - Removed Apple Application Support
    RP740: 2/4/2013 5:32:08 PM - System Checkpoint
    RP741: 2/5/2013 11:18:00 AM - Removed iTunes
    RP742: 2/5/2013 11:26:04 AM - Removed Java(TM) 6 Update 22
    RP743: 2/5/2013 6:44:52 PM - Installed Windows XP -- Software Updates KB952011.
    RP744: 2/5/2013 6:58:08 PM - Installed Camtasia Studio 8
    RP745: 2/5/2013 7:20:52 PM - Removed Camtasia Studio 8
    RP746: 2/6/2013 7:39:51 PM - System Checkpoint
    RP747: 2/7/2013 8:28:55 PM - System Checkpoint
    RP748: 2/8/2013 8:51:50 PM - System Checkpoint
    RP749: 2/9/2013 9:51:50 PM - System Checkpoint
    RP750: 2/10/2013 11:23:18 PM - System Checkpoint
    RP751: 2/11/2013 11:27:50 PM - System Checkpoint
    RP752: 2/13/2013 9:14:56 AM - Software Distribution Service 3.0
    RP753: 2/13/2013 10:25:52 AM - Restore Point before Corrupt Patch Registry keys
    .
    ==== Installed Programs ======================
    .
    Leawo DVD Creator version 5.1.0.0
    AC3Filter 2.5b
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.5)
    Adobe Shockwave Player 11.5
    AnswerWorks 5.0 English Runtime
    Apple Software Update
    avast! Free Antivirus
    Bonjour
    Brother MFL-Pro Suite MFC-J265W
    CCleaner
    ffdshow v1.1.4369 [2012-03-03]
    Google Update Helper
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Format 11 SDK (KB973442)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB2779562)
    Hotfix for Windows XP (KB932716-v2)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    IncrediMail
    IncrediMail 2.0
    Intel(R) Graphics Media Accelerator Driver
    Java Auto Updater
    Java(TM) 6 Update 29
    K-Lite Codec Pack 8.7.0 (Basic)
    Lphant
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft LifeCam
    Microsoft User-Mode Driver Framework Feature Pack 1.9
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft WinUsb 1.0
    MovieTracer
    Mozilla Firefox 18.0.2 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB2758694)
    OpenOffice.org 3.3
    PaperPort Image Printer
    Personal Ancestral File 5
    Photodex Presenter
    PMB
    ProShow Gold
    Quicken 2009
    Ralink RT2860 Wireless LAN Card
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB2761465)
    Security Update for Windows Internet Explorer 8 (KB2792100)
    Security Update for Windows Internet Explorer 8 (KB2797052)
    Security Update for Windows Internet Explorer 8 (KB2799329)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Encoder (KB2447961)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB2753842-v2)
    Security Update for Windows XP (KB2753842)
    Security Update for Windows XP (KB2757638)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2761226)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2778344)
    Security Update for Windows XP (KB2779030)
    Security Update for Windows XP (KB2780091)
    Security Update for Windows XP (KB2799494)
    Security Update for Windows XP (KB2802968)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Skype™ 5.10
    System Requirements Lab for Intel
    The Weather Channel App
    TomTom HOME
    TomTom HOME Visual Studio Merge Modules
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows Internet Explorer 8 (KB2598845)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WebFldrs XP
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Notifications (KB905474)
    Windows Installer Clean Up
    Windows Internet Explorer 8
    Windows Media Encoder 9 Series
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    XML Paper Specification Shared Components Pack 1.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/13/2013 9:38:57 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: szkg5 szkgfs
    2/13/2013 9:37:28 AM, error: Service Control Manager [7000] - The Zune Bus Enumerator Driver service failed to start due to the following error: The system cannot find the file specified.
    2/13/2013 11:21:20 AM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
    .
    ==== End Of File ===========================

    Thank you for your help Larry

    I think I got the gmer scan to work. here are those results. Larry

    GMER 2.1.18952 - http://www.gmer.net
    Rootkit scan 2013-02-13 15:12:40
    Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HDS721680PLA380 rev.P21OAB6A 74.53GB
    Running: zig9oee2.exe; Driver: C:\DOCUME~1\Larry\LOCALS~1\Temp\fxlcypob.sys


    ---- System - GMER 2.1 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA846A4BA]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA853FC22]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xA846AED6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA84AC811]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA8475FA8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA8475FF4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA8476176]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA84AC1C5]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA8475F16]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA8476038]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA8475F5E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xA846B11C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA8476130]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xA846B93E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA846A508]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA84ACED7]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA84AD18D]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA846F1C2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA84ACD42]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA84ACBAD]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA853FCEA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA846A170]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA846A556]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA846F534]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA846C3A6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA8475FD2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA8476016]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA847619A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA84AC521]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA8475F3C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA846EC3E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA84760BA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA8475F86]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA846EF14]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA8476154]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA853FE4A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA84ACA28]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA846C272]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA84AC87A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xA846BDD4]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA854C7D2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA84AB838]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA846A5A4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA846A5F2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xA846B7BE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA846A1FA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA846A3AA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA84ACFDE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA846A350]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xA846BAF8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xA846BC54]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA846A41A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xA846B4D4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xA846B636]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xA853E41C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA846A640]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xA846AF1A]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA8558E56]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 2.1 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2D28 80504620 4 Bytes JMP 9CA853FC
    .text ntkrnlpa.exe!ZwCallbackReturn + 2F28 80504820 12 Bytes [A4, A5, 46, A8, F2, A5, 46, ...]
    .text ntkrnlpa.exe!ZwCallbackReturn + 2FD0 805048C8 12 Bytes [F8, BA, 46, A8, 54, BC, 46, ...]
    PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64B0 4 Bytes CALL A846CA77 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC55E 5 Bytes JMP A8555CF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject 805C2FE2 5 Bytes JMP A8557810 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D119A 7 Bytes JMP A8558E5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    .text win32k.sys!EngFreeUserMem + 674 BF809952 5 Bytes JMP A8470B4C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFreeUserMem + 35D0 BF80C8AE 5 Bytes JMP A8470A3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSurface + 45 BF813946 5 Bytes JMP A84709F6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C598 5 Bytes JMP A84700A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngSetLastError + 79C4 BF824124 5 Bytes JMP A846F7C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateBitmap + F9C BF828A8E 5 Bytes JMP A8470CB6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnmapFontFileFD + 2C50 BF831496 5 Bytes JMP A8470EBE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnmapFontFileFD + B6BA BF839F00 5 Bytes JMP A84708FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF8517AB 5 Bytes JMP A846F688 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + F17 BF85BCDA 5 Bytes JMP A847016A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 3567 BF85E32A 5 Bytes JMP A846FC1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 35F2 BF85E3B5 5 Bytes JMP A846FEE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreatePalette + 88 BF85F626 5 Bytes JMP A846F670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreatePalette + 5466 BF864A04 5 Bytes JMP A8470A86 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetCurrentCodePage + 3665 BF873264 5 Bytes JMP A846FCDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetCurrentCodePage + 41A2 BF873DA1 5 Bytes JMP A846FE9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetLastError + 1606 BF890E91 5 Bytes JMP A8470182 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGradientFill + 26EE BF89443B 5 Bytes JMP A8470BFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngStretchBltROP + 583 BF894F13 5 Bytes JMP A8470E1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCopyBits + 3862 BF89C2CE 5 Bytes JMP A8470090 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCopyBits + 4DF7 BF89D863 5 Bytes JMP A846F834 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngEraseSurface + A996 BF8C1D0C 5 Bytes JMP A846F944 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSemaphore + A5A4 BF8EB49B 5 Bytes JMP A84700C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!PATHOBJ_bCloseFigure + 19EF BF8EFF5C 5 Bytes JMP A846F56A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!PATHOBJ_bCloseFigure + 3BBE BF8F212B 5 Bytes JMP A846FA1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!PATHOBJ_bCloseFigure + 3E3E BF8F23AB 5 Bytes JMP A846FB48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 1A40 BF914636 5 Bytes JMP A846F760 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 2614 BF91520A 5 Bytes JMP A846F8F0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 4F95 BF917B8B 5 Bytes JMP A846FFFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngPlgBlt + 1934 BF947E24 5 Bytes JMP A8470D74 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    ? C:\DOCUME~1\Larry\LOCALS~1\Temp\mbr.sys The filename, directory name, or volume label syntax is incorrect. !

    ---- User code sections - GMER 2.1 ----

    .text C:\WINDOWS\system32\svchost.exe[188] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[188] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[308] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[308] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\System32\smss.exe[480] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\csrss.exe[532] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\csrss.exe[532] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[556] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[556] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[584] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003901F8
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[584] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[584] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003903FC
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[584] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[584] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00031014
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[584] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00030804
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[584] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00030A08
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[584] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00030C0C
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[584] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00030E10
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[584] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 000301F8
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[584] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 000303FC
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[584] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00030600
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[584] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 03910804
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[584] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 03910A08
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[584] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 03910600
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[584] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 039101F8
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[584] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 039103FC
    .text C:\WINDOWS\system32\services.exe[600] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[600] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[612] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[612] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[772] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[928] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[928] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Mozilla Firefox\firefox.exe[1024] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01583C70 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[1024] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Mozilla Firefox\firefox.exe[1024] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002D03FC
    .text C:\Program Files\Mozilla Firefox\firefox.exe[1024] KERNEL32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 018D6096 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[1024] KERNEL32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 018D6073 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[1024] KERNEL32.dll!ValidateLocale + B1C8 7C8449C8 7 Bytes JMP 015A553C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[1024] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Mozilla Firefox\firefox.exe[1024] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 025B0804
    .text C:\Program Files\Mozilla Firefox\firefox.exe[1024] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 025B0A08
    .text C:\Program Files\Mozilla Firefox\firefox.exe[1024] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 025B0600
    .text C:\Program Files\Mozilla Firefox\firefox.exe[1024] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 025B01F8
    .text C:\Program Files\Mozilla Firefox\firefox.exe[1024] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 025B03FC
    .text C:\Program Files\Mozilla Firefox\firefox.exe[1024] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 018D5FF4 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[1024] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 036D1014
    .text C:\Program Files\Mozilla Firefox\firefox.exe[1024] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 036D0804
    .text C:\Program Files\Mozilla Firefox\firefox.exe[1024] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 036D0A08
    .text C:\Program Files\Mozilla Firefox\firefox.exe[1024] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 036D0C0C
    .text C:\Program Files\Mozilla Firefox\firefox.exe[1024] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 036D0E10
    .text C:\Program Files\Mozilla Firefox\firefox.exe[1024] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 036D01F8
    .text C:\Program Files\Mozilla Firefox\firefox.exe[1024] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 036D03FC
    .text C:\Program Files\Mozilla Firefox\firefox.exe[1024] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 036D0600
    .text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1252] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1252] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1252] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\brss01a.exe[1344] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\brss01a.exe[1344] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[1352] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[1352] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\rundll32.exe[1364] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\rundll32.exe[1364] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1452] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1488] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1488] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Documents and Settings\Larry\My Documents\Downloads\zig9oee2.exe[1736] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003901F8
    .text C:\Documents and Settings\Larry\My Documents\Downloads\zig9oee2.exe[1736] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Documents and Settings\Larry\My Documents\Downloads\zig9oee2.exe[1736] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003903FC
    .text C:\Documents and Settings\Larry\My Documents\Downloads\zig9oee2.exe[1736] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Documents and Settings\Larry\My Documents\Downloads\zig9oee2.exe[1736] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014
    .text C:\Documents and Settings\Larry\My Documents\Downloads\zig9oee2.exe[1736] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804
    .text C:\Documents and Settings\Larry\My Documents\Downloads\zig9oee2.exe[1736] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08
    .text C:\Documents and Settings\Larry\My Documents\Downloads\zig9oee2.exe[1736] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C
    .text C:\Documents and Settings\Larry\My Documents\Downloads\zig9oee2.exe[1736] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10
    .text C:\Documents and Settings\Larry\My Documents\Downloads\zig9oee2.exe[1736] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8
    .text C:\Documents and Settings\Larry\My Documents\Downloads\zig9oee2.exe[1736] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC
    .text C:\Documents and Settings\Larry\My Documents\Downloads\zig9oee2.exe[1736] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600
    .text C:\Documents and Settings\Larry\My Documents\Downloads\zig9oee2.exe[1736] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F0804
    .text C:\Documents and Settings\Larry\My Documents\Downloads\zig9oee2.exe[1736] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003F0A08
    .text C:\Documents and Settings\Larry\My Documents\Downloads\zig9oee2.exe[1736] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600
    .text C:\Documents and Settings\Larry\My Documents\Downloads\zig9oee2.exe[1736] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8
    .text C:\Documents and Settings\Larry\My Documents\Downloads\zig9oee2.exe[1736] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC
    .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1804] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1804] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1832] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1832] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[1904] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[1904] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe[2016] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe[2016] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2300] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
    .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2300] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2300] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
    .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2300] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[2712] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\Explorer.EXE[2712] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[2712] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\Explorer.EXE[2712] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[2712] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00371014
    .text C:\WINDOWS\Explorer.EXE[2712] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00370804
    .text C:\WINDOWS\Explorer.EXE[2712] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00370A08
    .text C:\WINDOWS\Explorer.EXE[2712] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00370C0C
    .text C:\WINDOWS\Explorer.EXE[2712] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00370E10
    .text C:\WINDOWS\Explorer.EXE[2712] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003701F8
    .text C:\WINDOWS\Explorer.EXE[2712] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003703FC
    .text C:\WINDOWS\Explorer.EXE[2712] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00370600
    .text C:\WINDOWS\Explorer.EXE[2712] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 02250804
    .text C:\WINDOWS\Explorer.EXE[2712] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 02250A08
    .text C:\WINDOWS\Explorer.EXE[2712] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 02250600
    .text C:\WINDOWS\Explorer.EXE[2712] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 022501F8
    .text C:\WINDOWS\Explorer.EXE[2712] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 022503FC
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[2848] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[2848] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\IncrediMail\bin\IncMail.exe[3008] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003901F8
    .text C:\Program Files\IncrediMail\bin\IncMail.exe[3008] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\IncrediMail\bin\IncMail.exe[3008] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003903FC
    .text C:\Program Files\IncrediMail\bin\IncMail.exe[3008] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\IncrediMail\bin\IncMail.exe[3008] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 01001014
    .text C:\Program Files\IncrediMail\bin\IncMail.exe[3008] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 01000804
    .text C:\Program Files\IncrediMail\bin\IncMail.exe[3008] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 01000A08
    .text C:\Program Files\IncrediMail\bin\IncMail.exe[3008] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 01000C0C
    .text C:\Program Files\IncrediMail\bin\IncMail.exe[3008] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 01000E10
    .text C:\Program Files\IncrediMail\bin\IncMail.exe[3008] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 010001F8
    .text C:\Program Files\IncrediMail\bin\IncMail.exe[3008] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 010003FC
    .text C:\Program Files\IncrediMail\bin\IncMail.exe[3008] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 01000600
    .text C:\Program Files\IncrediMail\bin\IncMail.exe[3008] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 03600804
    .text C:\Program Files\IncrediMail\bin\IncMail.exe[3008] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 03600A08
    .text C:\Program Files\IncrediMail\bin\IncMail.exe[3008] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 03600600
    .text C:\Program Files\IncrediMail\bin\IncMail.exe[3008] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 036001F8
    .text C:\Program Files\IncrediMail\bin\IncMail.exe[3008] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 036003FC
    .text C:\WINDOWS\System32\alg.exe[3272] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\alg.exe[3272] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[3272] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\alg.exe[3272] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Microsoft LifeCam\LifeTray.exe[3784] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
    .text C:\Program Files\Microsoft LifeCam\LifeTray.exe[3784] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Microsoft LifeCam\LifeTray.exe[3784] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
    .text C:\Program Files\Microsoft LifeCam\LifeTray.exe[3784] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Microsoft LifeCam\LifeTray.exe[3784] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 01091014
    .text C:\Program Files\Microsoft LifeCam\LifeTray.exe[3784] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 01090804
    .text C:\Program Files\Microsoft LifeCam\LifeTray.exe[3784] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 01090A08
    .text C:\Program Files\Microsoft LifeCam\LifeTray.exe[3784] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 01090C0C
    .text C:\Program Files\Microsoft LifeCam\LifeTray.exe[3784] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 01090E10
    .text C:\Program Files\Microsoft LifeCam\LifeTray.exe[3784] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 010901F8
    .text C:\Program Files\Microsoft LifeCam\LifeTray.exe[3784] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 010903FC
    .text C:\Program Files\Microsoft LifeCam\LifeTray.exe[3784] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 01090600
    .text C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe[3828] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
    .text C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe[3828] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe[3828] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
    .text C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe[3828] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe[3828] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00031014
    .text C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe[3828] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00030804
    .text C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe[3828] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00030A08
    .text C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe[3828] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00030C0C
    .text C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe[3828] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00030E10
    .text C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe[3828] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 000301F8
    .text C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe[3828] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 000303FC
    .text C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe[3828] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00030600
    .text C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe[3828] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 03F30804
    .text C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe[3828] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 03F30A08
    .text C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe[3828] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 03F30600
    .text C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe[3828] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 03F301F8
    .text C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe[3828] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 03F303FC
    .text C:\WINDOWS\system32\ctfmon.exe[3852] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002D01F8
    .text C:\WINDOWS\system32\ctfmon.exe[3852] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\ctfmon.exe[3852] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002D03FC
    .text C:\WINDOWS\system32\ctfmon.exe[3852] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\ctfmon.exe[3852] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00991014
    .text C:\WINDOWS\system32\ctfmon.exe[3852] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00990804
    .text C:\WINDOWS\system32\ctfmon.exe[3852] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00990A08
    .text C:\WINDOWS\system32\ctfmon.exe[3852] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00990C0C
    .text C:\WINDOWS\system32\ctfmon.exe[3852] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00990E10
    .text C:\WINDOWS\system32\ctfmon.exe[3852] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 009901F8
    .text C:\WINDOWS\system32\ctfmon.exe[3852] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009903FC
    .text C:\WINDOWS\system32\ctfmon.exe[3852] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00990600
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3872] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003901F8
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3872] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3872] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003903FC
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3872] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3872] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00031014
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3872] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00030804
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3872] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00030A08
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3872] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00030C0C
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3872] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00030E10
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3872] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 000301F8
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3872] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 000303FC
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3872] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00030600
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3872] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 03910804
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3872] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 03910A08
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3872] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 03910600
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3872] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 039101F8
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3872] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 039103FC
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3888] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003901F8
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3888] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3888] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003903FC
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3888] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3888] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00031014
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3888] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00030804
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3888] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00030A08
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3888] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00030C0C
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3888] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00030E10
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3888] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 000301F8
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3888] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 000303FC
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3888] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00030600
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3888] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 03910804
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3888] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 03910A08
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3888] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 03910600
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3888] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 039101F8
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3888] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 039103FC
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3972] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003901F8
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3972] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3972] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003903FC
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3972] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3972] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00031014
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3972] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00030804
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3972] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00030A08
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3972] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00030C0C
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3972] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00030E10
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3972] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 000301F8
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3972] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 000303FC
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3972] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00030600
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3972] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 03910804
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3972] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 03910A08
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3972] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 03910600
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3972] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 039101F8
    .text C:\Program Files\Strongvault Online Backup\ClientMessenger.exe[3972] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 039103FC
    .text C:\Program Files\IncrediMail\Bin\ImApp.exe[4036] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003901F8
    .text C:\Program Files\IncrediMail\Bin\ImApp.exe[4036] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\IncrediMail\Bin\ImApp.exe[4036] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003903FC
    .text C:\Program Files\IncrediMail\Bin\ImApp.exe[4036] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\IncrediMail\Bin\ImApp.exe[4036] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00FD1014
    .text C:\Program Files\IncrediMail\Bin\ImApp.exe[4036] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00FD0804
    .text C:\Program Files\IncrediMail\Bin\ImApp.exe[4036] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00FD0A08
    .text C:\Program Files\IncrediMail\Bin\ImApp.exe[4036] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00FD0C0C
    .text C:\Program Files\IncrediMail\Bin\ImApp.exe[4036] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00FD0E10
    .text C:\Program Files\IncrediMail\Bin\ImApp.exe[4036] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00FD01F8
    .text C:\Program Files\IncrediMail\Bin\ImApp.exe[4036] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00FD03FC
    .text C:\Program Files\IncrediMail\Bin\ImApp.exe[4036] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00FD0600
    .text C:\Program Files\IncrediMail\Bin\ImApp.exe[4036] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 03470804
    .text C:\Program Files\IncrediMail\Bin\ImApp.exe[4036] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 03470A08
    .text C:\Program Files\IncrediMail\Bin\ImApp.exe[4036] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 03470600
    .text C:\Program Files\IncrediMail\Bin\ImApp.exe[4036] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 034701F8
    .text C:\Program Files\IncrediMail\Bin\ImApp.exe[4036] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 034703FC

    ---- Devices - GMER 2.1 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

    Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

    ---- EOF - GMER 2.1 ----
     
  2. pokey2

    pokey2 Thread Starter

    Joined:
    Jan 24, 2008
    Messages:
    90
    over 48 hrs just sayin. Can I please get help!!!!
     
  3. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Strongvault is not a recommended program, as usual and as can be seen from your logs, it comes with lots of adware and unwanted extras. Run the following and post the logs....

    Download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.

    • Please close all open programs and internet browsers.
    • Double click on Adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with OK.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

    Next,

    Download OTL from any of the following links and save to your desktop.

    http://itxassociates.com/OT-Tools/OTL.com
    http://oldtimer.geekstogo.com/OTL.exe
    http://www.itxassociates.com/OT-Tools/OTL.scr

    Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)

    • When the window appears, underneath Output at the top, make sure Standard output is selected.
    • Select Scan all users
    • Under the Extra Registry section, check Use SafeList
    • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
    • Click Run Scan and let the program run uninterrupted.
    • When the scan is complete, two text files will be created on your Desktop.
    • OTL.Txt <- this one will be opened
    • Extras.txt <- this one will be minimized

    Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

    Kevin
     
  4. pokey2

    pokey2 Thread Starter

    Joined:
    Jan 24, 2008
    Messages:
    90
    See below the scan logs requested.

    # AdwCleaner v2.112 - Logfile created 02/15/2013 at 18:46:22
    # Updated 10/02/2013 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : Larry - VMACHINE
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\Larry\Desktop\adwcleaner0.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\u72wne48.default-1353340976468\searchplugins\claro.xml
    File Deleted : C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\u72wne48.default-1353340976468\searchplugins\Search_Results.xml
    File Deleted : C:\Documents and Settings\Larry\Local Settings\Application Data\funmoods-speeddial.crx
    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
    File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\APN
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Browser Manager
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\WeCareReminder
    Folder Deleted : C:\Documents and Settings\Larry\Application Data\Babylon
    Folder Deleted : C:\Documents and Settings\Larry\Application Data\SwvUpdater
    Folder Deleted : C:\Documents and Settings\Larry\Local Settings\Application Data\Conduit
    Folder Deleted : C:\Documents and Settings\Larry\Local Settings\Application Data\Wajam
    Folder Deleted : C:\Program Files\OApps

    ***** [Registry] *****

    Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\docume~1\alluse~1\applic~1\browse~2\251005~1.80\{c16c1~1\browse~1.dll
    Key Deleted : HKCU\Software\5c2d9dfb33fe840
    Key Deleted : HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_2
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Crossrider
    Key Deleted : HKCU\Software\DataMngr
    Key Deleted : HKCU\Software\DataMngr_Toolbar
    Key Deleted : HKCU\Software\IB Updater
    Key Deleted : HKCU\Software\ilivid
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\ImInstaller
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D425283-D487-4337-BAB6-AB8354A81457}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\SmartBar
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\Web Assistant
    Key Deleted : HKCU\Software\Zugo
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4AFB-BEBF-F5FD231ECD39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48C9-91B4-7809E6945287}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4D7E-AF25-EFCC303D20A1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46B8-A83C-F3A45BDA23EE}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49E5-A6C0-33FC86D80205}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4A9A-B4EF-72A91E3CCF4D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4E93-966C-65615720AEFB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4C0D-BA6D-BFEA16E773A6}
    Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
    Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
    Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
    Key Deleted : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F}
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
    Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2724386
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C7E7FB02-C4FD-446E-8F5B-463A049935BF}
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
    Key Deleted : HKLM\Software\IB Updater
    Key Deleted : HKLM\Software\ImInstaller
    Key Deleted : HKLM\Software\iWon
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AF08E71-3657-462F-898C-F7E791948F94}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7225F6C9-CF64-4D6D-AE8A-169779FD7B4D}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\claro
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
    Key Deleted : HKLM\Software\SearchquSRTB
    Key Deleted : HKLM\Software\Web Assistant
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registry is clean.

    -\\ Mozilla Firefox v18.0.2 (en-US)

    File : C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\u72wne48.default-1353340976468\prefs.js

    C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\u72wne48.default-1353340976468\user.js ... Deleted !

    Deleted : user_pref("avg.install.userHPSettings", "hxxp://www.claro-search.com/?affID=117452&tt=5212_7&babsrc=[...]
    Deleted : user_pref("avg.install.userSPSettings", "Claro Search");
    Deleted : user_pref("browser.search.defaultenginename", "Search Results");
    Deleted : user_pref("browser.search.order.1", "Search Results");
    Deleted : user_pref("extensions.claro.admin", false);
    Deleted : user_pref("extensions.claro.aflt", "babsst");
    Deleted : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
    Deleted : user_pref("extensions.claro.autoRvrt", "false");
    Deleted : user_pref("extensions.claro.dfltLng", "en");
    Deleted : user_pref("extensions.claro.excTlbr", false);
    Deleted : user_pref("extensions.claro.id", "74767341000000000000000d096226d9");
    Deleted : user_pref("extensions.claro.instlDay", "15699");
    Deleted : user_pref("extensions.claro.instlRef", "sst");
    Deleted : user_pref("extensions.claro.prdct", "claro");
    Deleted : user_pref("extensions.claro.prtnrId", "claro");
    Deleted : user_pref("extensions.claro.rvrt", "false");
    Deleted : user_pref("extensions.claro.tlbrId", "claro");
    Deleted : user_pref("extensions.claro.tlbrSrchUrl", "");
    Deleted : user_pref("extensions.claro.vrsn", "1.8.8.5");
    Deleted : user_pref("extensions.claro.vrsni", "1.8.8.5");
    Deleted : user_pref("extensions.claro_i.excTlbr", false);
    Deleted : user_pref("extensions.claro_i.newTab", false);
    Deleted : user_pref("extensions.claro_i.smplGrp", "none");
    Deleted : user_pref("extensions.claro_i.vrsnTs", "1.8.8.510:23:24");
    Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
    Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
    Deleted : user_pref("extensions.wajam.affiliate_id", "5922");
    Deleted : user_pref("extensions.wajam.firstrun", "false");
    Deleted : user_pref("extensions.wajam.log_send_info", "false");
    Deleted : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21083\",\"supported_sites\":{\[...]
    Deleted : user_pref("extensions.wajam.no_trace", "false");
    Deleted : user_pref("extensions.wajam.server_current_mapping_version", "0.21083");
    Deleted : user_pref("extensions.wajam.trace_log", "1356281652131 - processDOMLoad - Checking: hxxp://www.wajam[...]
    Deleted : user_pref("extensions.wajam.unique_id", "949FDAEF5B9BD9E018D062818675C303");
    Deleted : user_pref("extensions.wajam.user_current_mapping_version", "0");
    Deleted : user_pref("extensions.wajam.version", "1.26");
    Deleted : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=100&systemid=410&apn[...]

    -\\ Google Chrome v [Unable to get version]

    File : C:\Documents and Settings\Larry\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [14356 octets] - [15/02/2013 18:46:22]

    ########## EOF - C:\AdwCleaner[S1].txt - [14417 octets] ##########


    OTL logfile created on: 2/15/2013 7:01:02 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Larry\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 73.25% Memory free
    3.33 Gb Paging File | 2.91 Gb Available in Paging File | 87.44% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.53 Gb Total Space | 39.37 Gb Free Space | 52.82% Space Free | Partition Type: NTFS
    Unable to calculate disk information.
    Drive G: | 14.89 Gb Total Space | 2.37 Gb Free Space | 15.94% Space Free | Partition Type: FAT32

    Computer Name: VMACHINE | User Name: Larry | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Modules (No Company Name) ==========

    MOD - [2013/02/15 14:56:34 | 002,060,288 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13021501\algo.dll
    MOD - [2013/02/13 12:02:14 | 001,879,552 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Deployment\d4fd7d6dfb7fc7e8a3520ae915eb0a9d\System.Deployment.ni.dll
    MOD - [2013/02/13 09:22:39 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll
    MOD - [2013/02/13 09:22:20 | 013,198,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\de3e6b59e3949f8086973d53518a9ecb\System.Windows.Forms.ni.dll
    MOD - [2013/02/05 12:27:02 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
    MOD - [2013/01/29 09:25:27 | 000,072,256 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\wlessfp1.dll
    MOD - [2013/01/29 09:25:25 | 000,268,864 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\ImLookExU.dll
    MOD - [2013/01/29 09:25:25 | 000,133,696 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\ImComUtlU.dll
    MOD - [2013/01/29 09:25:25 | 000,080,448 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\ImAppRU.dll
    MOD - [2013/01/29 09:25:25 | 000,033,272 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\IMHttpComm.dll
    MOD - [2013/01/15 19:14:34 | 000,009,216 | ---- | M] () -- C:\Program Files\Strongvault Online Backup\Infrastructure.Metadata.dll
    MOD - [2013/01/15 19:14:34 | 000,006,144 | ---- | M] () -- C:\Program Files\Strongvault Online Backup\Infrastructure.Helpers.dll
    MOD - [2013/01/15 19:14:30 | 000,009,728 | ---- | M] () -- C:\Program Files\Strongvault Online Backup\Environment.Identification.dll
    MOD - [2013/01/09 03:33:33 | 018,054,144 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\90aa475ae4f67c45538cede327c086aa\System.ServiceModel.ni.dll
    MOD - [2013/01/09 03:29:03 | 000,196,096 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\00b3e4fe5239ad310594f6a6ea0951da\UIAutomationTypes.ni.dll
    MOD - [2013/01/09 03:29:03 | 000,188,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\31c6d1aba484bf4da8cb1c2f84e65546\System.Windows.Input.Manipulations.ni.dll
    MOD - [2013/01/09 03:29:02 | 000,096,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\a1b65a602c75409c0c1ce7fa1f2a0983\UIAutomationProvider.ni.dll
    MOD - [2013/01/09 03:28:31 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\32b515633fcbcc6dad09b9dd09f2fc2f\System.Runtime.Remoting.ni.dll
    MOD - [2013/01/09 03:28:26 | 001,020,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\f616e6911a3d461193cd0e6e003adca5\System.Runtime.DurableInstancing.ni.dll
    MOD - [2013/01/09 03:28:24 | 000,142,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\3b7f418545abc074940776fea9ad635e\SMDiagnostics.ni.dll
    MOD - [2013/01/09 03:28:23 | 002,637,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\fe0d8dda05b9d38bbb664432300b4f42\System.Runtime.Serialization.ni.dll
    MOD - [2013/01/09 03:28:19 | 000,391,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\80383b3ebbbeb285cb6164b84d3e1e85\System.Xml.Linq.ni.dll
    MOD - [2013/01/09 03:28:18 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\7256e28382f57416b828a0cc143b67b3\System.Xaml.ni.dll
    MOD - [2013/01/09 03:22:31 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
    MOD - [2013/01/09 03:22:03 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\edbf4e4a55e63b9fbf0b0b40cba13063\System.Core.ni.dll
    MOD - [2013/01/09 03:20:51 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
    MOD - [2013/01/09 03:20:39 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
    MOD - [2013/01/09 03:08:36 | 018,000,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\25884c52a01d74137ffacdb51d8f2d04\PresentationFramework.ni.dll
    MOD - [2013/01/09 03:07:53 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\3ca69d589c23a0be94f3858f72e7a595\PresentationCore.ni.dll
    MOD - [2013/01/09 03:07:48 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8ba0620535aa28d509b9397500b7d530\System.Drawing.ni.dll
    MOD - [2013/01/09 03:07:45 | 000,309,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\471ffd2d91c4e06f89c84c93cfeddedf\PresentationFramework.Classic.ni.dll
    MOD - [2013/01/09 03:07:27 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a0db56351a1589e44868456609b01737\System.Core.ni.dll
    MOD - [2013/01/09 03:07:13 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\197761bb3230bf9d4f540305dcf6717c\System.Configuration.ni.dll
    MOD - [2013/01/09 03:07:11 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6d9da56c9f607615b55d6742d8427d\System.Xml.ni.dll
    MOD - [2013/01/09 03:07:09 | 003,856,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\6133e360071a2fa7ba7deb483816e585\WindowsBase.ni.dll
    MOD - [2013/01/09 03:06:59 | 009,093,120 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c182d7a0bd88caf2cddccb7491a5fa6e\System.ni.dll
    MOD - [2013/01/09 03:06:44 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
    MOD - [2012/12/27 16:40:24 | 000,109,040 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\PMC.dll


    ========== Services (SafeList) ==========

    SRV - [2013/02/08 11:39:16 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/02/06 15:50:09 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/02/05 12:27:02 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
    SRV - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2012/08/28 07:41:08 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
    SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
    SRV - [2010/01/25 10:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
    SRV - [2007/05/17 16:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\zumbus.sys -- (zumbus)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\szkgfs.sys -- (szkgfs)
    DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\szkg.sys -- (szkg5)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\is3srv.sys -- (is3srv)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - [2012/10/30 18:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2012/10/30 18:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2012/10/30 18:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2012/10/30 18:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
    DRV - [2012/10/30 18:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2012/10/30 18:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2012/10/30 18:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
    DRV - [2010/12/16 14:14:01 | 000,195,424 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
    DRV - [2010/01/29 04:04:28 | 002,074,480 | ---- | M] (Microsoft Corporation
    ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX6000Xp.sys -- (VX6000)
    DRV - [2009/03/24 04:25:00 | 000,966,912 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86)
    DRV - [2008/12/10 12:56:18 | 000,187,392 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2008/08/07 17:42:36 | 000,016,512 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RAPIProtocol.sys -- (RAPIProtocol)
    DRV - [2008/06/17 18:49:22 | 004,756,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
    DRV - [2006/11/02 10:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-2660266228-3332220392-942532097-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKU\S-1-5-21-2660266228-3332220392-942532097-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKU\S-1-5-21-2660266228-3332220392-942532097-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.net/
    IE - HKU\S-1-5-21-2660266228-3332220392-942532097-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKU\S-1-5-21-2660266228-3332220392-942532097-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-2660266228-3332220392-942532097-1004\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-2660266228-3332220392-942532097-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-2660266228-3332220392-942532097-1004\..\SearchScopes\{32508879-2119-4D0A-B5EF-F80C0BA237C6}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADRA_en
    IE - HKU\S-1-5-21-2660266228-3332220392-942532097-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-2660266228-3332220392-942532097-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2660266228-3332220392-942532097-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.charter.net/"
    FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
    FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0
    FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{720096CD-5FB4-486D-A0C6-CB00508A2D77}: C:\Documents and Settings\Larry\Local Settings\Application Data\{720096CD-5FB4-486D-A0C6-CB00508A2D77} [2011/07/30 09:01:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/07 14:07:10 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/06 15:50:10 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/06 15:49:59 | 000,000,000 | ---D | M]

    [2013/02/13 09:20:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Larry\Application Data\Mozilla\Extensions
    [2011/02/26 12:01:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Larry\Application Data\Mozilla\Extensions\[email protected]
    [2013/02/13 10:13:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\u72wne48.default-1353340976468\extensions
    [2013/02/13 09:20:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/11/07 14:07:10 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2011/02/12 13:13:46 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2010/12/04 19:15:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2013/02/06 15:50:10 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2012/10/14 17:51:35 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/10/14 17:51:35 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========


    Hosts file not found
    O2 - BHO: (no name) - {300BEC06-B743-4D19-86B9-11DC711D7FFB} - No CLSID value found.
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKU\S-1-5-21-2660266228-3332220392-942532097-1004..\Run: [DW7] C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe (The Weather Channel)
    O4 - HKU\S-1-5-21-2660266228-3332220392-942532097-1004..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
    O4 - HKU\S-1-5-21-2660266228-3332220392-942532097-1004..\Run: [Messenger] C:\Program Files\Strongvault Online Backup\ClientMessenger.exe (Stronghold LLC)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2660266228-3332220392-942532097-1004\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-21-2660266228-3332220392-942532097-1004\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-21-2660266228-3332220392-942532097-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (Reg Error: Key error.)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1360267042484 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2090FB9A-AF35-496D-84AE-18812705D7FC}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
    O24 - Desktop WallPaper: C:\Documents and Settings\Larry\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Larry\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/08/10 10:55:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{e489361c-ff54-11df-ba22-000d096226d9}\Shell\AutoRun\command - "" = setupSNK.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKU\S-1-5-21-2660266228-3332220392-942532097-1004\...exe [@ = exefile] -- Reg Error: Key error. File not found
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/02/15 18:54:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Larry\Desktop\OTL.com
    [2013/02/13 16:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ffdshow
    [2013/02/13 16:47:36 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
    [2013/02/12 19:38:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry\Application Data\tiger-k
    [2013/02/12 19:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry\My Documents\Leawo
    [2013/02/12 19:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry\Application Data\Leawo
    [2013/02/12 19:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Leawo
    [2013/02/12 19:27:16 | 000,000,000 | ---D | C] -- C:\videodvdmaker
    [2013/02/12 19:27:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry\Application Data\Video DVD Maker FREE
    [2013/02/12 19:23:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry\Local Settings\Application Data\Strongvault
    [2013/02/12 19:23:58 | 000,000,000 | ---D | C] -- C:\Program Files\Strongvault Online Backup
    [2013/02/12 19:23:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    [2013/02/12 19:23:43 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin
    [2013/02/12 19:23:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry\Local Settings\Application Data\Updater21804
    [2013/02/11 10:11:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Wincert
    [2013/02/11 10:11:14 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioVisu.dll
    [2013/02/11 10:11:14 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudPlayer.dll
    [2013/02/11 10:11:14 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioRecord.dll
    [2013/02/11 10:11:14 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\WMAFile.dll
    [2013/02/11 10:11:13 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudFile.dll
    [2013/02/11 10:11:13 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioInfos.dll
    [2013/02/11 10:11:13 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudDisplay.dll
    [2013/02/11 10:11:12 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudDesign.dll
    [2013/02/11 10:11:12 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6FR.DLL
    [2013/02/11 10:11:12 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msinet.OCX
    [2013/02/11 10:11:12 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL
    [2013/02/11 10:11:12 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TABCTFR.DLL
    [2013/02/11 10:11:12 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetfr.DLL
    [2013/02/11 10:11:11 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCFR.DLL
    [2013/02/11 10:11:11 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mscc2fr.dll
    [2013/02/11 10:11:11 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGFR.DLL
    [2013/02/11 10:11:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry\Application Data\FreeAudioPack
    [2013/02/11 09:57:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\18213
    [2013/02/06 15:49:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/02/05 19:01:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry\Application Data\TechSmith
    [2013/02/05 19:01:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry\Local Settings\Application Data\TechSmith
    [2013/02/05 18:45:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Wondershare
    [2013/02/05 18:44:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry\Local Settings\Application Data\Wondershare
    [2013/02/05 12:27:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ProShow Gold
    [2013/02/05 12:27:09 | 000,000,000 | ---D | C] -- C:\Program Files\Photodex Presenter
    [2013/02/05 12:26:56 | 000,000,000 | ---D | C] -- C:\Program Files\Photodex
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/02/15 18:54:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Larry\Desktop\OTL.com
    [2013/02/15 18:54:25 | 000,545,424 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/02/15 18:54:25 | 000,098,592 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/02/15 18:53:21 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2013/02/15 18:50:48 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/02/15 18:50:25 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2013/02/15 18:49:56 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/02/15 18:49:52 | 000,000,310 | -HS- | M] () -- C:\WINDOWS\tasks\zkrz.job
    [2013/02/15 18:49:52 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2660266228-3332220392-942532097-1004.job
    [2013/02/15 18:49:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/02/15 18:44:23 | 000,587,671 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\adwcleaner0.exe
    [2013/02/15 18:39:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/02/15 18:27:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/02/15 18:10:48 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8B8C8C92-2F64-470D-88ED-20EE1683545D}.job
    [2013/02/14 19:29:19 | 000,072,704 | ---- | M] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/02/13 10:30:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2660266228-3332220392-942532097-1004.job
    [2013/02/13 09:36:48 | 000,192,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/02/13 07:32:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2013/02/11 20:34:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2013/02/08 11:39:16 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2013/02/08 11:39:16 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2013/02/05 12:27:15 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ProShow Gold.lnk
    [2013/01/25 22:55:44 | 000,552,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaut32.dll
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/02/15 18:44:23 | 000,587,671 | ---- | C] () -- C:\Documents and Settings\Larry\Desktop\adwcleaner0.exe
    [2013/02/12 19:37:43 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2013/02/11 10:11:14 | 000,116,296 | ---- | C] () -- C:\WINDOWS\System32\NCTWMAProfiles.prx
    [2013/02/05 12:27:15 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ProShow Gold.lnk
    [2013/01/05 18:44:19 | 000,038,492 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2012/11/12 18:29:04 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
    [2012/07/26 14:10:44 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
    [2012/02/14 19:40:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/12/28 03:33:16 | 004,150,675 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2660266228-3332220392-942532097-1004-0.dat
    [2011/12/28 03:33:07 | 000,246,502 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2011/12/27 15:16:05 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
    [2011/07/30 09:01:28 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Dzegijehulali.dat
    [2011/07/30 09:01:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Jwiyeje.bin
    [2011/05/26 13:20:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2011/04/12 15:25:00 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10A.DAT
    [2011/04/12 15:24:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
    [2011/04/07 23:12:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/02/15 22:05:46 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\housecall.guid.cache
    [2010/12/05 01:31:57 | 000,072,704 | ---- | C] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2010/08/12 12:57:51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/08/21 07:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/08/21 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2010/08/13 12:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ESET
    [2013/02/11 09:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\18213
    [2013/02/05 11:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
    [2012/07/11 10:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2010/08/13 12:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
    [2011/01/16 15:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
    [2012/02/05 10:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fixie
    [2010/12/04 17:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
    [2010/12/04 17:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
    [2013/02/12 19:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leawo
    [2013/01/06 10:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lphant
    [2010/12/16 14:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Medtronic
    [2011/05/24 10:39:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photo Notifier and Animation Creator
    [2010/12/18 16:22:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
    [2010/12/10 01:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ralink Driver
    [2011/04/26 14:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
    [2013/02/12 19:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Strongvault Online Backup
    [2011/02/26 12:02:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
    [2013/02/13 09:20:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wincert
    [2013/02/05 18:51:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wondershare
    [2010/12/14 02:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2013/01/06 10:40:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A75C1176-8D6E-4B20-921A-46FD23436A86}
    [2010/08/13 12:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\ESET
    [2013/02/05 12:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Amazon
    [2013/02/09 19:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Audacity
    [2012/12/25 10:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\avidemux
    [2011/04/08 00:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\B967B65CD94C23DB6C23F14546166AC9
    [2013/02/13 10:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\ElevatedDiagnostics
    [2010/08/13 12:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\ESET
    [2011/02/11 13:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\f-secure
    [2012/02/05 10:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Fixie
    [2013/02/11 10:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\FreeAudioPack
    [2012/02/05 10:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\FxDrCl
    [2011/09/20 15:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\GameHouse
    [2013/02/12 19:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Leawo
    [2010/12/15 13:17:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Millennia
    [2012/03/23 10:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Netscape
    [2012/11/16 14:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Nuance
    [2010/12/13 14:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\OpenOffice.org
    [2012/12/23 11:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Sony
    [2013/02/12 19:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Strongvault
    [2012/11/17 10:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\SystemRequirementsLab
    [2013/02/05 19:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\TechSmith
    [2013/02/12 19:38:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\tiger-k
    [2011/02/26 12:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\TomTom
    [2011/11/22 18:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Unity
    [2013/02/12 19:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Video DVD Maker FREE
    [2012/11/16 14:54:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Zeon

    ========== Purity Check ==========



    < End of report >


    OTL Extras logfile created on: 2/15/2013 7:01:02 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Larry\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 73.25% Memory free
    3.33 Gb Paging File | 2.91 Gb Available in Paging File | 87.44% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.53 Gb Total Space | 39.37 Gb Free Space | 52.82% Space Free | Partition Type: NTFS
    Unable to calculate disk information.
    Drive G: | 14.89 Gb Total Space | 2.37 Gb Free Space | 15.94% Space Free | Partition Type: FAT32

    Computer Name: VMACHINE | User Name: Larry | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_USERS\S-1-5-21-2660266228-3332220392-942532097-1004\SOFTWARE\Classes\<extension>]
    .exe [@ = exefile] -- Reg Error: Key error. File not found
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1542:TCP" = 1542:TCP:*:Enabled:Realtek WPS TCP Prot
    "1542:UDP" = 1542:UDP:*:Enabled:Realtek WPS UDP Prot
    "53:UDP" = 53:UDP:*:Enabled:Realtek AP UDP Prot
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh
    "C:\Program Files\Lphant Applications\Lphant\Lphant.exe" = C:\Program Files\Lphant Applications\Lphant\Lphant.exe:*:Enabled:Lphant -- (Discordia, LTD)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe" = C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan
    "C:\Program Files\IncrediMail\Bin\IncMail.exe" = C:\Program Files\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
    "C:\Program Files\IncrediMail\Bin\ImApp.exe" = C:\Program Files\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
    "C:\Program Files\IncrediMail\Bin\ImpCnt.exe" = C:\Program Files\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
    "C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
    "C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
    "C:\Legacy\FamilySearch\LegacyFS.exe" = C:\Legacy\FamilySearch\LegacyFS.exe:*:Enabled:LegacyFS
    "C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
    "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
    "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
    "C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh
    "C:\Program Files\Lphant Applications\Lphant\Lphant.exe" = C:\Program Files\Lphant Applications\Lphant\Lphant.exe:*:Enabled:Lphant -- (Discordia, LTD)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 29
    "{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
    "{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}" = System Requirements Lab for Intel
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
    "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
    "{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A4879FAF-1A81-4189-91FB-9D2109EB49B4}" = MovieTracer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
    "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C97F54CA-C6C6-4155-8D2D-9C53947AB56D}" = Lphant
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
    "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F9C62746-BB57-48B2-853D-38DE983A703C}" = IncrediMail
    "{FB83EAC4-E3F6-4666-B45B-44522F2344B6}" = Brother MFL-Pro Suite MFC-J265W
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "avast" = avast! Free Antivirus
    "CCleaner" = CCleaner
    "ffdshow" = ffdshow (remove only)
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "ie8" = Windows Internet Explorer 8
    "IncrediMail" = IncrediMail 2.0
    "Lphant" = Lphant
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Mozilla Firefox 18.0.2 (x86 en-US)" = Mozilla Firefox 18.0.2 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "Photodex Presenter" = Photodex Presenter
    "ProShow Gold" = ProShow Gold
    "The Weather Channel App" = The Weather Channel App
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "winusb0100" = Microsoft WinUsb 1.0
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2660266228-3332220392-942532097-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 2/14/2013 5:43:59 PM | Computer Name = VMACHINE | Source = Application Hang | ID = 1001
    Description = Fault bucket 28122037.

    Error - 2/14/2013 7:44:33 PM | Computer Name = VMACHINE | Source = PDH | ID = 2011
    Description =

    Error - 2/14/2013 7:45:03 PM | Computer Name = VMACHINE | Source = PDH | ID = 2011
    Description =

    Error - 2/14/2013 7:45:44 PM | Computer Name = VMACHINE | Source = PDH | ID = 2011
    Description =

    Error - 2/14/2013 7:46:56 PM | Computer Name = VMACHINE | Source = PDH | ID = 2011
    Description =

    Error - 2/14/2013 7:47:18 PM | Computer Name = VMACHINE | Source = PDH | ID = 2011
    Description =

    Error - 2/14/2013 7:48:00 PM | Computer Name = VMACHINE | Source = PDH | ID = 2011
    Description =

    Error - 2/14/2013 7:49:18 PM | Computer Name = VMACHINE | Source = PDH | ID = 2011
    Description =

    Error - 2/14/2013 8:27:00 PM | Computer Name = VMACHINE | Source = Application Error | ID = 1000
    Description = Faulting application proshow.exe, version 0.0.0.0, faulting module
    all.dnt, version 0.0.0.0, fault address 0x008b9393.

    Error - 2/15/2013 5:53:17 PM | Computer Name = VMACHINE | Source = Application Error | ID = 1000
    Description = Faulting application proshow.exe, version 0.0.0.0, faulting module
    all.dnt, version 0.0.0.0, fault address 0x008b9484.

    [ System Events ]
    Error - 2/5/2013 1:29:28 PM | Computer Name = VMACHINE | Source = Service Control Manager | ID = 7000
    Description = The Zune Bus Enumerator Driver service failed to start due to the
    following error: %%2

    Error - 2/5/2013 1:29:28 PM | Computer Name = VMACHINE | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    szkg5 szkgfs

    Error - 2/13/2013 10:37:28 AM | Computer Name = VMACHINE | Source = Service Control Manager | ID = 7000
    Description = The Zune Bus Enumerator Driver service failed to start due to the
    following error: %%2

    Error - 2/13/2013 10:38:57 AM | Computer Name = VMACHINE | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    szkg5 szkgfs

    Error - 2/13/2013 12:21:20 PM | Computer Name = VMACHINE | Source = Service Control Manager | ID = 7016
    Description = The BrSplService service has reported an invalid current state 0.

    Error - 2/13/2013 4:02:41 PM | Computer Name = VMACHINE | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 2/13/2013 4:05:43 PM | Computer Name = VMACHINE | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 2/13/2013 4:05:48 PM | Computer Name = VMACHINE | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 2/15/2013 7:50:20 PM | Computer Name = VMACHINE | Source = Service Control Manager | ID = 7000
    Description = The Zune Bus Enumerator Driver service failed to start due to the
    following error: %%2

    Error - 2/15/2013 7:50:20 PM | Computer Name = VMACHINE | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    szkg5 szkgfs


    < End of report > Hope these help. Larry
     
  5. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Re-Run [​IMG] by double left click, Vista and Widows 7 users accept UAC alert.
    • Under the [​IMG] box at the bottom, paste in the following, start with and include the colon plus OTL . :OTL

      Code:
      :OTL
      MOD - [2013/01/29 09:25:27 | 000,072,256 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\wlessfp1.dll
      MOD - [2013/01/29 09:25:25 | 000,268,864 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\ImLookExU.dll
      MOD - [2013/01/29 09:25:25 | 000,133,696 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\ImComUtlU.dll
      MOD - [2013/01/29 09:25:25 | 000,080,448 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\ImAppRU.dll
      MOD - [2013/01/29 09:25:25 | 000,033,272 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\IMHttpComm.dll
      MOD - [2013/01/15 19:14:34 | 000,009,216 | ---- | M] () -- C:\Program Files\Strongvault Online Backup\Infrastructure.Metadata.dll
      MOD - [2013/01/15 19:14:34 | 000,006,144 | ---- | M] () -- C:\Program Files\Strongvault Online Backup\Infrastructure.Helpers.dll
      MOD - [2013/01/15 19:14:30 | 000,009,728 | ---- | M] () -- C:\Program Files\Strongvault Online Backup\Environment.Identification.dll
      MOD - [2012/12/27 16:40:24 | 000,109,040 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\PMC.dll
      DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\zumbus.sys -- (zumbus)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
      DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\szkgfs.sys -- (szkgfs)
      DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\szkg.sys -- (szkg5)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
      DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
      DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
      DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\is3srv.sys -- (is3srv)
      DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
      DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
      [2012/10/14 17:51:35 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
      [2012/10/14 17:51:35 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
      O2 - BHO: (no name) - {300BEC06-B743-4D19-86B9-11DC711D7FFB} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O4 - HKU\S-1-5-21-2660266228-3332220392-942532097-1004..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
      O4 - HKU\S-1-5-21-2660266228-3332220392-942532097-1004..\Run: [Messenger] C:\Program Files\Strongvault Online Backup\ClientMessenger.exe (Stronghold LLC)
      O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
      O33 - MountPoints2\{e489361c-ff54-11df-ba22-000d096226d9}\Shell\AutoRun\command - "" = setupSNK.exe
      [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
      [2013/02/15 18:49:52 | 000,000,310 | -HS- | M] () -- C:\WINDOWS\tasks\zkrz.job
      [2013/02/11 20:34:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
      [2011/07/30 09:01:28 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Dzegijehulali.dat
      [2011/07/30 09:01:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Jwiyeje.bin
      [2010/12/04 17:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
      [2013/02/12 19:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Strongvault
      :Reg
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
      "C:\Program Files\IncrediMail\Bin\IncMail.exe" =- 
      "C:\Program Files\IncrediMail\Bin\ImApp.exe" =- 
      "C:\Program Files\IncrediMail\Bin\ImpCnt.exe" =-
      "C:\Program Files\iMesh Applications\iMesh\iMesh.exe" =-
      :Files
      ipconfig /flushdns /c
      C:\Program Files\iMesh Applications
      C:\Program Files\IncrediMail
      C:\Program Files\Strongvault Online Backup
      :Commands
      [emptytemp]
      [CREATERESTOREPOINT]
      [Resethosts]
      
    • Then click [​IMG] button at the top
    • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
    • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

    Next,

    Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if Malwarebytes is not installed:

    Download Malwarebytes from one of the following links and save it to your desktop.:


    http://www.malwarebytes.org/mbam.php
    http://www.softpedia.com/get/Antivirus/Malwarebytes-Anti-Malware.shtml
    http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Next,

    Download Security Check by screen317 from either of the following:
    http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Post those logs, also give an update on current issues/concerns..

    Kevin
     
  6. pokey2

    pokey2 Thread Starter

    Joined:
    Jan 24, 2008
    Messages:
    90
    See below the new logs requested. Larry

    All processes killed
    ========== OTL ==========
    Service zumbus stopped successfully!
    Service zumbus deleted successfully!
    File system32\DRIVERS\zumbus.sys not found.
    Service WDICA stopped successfully!
    Service WDICA deleted successfully!
    Service szkgfs stopped successfully!
    Service szkgfs deleted successfully!
    File system32\drivers\szkgfs.sys not found.
    Service szkg5 stopped successfully!
    Service szkg5 deleted successfully!
    File system32\DRIVERS\szkg.sys not found.
    Service PDRFRAME stopped successfully!
    Service PDRFRAME deleted successfully!
    Service PDRELI stopped successfully!
    Service PDRELI deleted successfully!
    Service PDFRAME stopped successfully!
    Service PDFRAME deleted successfully!
    Service PDCOMP stopped successfully!
    Service PDCOMP deleted successfully!
    Service PCIDump stopped successfully!
    Service PCIDump deleted successfully!
    Service lbrtfdc stopped successfully!
    Service lbrtfdc deleted successfully!
    Service is3srv stopped successfully!
    Service is3srv deleted successfully!
    File system32\drivers\is3srv.sys not found.
    Service i2omgmt stopped successfully!
    Service i2omgmt deleted successfully!
    Service Changer stopped successfully!
    Service Changer deleted successfully!
    C:\Program Files\Mozilla Firefox\searchplugins\bing.xml moved successfully.
    C:\Program Files\Mozilla Firefox\searchplugins\twitter.xml moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{300BEC06-B743-4D19-86B9-11DC711D7FFB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{300BEC06-B743-4D19-86B9-11DC711D7FFB}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-2660266228-3332220392-942532097-1004\Software\Microsoft\Windows\CurrentVersion\Run\\IncrediMail deleted successfully.
    C:\Program Files\IncrediMail\Bin\IncMail.exe moved successfully.
    Registry value HKEY_USERS\S-1-5-21-2660266228-3332220392-942532097-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Messenger deleted successfully.
    C:\Program Files\Strongvault Online Backup\ClientMessenger.exe moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TPSvc\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e489361c-ff54-11df-ba22-000d096226d9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e489361c-ff54-11df-ba22-000d096226d9}\ not found.
    File setupSNK.exe not found.
    C:\WINDOWS\msdownld.tmp folder deleted successfully.
    C:\WINDOWS\tasks\zkrz.job moved successfully.
    C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job moved successfully.
    C:\WINDOWS\Dzegijehulali.dat moved successfully.
    C:\WINDOWS\Jwiyeje.bin moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Welcome\HomePage\images\english folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Welcome\HomePage\images folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Welcome\HomePage folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Welcome folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\SW folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\SetupData\Sound folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\SetupData\Skin folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\SetupData\Notifier folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\SetupData\Letter folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\SetupData\Images folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\SetupData\Image folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\SetupData\GoldGallery folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\SetupData\Gold folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\SetupData\Emoticon folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\SetupData\Ecard\Swedish.unloaded folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\SetupData\Ecard\spanish.unloaded folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\SetupData\Ecard\russian folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\SetupData\Ecard\Portuguese.unloaded folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\SetupData\Ecard\Italian.unloaded folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\SetupData\Ecard\German.unloaded folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\SetupData\Ecard\French.unloaded folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\SetupData\Ecard\English.unloaded folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\SetupData\Ecard\Dutch.unloaded folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\SetupData\Ecard folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\SetupData\ContentPack folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\SetupData\Animation folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\SetupData folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\ProtectionCenter folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{FF249D89-5CD7-40B5-BB82-D081E65EE1C3} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{FEE9B36E-2CFB-4537-829B-50DEC559E875} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{FBFACA01-2994-457B-B3A8-4F92759BA3A2} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{FAAE75FC-3CA5-4800-ADA3-9BCF887DFA53} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{F9752AC4-9B3F-435D-A942-012F1FC997C7} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{EE546098-5A39-4870-9678-82BC9220D213} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{EC1A3858-E483-4D91-AA28-B62F09ADF75C} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{E984453A-44FD-48E6-880D-73AF61F1BE53} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{E7377AFF-D892-4EE3-AA61-06D7434B40D3} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{E61E0414-2E23-433E-B6ED-68AE02DF85AE} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{E3E4EDD2-55B5-4764-9DEC-A84EDE963EF8} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{DB4CA8A9-279C-44F0-AE35-79CFECC1ED42} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{D9399675-900F-489B-AA91-4B69567999E5} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{D8AEC21F-E3BA-4EFA-A66B-A2657623BEB8} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{D820E2E9-452D-4CE8-83D4-FC32D8EC0295} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{D766A57D-EDC0-4A5D-99D5-040CECA4243A} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{D73E2035-9FD9-4F48-8FA3-5C829439EFC8} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{D519E5CB-392E-41DA-9317-E908F12C3241} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{C531BFEE-8994-47DD-9687-DA13DE38F0C9} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{C1EA2691-0130-49E4-8EA4-F8966B892393} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{BF00389C-CC6F-4B99-B473-A2BD4882947E} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{BE4E2255-3827-47D8-900C-C02E960D2361} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{B67DDF5A-3B6B-4E0B-98E5-9CA9AB65EF28} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{B39A875C-9E5B-4C1A-9137-F4C46DBE2A32} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{B24EA274-F645-4A7B-8463-2E799E23CD27} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{B18CEA45-08C4-44F4-B079-EB9FD8D3C66E} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{A9272F22-D0C1-4E0B-8DD9-B2C55B88E7FC} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{A28880ED-C6CD-4467-A340-DCC48941B640} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{A0953278-741A-43F6-92C9-A9B147CA691A} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{9FD9F8A0-06BE-4F26-92EC-89E5B047FA2E} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{9C88AB9F-936E-479D-B4A6-6AC386700312} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{96E130A0-8F5D-4CEF-9D6E-893CC709D5CD} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{95513B5D-7E7F-4963-82D9-5709E57F7908} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{9112AEE4-04D0-49A1-B794-852585702461} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{90DD0D61-009F-4805-A714-956C0B2F51EF} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{8C0C3CD8-25E3-41C6-92D0-56A3FF5ED2E1} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{8A1EA157-6F51-414B-B83B-CEC4B010D6E2} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{85364EFF-D52B-4266-BBFB-C27C03C62B56} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{8433493E-6DAA-42E1-949D-5CEDD29EEE81} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{7EED807D-ABE5-482C-87CC-0A610B5AD14D} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{7E2E1AFB-85DC-4716-92BF-981E483A4706} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{7D44BD65-D99A-4248-9981-6367C9910A5F} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{7BF844DF-6225-4800-9DED-87A359D3BD01} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{7532F775-18B4-4518-BAB8-7BA07A8B966F} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{7388F73B-495E-4037-B5B2-10DBF7F20012} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{649B7494-1829-481E-9063-EC63E8B4DE74} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{5F5071A6-74A5-4E9A-8592-255121BEAB1D} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{5F361939-467F-448E-B99B-04929AB31F16} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{5E2291A7-EE52-4655-AEBE-45E91FB16A64} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{5BD9DB75-E1F5-4659-A79B-DC5D6C7899D0} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{595CB421-00D3-4E28-996B-11DFBBD68346} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{58F47CA4-34B8-44CE-A79A-9073E55164D9} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{5801CC77-1E03-44F9-AF1E-DA0D5AD9231A} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{578BC8DD-3211-423B-AD26-39F907B1BE62} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{54B87B0C-3BC4-4CAE-94E7-4A917E65C9B6} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{4F14A10F-A49D-4D90-8EFC-750E2DE542C5} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{4C448A7E-528C-4DC9-9F5A-132DBBB5BAE4} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{4AE8FF68-2CE6-419B-BE74-A70EEB12AF27} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{47E48499-939C-497C-9F67-9AFB489E214B} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{46BE39D0-31AA-49F2-BC4E-77A71B2568B4} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{44A7185B-21E9-463C-8B7A-AAF720497BAC} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{43E0895E-1896-445D-B8D1-4BF2667F5439} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{40C815FD-5C64-4E20-8ED1-0F2D1BF4706C} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{3DDAE38B-6A10-4070-9671-DA595F8A9C18} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{3BDC7D91-1C7D-471E-B6C6-A3510E0E79E6} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{3AEF0E06-B06D-44B9-A019-0A6C317C979D} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{35180BF0-14A8-4DF2-97A9-1892D2FF46F1} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{34B4B5E4-6EFD-4C33-8F14-ADB675C31F49} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{2E8A33E4-B57B-4F09-9BC1-8C5AB6CB5223} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{2B89B57D-8B42-474B-9A46-D5424878E4BF} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{2AAFE8D5-FB97-4798-BE6C-823BE84F22ED} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{2A53D07B-D668-4656-9D1E-C9862E7E8DB8} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{2A3F5A21-8665-4DBD-9BD2-7A88A001E4BD} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{2717B5A6-84A9-410A-8A42-CE27CB779CCD} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{25E53664-29F4-4705-91D4-62F10E642451} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{251A17B1-A3C8-4D3A-A7D8-8263B3F384EF} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{23E41B8B-DDDE-4FC5-90E0-D309639FA056} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{1E9E5D28-DF38-4A3E-BD93-16143B6D5161} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{1D63DEA0-1C10-4705-81EE-86BA1C9445C1} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{194AFDE0-4FFA-46E2-AD4C-56213B86EB24} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{1947E5E1-F1D7-4E50-9FC6-0B9D8A279E8D} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{18808474-BF2B-4501-AE58-22914203D66C} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{132C7AA8-241D-49C7-B908-8223AA880F6A} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{1190927C-0CA1-498D-812F-21A32E20C88B} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{109056AE-5DE4-4EAE-91CB-6BB390A09A59} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{0CAA856A-58A6-4A9F-90B2-555C261B3F49} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{0C14A18B-C2AC-4669-86E4-B9E73BE84718} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{0B248F59-5C20-4DA8-8942-60C29CAE8140} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{09D2DBAB-C227-41D1-BAA0-7DF27CF733F2} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{07C4D36C-62D4-4D4B-8D8B-D1CF14BAFC7E} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{0764C0CC-7A86-4765-B0B6-9CA2A93F06E7} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures\{01196CF3-A97E-4CAB-AB87-D6F3A48D6AD0} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Pictures folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Licenses folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Lex folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\LetterCreator\Skin folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\LetterCreator\LSamples folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\LetterCreator\ISamples\Tile Papers folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\LetterCreator\ISamples\Tile Gradients folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\LetterCreator\ISamples\Tile General folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\LetterCreator\ISamples\Tile Elegant folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\LetterCreator\ISamples folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\LetterCreator folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\JunkPreview folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Index folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\949 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\948 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\947 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\946 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\945\Images folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\945 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\944\Images folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\944 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\943\Images folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\943 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\942 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\941\Images folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\941 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\936 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\935 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\934_935_Common folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\934 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\933\gettingstarted folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\933 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\932\noMystartDialog\english folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\932\noMystartDialog folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\932 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\931\DeluxeThankYouDialog\english folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\931\DeluxeThankYouDialog folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\931 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\930\images\english folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\930\images folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\930 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\929 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\928 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\927 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\926 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\925 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\924 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\923 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\922 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\921 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\920 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\919 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\918 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\917 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\916 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\915 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\913\images\english folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\913\images folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA}\913 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys\{781B9B29-76A7-423f-A038-5BB34D4F48FA} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\IMSys folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Facebook folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\EmoticonsAC folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\EmoticonCenter folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\DomainsFavicons folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Default Identity\Lex folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Default Identity\Icons folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Default Identity\EmoticonCenter\MyEmoticons\QuickBar folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Default Identity\EmoticonCenter\MyEmoticons folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Default Identity\EmoticonCenter folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Default Identity folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Chummycons folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail\Data folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IncrediMail folder moved successfully.
    C:\Documents and Settings\Larry\Application Data\Strongvault\Strongvault Online Backup folder moved successfully.
    C:\Documents and Settings\Larry\Application Data\Strongvault folder moved successfully.
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\AuthorizedApplications\List not found.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\AuthorizedApplications\List not found.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\AuthorizedApplications\List not found.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\AuthorizedApplications\List not found.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Could not flush the DNS Resolver Cache: Function failed during execution.
    C:\Documents and Settings\Larry\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\Larry\Desktop\cmd.txt deleted successfully.
    File\Folder C:\Program Files\iMesh Applications not found.
    C:\Program Files\IncrediMail\Bin\sample images folder moved successfully.
    C:\Program Files\IncrediMail\Bin\resources folder moved successfully.
    C:\Program Files\IncrediMail\Bin\assets\flickr folder moved successfully.
    C:\Program Files\IncrediMail\Bin\assets folder moved successfully.
    C:\Program Files\IncrediMail\Bin\AE folder moved successfully.
    C:\Program Files\IncrediMail\Bin folder moved successfully.
    C:\Program Files\IncrediMail folder moved successfully.
    C:\Program Files\Strongvault Online Backup folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Larry
    ->Temp folder emptied: 40271137 bytes
    ->Temporary Internet Files folder emptied: 21823022 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 337817280 bytes
    ->Flash cache emptied: 7332 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 7946642 bytes
    ->Flash cache emptied: 50443 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 7586998 bytes
    ->Flash cache emptied: 11779 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 483 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 205761032 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 593.00 mb

    Restore point Set: OTL Restore Point
    Error: Unable to interpret <[Resethosts> in the current context!

    OTL by OldTimer - Version 3.2.69.0 log created on 02162013_094144

    Files\Folders moved on Reboot...
    File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.02.16.03

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Larry :: VMACHINE [administrator]

    2/16/2013 10:01:01 AM
    mbam-log-2013-02-16 (10-01-01).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 223468
    Time elapsed: 4 minute(s), 17 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    Results of screen317's Security Check version 0.99.57
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.70.0.1100
    CCleaner
    Java(TM) 6 Update 29
    Java version out of Date!
    Adobe Flash Player 11.5.502.149
    Adobe Reader 10.1.5 Adobe Reader out of Date!
    Mozilla Firefox (18.0.2)
    ````````Process Check: objlist.exe by Laurent````````
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast avastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 7%
    ````````````````````End of Log``````````````````````


    Strongvault is no longer in my programs directory, and is no longer in my systems tray. Should I notice any difference how the pc operates? Larry
    Hope this helps
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Yes there should be an improvement. OK do the following:

    Adobe Reader is outdated...
    Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

    Step 1 - Select your Operating System.
    Step 2 - Select your Langauge.
    Step 3 - Select latest version.

    Untick the option for McAfee security scanner if offered.

    Download and install.

    Having the latest updates ensures there are no security vulnerabilities in your system.

    Next,

    Your Java [​IMG] is out of date. Older versions have vulnerabilities that malware can use to infect your system.
    Please follow these steps to remove older version of Java components and upgrade the application.

    Upgrading Java:

    Go to http://java.com/en/ and click on "Do I have Java"
    It will check your current version and then offer to update to the latest version
    Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

    ***Note: Check in Add/Remove Programs to make certain there are no old versions of Java still installed, if so - remove them.

    Next,

    Double click on OTL to run it again. Make sure all other windows are closed and to let it run uninterrupted.
    When the main interface opens change the Standard Registry box to All
    Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    Please copy (Edit > Select All, Edit > Copy) the contents of this file and post it with your next reply.

    Let me know if the updates are successful, post the fresh log from OTL. Give an update on how your system is responding, also if any remaining issues or concerns...

    Kevin
     
  8. pokey2

    pokey2 Thread Starter

    Joined:
    Jan 24, 2008
    Messages:
    90
    Here is the latest old log file. Updates were successful. My other concern is all the microsoft programs in the add & remove program. Can I remove them without issues? Some of the programs are microsoft .net framwork (several)
    microsoft visual c++ (several) and msxml (several)


    OTL logfile created on: 2/16/2013 12:26:30 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Larry\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.57% Memory free
    3.33 Gb Paging File | 2.89 Gb Available in Paging File | 86.63% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.53 Gb Total Space | 39.31 Gb Free Space | 52.75% Space Free | Partition Type: NTFS
    Unable to calculate disk information.

    Computer Name: VMACHINE | User Name: Larry | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/02/16 12:07:09 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2013/02/16 11:38:39 | 000,367,016 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
    PRC - [2013/02/16 11:38:39 | 000,264,616 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\Bin\ImApp.exe
    PRC - [2013/02/15 18:54:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Larry\Desktop\OTL.com
    PRC - [2013/02/05 12:27:02 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
    PRC - [2013/02/03 10:09:24 | 013,102,080 | ---- | M] (The Weather Channel) -- C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe
    PRC - [2012/10/30 18:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/08/28 07:41:08 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    PRC - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    PRC - [2008/08/21 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/05/17 16:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/02/16 11:38:41 | 000,072,104 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\wlessfp1.dll
    MOD - [2013/02/16 11:38:40 | 000,268,712 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\ImLookExU.dll
    MOD - [2013/02/16 11:38:40 | 000,133,544 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\ImComUtlU.dll
    MOD - [2013/02/16 11:38:40 | 000,080,296 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\ImAppRU.dll
    MOD - [2013/02/16 11:38:40 | 000,033,128 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\IMHttpComm.dll
    MOD - [2013/02/16 03:46:18 | 002,060,288 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13021600\algo.dll
    MOD - [2013/02/13 12:02:14 | 001,879,552 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Deployment\d4fd7d6dfb7fc7e8a3520ae915eb0a9d\System.Deployment.ni.dll
    MOD - [2013/02/13 09:22:20 | 013,198,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\de3e6b59e3949f8086973d53518a9ecb\System.Windows.Forms.ni.dll
    MOD - [2013/02/05 12:27:02 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
    MOD - [2013/01/23 16:17:12 | 000,108,888 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\PMC.dll
    MOD - [2013/01/09 03:33:33 | 018,054,144 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\90aa475ae4f67c45538cede327c086aa\System.ServiceModel.ni.dll
    MOD - [2013/01/09 03:29:03 | 000,196,096 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\00b3e4fe5239ad310594f6a6ea0951da\UIAutomationTypes.ni.dll
    MOD - [2013/01/09 03:29:03 | 000,188,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\31c6d1aba484bf4da8cb1c2f84e65546\System.Windows.Input.Manipulations.ni.dll
    MOD - [2013/01/09 03:29:02 | 000,096,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\a1b65a602c75409c0c1ce7fa1f2a0983\UIAutomationProvider.ni.dll
    MOD - [2013/01/09 03:28:31 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\32b515633fcbcc6dad09b9dd09f2fc2f\System.Runtime.Remoting.ni.dll
    MOD - [2013/01/09 03:28:26 | 001,020,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\f616e6911a3d461193cd0e6e003adca5\System.Runtime.DurableInstancing.ni.dll
    MOD - [2013/01/09 03:28:24 | 000,142,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\3b7f418545abc074940776fea9ad635e\SMDiagnostics.ni.dll
    MOD - [2013/01/09 03:28:23 | 002,637,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\fe0d8dda05b9d38bbb664432300b4f42\System.Runtime.Serialization.ni.dll
    MOD - [2013/01/09 03:28:19 | 000,391,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\80383b3ebbbeb285cb6164b84d3e1e85\System.Xml.Linq.ni.dll
    MOD - [2013/01/09 03:28:18 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\7256e28382f57416b828a0cc143b67b3\System.Xaml.ni.dll
    MOD - [2013/01/09 03:08:36 | 018,000,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\25884c52a01d74137ffacdb51d8f2d04\PresentationFramework.ni.dll
    MOD - [2013/01/09 03:07:53 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\3ca69d589c23a0be94f3858f72e7a595\PresentationCore.ni.dll
    MOD - [2013/01/09 03:07:48 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8ba0620535aa28d509b9397500b7d530\System.Drawing.ni.dll
    MOD - [2013/01/09 03:07:45 | 000,309,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\471ffd2d91c4e06f89c84c93cfeddedf\PresentationFramework.Classic.ni.dll
    MOD - [2013/01/09 03:07:27 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a0db56351a1589e44868456609b01737\System.Core.ni.dll
    MOD - [2013/01/09 03:07:13 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\197761bb3230bf9d4f540305dcf6717c\System.Configuration.ni.dll
    MOD - [2013/01/09 03:07:11 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6d9da56c9f607615b55d6742d8427d\System.Xml.ni.dll
    MOD - [2013/01/09 03:07:09 | 003,856,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\6133e360071a2fa7ba7deb483816e585\WindowsBase.ni.dll
    MOD - [2013/01/09 03:06:59 | 009,093,120 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c182d7a0bd88caf2cddccb7491a5fa6e\System.ni.dll
    MOD - [2013/01/09 03:06:44 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll


    ========== Services (SafeList) ==========

    SRV - [2013/02/16 12:07:09 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2013/02/08 11:39:16 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/02/06 15:50:09 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/02/05 12:27:02 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
    SRV - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2012/08/28 07:41:08 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
    SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
    SRV - [2010/01/25 10:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
    SRV - [2007/05/17 16:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)


    ========== Driver Services (SafeList) ==========

    DRV - [2012/10/30 18:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2012/10/30 18:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2012/10/30 18:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2012/10/30 18:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
    DRV - [2012/10/30 18:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2012/10/30 18:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2012/10/30 18:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
    DRV - [2010/12/16 14:14:01 | 000,195,424 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
    DRV - [2010/01/29 04:04:28 | 002,074,480 | ---- | M] (Microsoft Corporation
    ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX6000Xp.sys -- (VX6000)
    DRV - [2009/03/24 04:25:00 | 000,966,912 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86)
    DRV - [2008/12/10 12:56:18 | 000,187,392 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2008/08/07 17:42:36 | 000,016,512 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RAPIProtocol.sys -- (RAPIProtocol)
    DRV - [2008/06/17 18:49:22 | 004,756,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
    DRV - [2006/11/02 10:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)


    ========== Standard Registry (All) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.net/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{32508879-2119-4D0A-B5EF-F80C0BA237C6}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADRA_en
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.charter.net/"
    FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
    FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0
    FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/12/04 19:15:06 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{720096CD-5FB4-486D-A0C6-CB00508A2D77}: C:\Documents and Settings\Larry\Local Settings\Application Data\{720096CD-5FB4-486D-A0C6-CB00508A2D77} [2011/07/30 09:01:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/07 14:07:10 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/06 15:50:10 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/16 12:07:32 | 000,000,000 | ---D | M]

    [2013/02/13 09:20:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Larry\Application Data\Mozilla\Extensions
    [2011/02/26 12:01:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Larry\Application Data\Mozilla\Extensions\[email protected]
    [2013/02/13 10:13:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\u72wne48.default-1353340976468\extensions
    [2013/02/13 09:20:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/02/06 15:50:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2012/11/07 14:07:10 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    File not found (No name found) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2010/12/04 19:15:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2013/02/06 15:50:10 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/12/18 14:08:32 | 000,209,112 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
    [2012/10/14 17:51:35 | 000,001,607 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
    [2013/01/11 10:13:20 | 000,001,453 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
    [2013/01/11 10:13:20 | 000,002,669 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
    [2012/10/14 17:51:35 | 000,001,391 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

    ========== Chrome ==========


    Hosts file not found
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [DW7] C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe (The Weather Channel)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
    O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
    O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (Reg Error: Key error.)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1360267042484 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13)
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2090FB9A-AF35-496D-84AE-18812705D7FC}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp - No CLSID value found
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
    O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll (Microsoft Corporation)
    O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Larry\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Larry\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/08/10 10:55:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/02/16 12:07:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2013/02/16 12:07:32 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
    [2013/02/16 12:07:32 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
    [2013/02/16 12:07:24 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
    [2013/02/16 12:07:24 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
    [2013/02/16 12:07:24 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
    [2013/02/16 12:06:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
    [2013/02/16 12:05:49 | 000,896,928 | ---- | C] (Oracle Corporation) -- C:\Documents and Settings\Larry\Desktop\jxpiinstall.exe
    [2013/02/16 11:39:55 | 000,000,000 | ---D | C] -- C:\Program Files\Photo Notifier and Animation Creator
    [2013/02/16 11:38:50 | 000,000,000 | ---D | C] -- C:\Program Files\IncrediMail
    [2013/02/16 11:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
    [2013/02/16 09:41:44 | 000,000,000 | ---D | C] -- C:\_OTL
    [2013/02/15 18:54:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Larry\Desktop\OTL.com
    [2013/02/13 16:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ffdshow
    [2013/02/13 16:47:36 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
    [2013/02/12 19:38:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry\Application Data\tiger-k
    [2013/02/12 19:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry\My Documents\Leawo
    [2013/02/12 19:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry\Application Data\Leawo
    [2013/02/12 19:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Leawo
    [2013/02/12 19:27:16 | 000,000,000 | ---D | C] -- C:\videodvdmaker
    [2013/02/12 19:27:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry\Application Data\Video DVD Maker FREE
    [2013/02/12 19:23:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry\Local Settings\Application Data\Strongvault
    [2013/02/12 19:23:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    [2013/02/12 19:23:43 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin
    [2013/02/12 19:23:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry\Local Settings\Application Data\Updater21804
    [2013/02/11 10:11:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Wincert
    [2013/02/11 10:11:14 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioVisu.dll
    [2013/02/11 10:11:14 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudPlayer.dll
    [2013/02/11 10:11:14 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioRecord.dll
    [2013/02/11 10:11:14 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\WMAFile.dll
    [2013/02/11 10:11:13 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudFile.dll
    [2013/02/11 10:11:13 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioInfos.dll
    [2013/02/11 10:11:13 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudDisplay.dll
    [2013/02/11 10:11:12 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudDesign.dll
    [2013/02/11 10:11:12 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6FR.DLL
    [2013/02/11 10:11:12 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msinet.OCX
    [2013/02/11 10:11:12 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL
    [2013/02/11 10:11:12 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TABCTFR.DLL
    [2013/02/11 10:11:12 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetfr.DLL
    [2013/02/11 10:11:11 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCFR.DLL
    [2013/02/11 10:11:11 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mscc2fr.dll
    [2013/02/11 10:11:11 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGFR.DLL
    [2013/02/11 10:11:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry\Application Data\FreeAudioPack
    [2013/02/11 09:57:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\18213
    [2013/02/06 15:49:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/02/05 19:01:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry\Application Data\TechSmith
    [2013/02/05 19:01:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry\Local Settings\Application Data\TechSmith
    [2013/02/05 18:45:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Wondershare
    [2013/02/05 18:44:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry\Local Settings\Application Data\Wondershare
    [2013/02/05 12:27:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ProShow Gold
    [2013/02/05 12:27:09 | 000,000,000 | ---D | C] -- C:\Program Files\Photodex Presenter
    [2013/02/05 12:26:56 | 000,000,000 | ---D | C] -- C:\Program Files\Photodex

    ========== Files - Modified Within 30 Days ==========

    [2013/02/16 12:27:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/02/16 12:07:12 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
    [2013/02/16 12:07:08 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
    [2013/02/16 12:07:08 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
    [2013/02/16 12:07:08 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
    [2013/02/16 12:07:07 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
    [2013/02/16 12:07:07 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
    [2013/02/16 12:07:07 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
    [2013/02/16 12:05:49 | 000,896,928 | ---- | M] (Oracle Corporation) -- C:\Documents and Settings\Larry\Desktop\jxpiinstall.exe
    [2013/02/16 11:46:24 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
    [2013/02/16 11:39:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/02/16 11:39:03 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\Larry\Application Data\Microsoft\Internet Explorer\Quick Launch\IncrediMail 2.0.lnk
    [2013/02/16 11:39:02 | 000,001,750 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IncrediMail.lnk
    [2013/02/16 11:37:43 | 000,491,784 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\incredimail_install.exe
    [2013/02/16 10:07:13 | 000,881,914 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\SecurityCheck.exe
    [2013/02/16 09:51:19 | 000,545,424 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/02/16 09:51:19 | 000,098,592 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/02/16 09:47:59 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2013/02/16 09:47:29 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2013/02/16 09:47:26 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/02/16 09:46:59 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/02/16 09:46:59 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2660266228-3332220392-942532097-1004.job
    [2013/02/16 09:46:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/02/16 02:23:29 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8B8C8C92-2F64-470D-88ED-20EE1683545D}.job
    [2013/02/15 18:54:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Larry\Desktop\OTL.com
    [2013/02/15 18:44:23 | 000,587,671 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\adwcleaner0.exe
    [2013/02/14 19:29:19 | 000,072,704 | ---- | M] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/02/13 10:30:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2660266228-3332220392-942532097-1004.job
    [2013/02/13 09:36:48 | 000,192,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/02/13 07:32:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2013/02/08 11:39:16 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2013/02/08 11:39:16 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2013/02/05 12:27:15 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ProShow Gold.lnk
    [2013/01/25 22:55:44 | 000,552,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaut32.dll

    ========== Files Created - No Company Name ==========

    [2013/02/16 11:46:24 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
    [2013/02/16 11:46:24 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
    [2013/02/16 11:39:03 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\Microsoft\Internet Explorer\Quick Launch\IncrediMail 2.0.lnk
    [2013/02/16 11:39:02 | 000,001,756 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\IncrediMail.lnk
    [2013/02/16 11:39:02 | 000,001,750 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IncrediMail.lnk
    [2013/02/16 11:37:42 | 000,491,784 | ---- | C] () -- C:\Documents and Settings\Larry\Desktop\incredimail_install.exe
    [2013/02/16 10:07:12 | 000,881,914 | ---- | C] () -- C:\Documents and Settings\Larry\Desktop\SecurityCheck.exe
    [2013/02/15 18:44:23 | 000,587,671 | ---- | C] () -- C:\Documents and Settings\Larry\Desktop\adwcleaner0.exe
    [2013/02/12 19:37:43 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2013/02/11 10:11:14 | 000,116,296 | ---- | C] () -- C:\WINDOWS\System32\NCTWMAProfiles.prx
    [2013/02/05 12:27:15 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ProShow Gold.lnk
    [2013/01/05 18:44:19 | 000,038,492 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2012/11/12 18:29:04 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
    [2012/07/26 14:10:44 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
    [2012/02/14 19:40:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/12/28 03:33:16 | 004,150,675 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2660266228-3332220392-942532097-1004-0.dat
    [2011/12/28 03:33:07 | 000,246,502 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2011/12/27 15:16:05 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
    [2011/05/26 13:20:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2011/04/12 15:25:00 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10A.DAT
    [2011/04/12 15:24:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
    [2011/04/07 23:12:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/02/15 22:05:46 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\housecall.guid.cache
    [2010/12/05 01:31:57 | 000,072,704 | ---- | C] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2010/08/12 12:57:51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/08/21 07:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/08/21 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    < End of report >
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Re-Run [​IMG] by double left click, Vista and Widows 7 users accept UAC alert.
    • Under the [​IMG] box at the bottom, paste in the following, start with and include the colon plus OTL . :OTL

      Code:
      :OTL
      PRC - [2013/02/16 11:38:39 | 000,367,016 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
      PRC - [2013/02/16 11:38:39 | 000,264,616 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\Bin\ImApp.exe
      MOD - [2013/02/16 11:38:41 | 000,072,104 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\wlessfp1.dll
      MOD - [2013/02/16 11:38:40 | 000,268,712 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\ImLookExU.dll
      MOD - [2013/02/16 11:38:40 | 000,133,544 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\ImComUtlU.dll
      MOD - [2013/02/16 11:38:40 | 000,080,296 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\ImAppRU.dll
      MOD - [2013/02/16 11:38:40 | 000,033,128 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\IMHttpComm.dll
      MOD - [2013/01/23 16:17:12 | 000,108,888 | ---- | M] () -- C:\Program Files\IncrediMail\Bin\PMC.dll
      [2012/10/14 17:51:35 | 000,001,607 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
      [2013/01/11 10:13:20 | 000,001,453 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
      [2013/01/11 10:13:20 | 000,002,669 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
      [2012/10/14 17:51:35 | 000,001,391 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
      O18 - Protocol\Handler\msdaipp - No CLSID value found
      :Files
      C:\Documents and Settings\All Users\Application Data\McAfee
      C:\Program Files\IncrediMail
      C:\Documents and Settings\Larry\Local Settings\Application Data\Strongvault
      C:\Documents and Settings\All Users\Desktop\IncrediMail.lnk
      C:\Documents and Settings\Larry\Desktop\incredimail_install.exe
      :Commands
      [emptytemp]
      [ClearAllRestorePoints]
      
    • Then click [​IMG] button at the top
    • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
    • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

    Next,

    The Hosts file appears to be missing or corrupt, follow the instructions here http://support.microsoft.com/kb/972034 to fix that issue.

    The files you mention in the Add/Remove Programs are OK and should be left alone. Post log from OTL fix, also let me know if there are any remaining issues...

    Kevin
     
  10. pokey2

    pokey2 Thread Starter

    Joined:
    Jan 24, 2008
    Messages:
    90
    what do I do with the moved files? my email client is in there?

    All processes killed
    ========== OTL ==========
    No active process named IncMail.exe was found!
    No active process named ImApp.exe was found!
    C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml moved successfully.
    C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml moved successfully.
    C:\Program Files\Mozilla Firefox\searchplugins\google.xml moved successfully.
    C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
    File Protocol\Handler\msdaipp - No CLSID value found not found.
    ========== FILES ==========
    C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\Common\jxpiinstall folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\Common folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\McAfee folder moved successfully.
    C:\Program Files\IncrediMail\Bin\sample images folder moved successfully.
    C:\Program Files\IncrediMail\Bin\resources folder moved successfully.
    C:\Program Files\IncrediMail\Bin\assets\flickr folder moved successfully.
    C:\Program Files\IncrediMail\Bin\assets folder moved successfully.
    C:\Program Files\IncrediMail\Bin\AE folder moved successfully.
    C:\Program Files\IncrediMail\Bin folder moved successfully.
    C:\Program Files\IncrediMail folder moved successfully.
    C:\Documents and Settings\Larry\Local Settings\Application Data\Strongvault folder moved successfully.
    File\Folder C:\Documents and Settings\All Users\Desktop\IncrediMail.lnk not found.
    File\Folder C:\Documents and Settings\Larry\Desktop\incredimail_install.exe not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Larry
    ->Temp folder emptied: 4766015 bytes
    ->Temporary Internet Files folder emptied: 1571746 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 236003024 bytes
    ->Flash cache emptied: 2552 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 483 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 231.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.69.0 log created on 02162013_200102

    Files\Folders moved on Reboot...
    File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Incredimail can be problematic at best, and the vast majority of email clients will separate the Incredimail graphics from the email, delivering it as plain text with the graphics attached as files, so the recipient never gets to see the whole thing unless also using Incredimail.
    I see many systems using that application that are flooded with unwanted adware like we`ve just seen on yours. If you want to keep your system clean I recommend that you avoid Incredimail. I`m not saying that Incredimail is at fault, but the coincidence is very suspicious...

    My advice is NOT to install it.. leave it off your system. Let me know your thoughts..
     
  12. pokey2

    pokey2 Thread Starter

    Joined:
    Jan 24, 2008
    Messages:
    90
    Your the expert, I'll do what you recommend. Is their a safe email program? Larry And thank you very much for all your help!!!
     
  13. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    How is your system respondong now, are there any remaining issues or concerns?

    Next,

    • Download OTC by OldTimer from here http://oldtimer.geekstogo.com/OTC.exe or here http://www.itxassociates.com/OT-Tools/OTC.exe and save to your Desktop.
    • Double click [​IMG] icon to start the program.
      If you are using Vista or Windows 7 accept UAC
    • Then Click the big [​IMG] button.
    • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
    • Restart your computer when prompted.
    • This will remove tools we have used and itself.

    Any tools/logs remaining on the Desktop can be deleted.

    Next,

    Regarding Email, I use Thunderbird I also use Yahoo and run it through Thunderbird, never had any problems. Have a read here: http://www.mozilla.org/en-GB/thunderbird/

    Kevin
     
  14. pokey2

    pokey2 Thread Starter

    Joined:
    Jan 24, 2008
    Messages:
    90
    MY last concern is can i remove the moved file folders? I have 2 of them. System seems to be responding good. I am still having problem with Proshow from Photodex, with it freezing up on me, but I think it might be an issue with a lack of ram.Larry
     
  15. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Where are the moved file folders located, should normally be here C:\_OTL\MovedFiles should have been removd when OTC was run...

    Regarding Photodex, maybe worth going to the website of that program and taking advice there, I have no knowledge of that program... Go here: http://kb.photodex.com/

    Kevin....
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1089330

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice