1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Windows XP - Bad Image Error

Discussion in 'Virus & Other Malware Removal' started by thadulous, Feb 21, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. thadulous

    thadulous Thread Starter

    Joined:
    Feb 20, 2013
    Messages:
    33
    I am receiving a host of bad image errors on my computer. Here is an example of one:

    The application or DLL C:\WINDOWS\system32\dbghelp.dll is not a valid Windows image. Please check this against your installation diskette. (Title of message:"TUDefragBACKend32.exe - Bad Image").

    Below are the specs and would greatly appreciate guidance on how to fix. Thanks

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
    Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz, x86 Family 6 Model 28 Stepping 2
    Processor Count: 2
    RAM: 1015 Mb
    Graphics Card: Mobile Intel(R) 945 Express Chipset Family, 128 Mb
    Hard Drives: C: Total - 152625 MB, Free - 68015 MB;
    Motherboard: Hewlett-Packard, 308F
    Antivirus: AVG Anti-Virus Free Edition 2013, Updated: No, On-Demand Scanner: Disabled
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:02:36 PM, on 2/20/2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\idt\wdm\STacSV.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2013\avgidsagent.exe
    C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\AVG\AVG2013\avgnsx.exe
    C:\Program Files\AVG\AVG2013\avgemcx.exe
    C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
    C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\WINDOWS\system32\AESTFltr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\syncables\syncables desktop\Syncables.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
    C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
    C:\Program Files\AVG\AVG2013\avgui.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe
    C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
    C:\Program Files\AVG\AVG PC TuneUp\TUMessages.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.135\GoogleCrashHandler.exe
    C:\Program Files\syncables\syncables desktop\MigoMapi.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\notepad.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/102
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;192.168.*.*
    O1 - Hosts: 216.239.32.20 www.google.ae # bck9
    O1 - Hosts: 216.239.32.20 www.google.at # bck9
    O1 - Hosts: 216.239.32.20 www.google.be # bck9
    O1 - Hosts: 216.239.32.20 www.google.ca # bck9
    O1 - Hosts: 216.239.32.20 www.google.ch # bck9
    O1 - Hosts: 216.239.32.20 www.google.cl # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.il # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.in # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.jp # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.kr # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.nz # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.uk # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.ve # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.za # bck9
    O1 - Hosts: 216.239.32.20 www.google.com # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.ar # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.au # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.br # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.co # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.gr # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.hk # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.mx # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.my # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.pe # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.ph # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.pk # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.sg # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.tr # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.tw # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.ua # bck9
    O1 - Hosts: 216.239.32.20 www.google.de # bck9
    O1 - Hosts: 216.239.32.20 www.google.dk # bck9
    O1 - Hosts: 216.239.32.20 www.google.es # bck9
    O1 - Hosts: 216.239.32.20 www.google.fi # bck9
    O1 - Hosts: 216.239.32.20 www.google.fr # bck9
    O1 - Hosts: 216.239.32.20 www.google.it # bck9
    O1 - Hosts: 216.239.32.20 www.google.lt # bck9
    O1 - Hosts: 216.239.32.20 www.google.lv # bck9
    O1 - Hosts: 216.239.32.20 www.google.nl # bck9
    O1 - Hosts: 216.239.32.20 www.google.pl # bck9
    O1 - Hosts: 216.239.32.20 www.google.pt # bck9
    O1 - Hosts: 216.239.32.20 www.google.ro # bck9
    O1 - Hosts: 216.239.32.20 www.google.ru # bck9
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
    O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\SRTOOL~1\Datamngr\BROWSE~1.DLL
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
    O4 - HKLM\..\Run: [HP Mobile Broadband] c:\SWsetup\HPQWWAN\HPMobileBroadband.exe /TrayMode
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Syncables] C:\Program Files\syncables\syncables desktop\Syncables.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
    O4 - HKLM\..\Run: [Nike+ Connect] "C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
    O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
    O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\SRTOOL~1\Datamngr\DATAMN~1.EXE
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Spotify] "C:\Documents and Settings\Owner\Application Data\Spotify\Spotify.exe" /uri spotify:autostart
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe"
    O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
    O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
    O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
    O20 - AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wincert\WIN32C~1.DLL C:\PROGRA~1\SRTOOL~1\Datamngr\datamngr.dll C:\PROGRA~1\SRTOOL~1\Datamngr\IEBHO.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    O23 - Service: Blue Coat K9 Web Protection (bckwfs) - Blue Coat Systems, Inc. - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
    O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\wdm\STacSV.exe
    O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG - C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
    O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
    --
    End of file - 16193 bytes
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702
    Run by Owner at 20:04:34 on 2013-02-20
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.161 [GMT -5:00]
    .
    AV: AVG Anti-Virus Free Edition 2013 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: AVG Firewall *Disabled*
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\idt\wdm\STacSV.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
    C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
    C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\WINDOWS\system32\AESTFltr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\syncables\syncables desktop\Syncables.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
    C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
    C:\PROGRA~1\SRTOOL~1\Datamngr\DATAMN~1.EXE
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe
    C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
    C:\Program Files\AVG\AVG PC TuneUp\TUMessages.exe
    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.135\GoogleCrashHandler.exe
    C:\Program Files\syncables\syncables desktop\MigoMapi.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\notepad.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.searchnu.com/102
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.2.0.1\AVG Secure Search_toolbar.dll
    BHO: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - c:\program files\sr toolbar\datamngr\BrowserConnection.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.391.0\BingExt.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.2.0.1\AVG Secure Search_toolbar.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [Spotify] "c:\documents and settings\owner\application data\spotify\Spotify.exe" /uri spotify:autostart
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
    uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [Spotify Web Helper] "c:\documents and settings\owner\application data\spotify\data\SpotifyWebHelper.exe"
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
    mRun: [AESTFltr] c:\windows\system32\AESTFltr.exe /NoDlg
    mRun: [HP Mobile Broadband] c:\swsetup\hpqwwan\HPMobileBroadband.exe /TrayMode
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [Syncables] c:\program files\syncables\syncables desktop\Syncables.exe
    mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
    mRun: [Nike+ Connect] "c:\program files\nike\nike+ connect\Nike+ Connect daemon.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized
    mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
    mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
    mRun: [DATAMNGR] c:\progra~1\srtool~1\datamngr\DATAMN~1.EXE
    StartupFolder: c:\docume~1\owner\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\owner\application data\dropbox\bin\Dropbox.exe
    StartupFolder: c:\docume~1\owner\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{F7FF8E67-08A0-4AD8-AA1E-F33476B68C26} : DHCPNameServer = 192.168.1.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\14.2.0\ViProtocol.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs= c:\docume~1\alluse~1\applic~1\wincert\win32c~1.dll c:\progra~1\srtool~1\datamngr\datamngr.dll c:\progra~1\srtool~1\datamngr\IEBHO.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 216.239.32.20 www.google.ae # bck9
    Hosts: 216.239.32.20 www.google.at # bck9
    Hosts: 216.239.32.20 www.google.be # bck9
    Hosts: 216.239.32.20 www.google.ca # bck9
    Hosts: 216.239.32.20 www.google.ch # bck9
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ============= SERVICES / DRIVERS ===============
    .
    R?3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 55776]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
    R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 94048]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 35552]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 179936]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 19936]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 159712]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 164832]
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-3 33112]
    R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2012-2-13 87312]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-15 5814904]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
    R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\blue coat k9 web protection\k9filter.exe [2012-2-13 1604880]
    R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-1-27 226624]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2011-8-24 430136]
    R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-1-31 3289208]
    R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files\avg\avg pc tuneup\TuneUpUtilitiesService32.exe [2012-8-23 1532280]
    R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\14.2.0\ToolbarUpdater.exe [2013-2-19 968880]
    R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-9-23 113664]
    R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
    R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-9-23 38912]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-2-15 40776]
    R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-10-29 160256]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\avg\avg pc tuneup\TuneUpUtilitiesDriver32.sys [2012-7-4 10088]
    S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
    S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
    S3 UCORESYS;UCORESYS;c:\docume~1\owner\locals~1\temp\pft8.tmp\UCORESYS.SYS [2008-7-24 15432]
    .
    =============== Created Last 30 ================
    .
    2013-02-20 13:18:32 314 ----a-w- c:\documents and settings\owner\local settings\application data\poetsch.bat
    2013-02-20 04:22:13 32120 ----a-w- c:\windows\system32\TURegOpt.exe
    2013-02-20 04:21:24 -------- d-----w- c:\documents and settings\owner\application data\AVG
    2013-02-20 04:20:40 -------- d-----w- c:\documents and settings\all users\application data\AVG
    2013-02-20 04:20:20 -------- d-sh--w- c:\documents and settings\all users\application data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
    2013-02-20 02:34:12 -------- d-----w- c:\documents and settings\all users\application data\Wincert
    2013-02-20 02:34:06 -------- d-----w- c:\documents and settings\owner\local settings\application data\jZip
    2013-02-20 02:33:53 -------- d-----w- c:\documents and settings\all users\application data\boost_interprocess
    2013-02-20 02:33:43 -------- d-----w- c:\program files\SR Toolbar
    2013-02-20 02:03:23 -------- d-----w- c:\documents and settings\owner\application data\SanDisk
    2013-02-15 14:19:19 -------- d-----w- C:\700fd5ca17cb3e9a4a
    2013-02-15 14:00:38 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    .
    ==================== Find3M ====================
    .
    2013-02-19 14:27:16 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2013-02-10 23:10:39 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-02-10 23:10:39 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
    2013-01-07 01:19:45 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-01-07 00:37:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
    2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax
    2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
    2012-12-26 20:16:29 916480 ----a-w- c:\windows\system32\wininet.dll
    2012-12-26 20:16:28 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-12-26 20:16:28 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-12-24 06:40:59 385024 ------w- c:\windows\system32\html.iec
    2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    ============= FINISH: 20:06:15.40 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/23/2009 9:55:14 AM
    System Uptime: 2/20/2013 9:30:55 AM (11 hours ago)
    .
    Motherboard: Hewlett-Packard | | 308F
    Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | CPU 1 | 1596/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 149 GiB total, 64.319 GiB free.
    D: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP264: 11/23/2012 9:49:23 AM - System Checkpoint
    RP265: 11/25/2012 1:10:56 PM - System Checkpoint
    RP266: 11/27/2012 9:46:53 PM - System Checkpoint
    RP267: 12/1/2012 9:31:55 PM - System Checkpoint
    RP268: 12/4/2012 9:09:40 PM - System Checkpoint
    RP269: 12/6/2012 10:19:29 PM - System Checkpoint
    RP270: 12/9/2012 10:10:20 PM - System Checkpoint
    RP271: 12/11/2012 7:29:38 PM - System Checkpoint
    RP272: 12/13/2012 10:49:57 PM - Software Distribution Service 3.0
    RP273: 12/14/2012 10:25:21 AM - Software Distribution Service 3.0
    RP274: 12/16/2012 12:11:25 PM - System Checkpoint
    RP275: 12/17/2012 8:40:23 PM - System Checkpoint
    RP276: 12/25/2012 10:05:45 AM - System Checkpoint
    RP277: 12/26/2012 11:58:05 AM - Software Distribution Service 3.0
    RP278: 12/27/2012 2:30:46 PM - System Checkpoint
    RP279: 12/31/2012 2:52:11 PM - System Checkpoint
    RP280: 1/8/2013 8:34:17 PM - Removed Stamps.com Application Support for Microsoft Word 2000-2010
    RP281: 1/8/2013 9:26:34 PM - Software Distribution Service 3.0
    RP282: 1/9/2013 7:50:01 PM - Software Distribution Service 3.0
    RP283: 1/9/2013 9:05:28 PM - Software Distribution Service 3.0
    RP284: 1/10/2013 7:16:18 PM - Software Distribution Service 3.0
    RP285: 1/20/2013 1:17:10 PM - Software Distribution Service 3.0
    RP286: 1/21/2013 1:51:27 PM - System Checkpoint
    RP287: 1/23/2013 9:53:37 PM - System Checkpoint
    RP288: 2/1/2013 11:17:55 AM - System Checkpoint
    RP289: 2/3/2013 12:49:22 PM - System Checkpoint
    RP290: 2/10/2013 7:01:49 PM - System Checkpoint
    RP291: 2/13/2013 8:37:56 PM - System Checkpoint
    RP292: 2/13/2013 11:49:27 PM - Software Distribution Service 3.0
    RP293: 2/15/2013 8:53:14 AM - Software Distribution Service 3.0
    RP294: 2/17/2013 12:47:11 PM - Software Distribution Service 3.0
    RP295: 2/17/2013 11:08:11 PM - Software Distribution Service 3.0
    RP296: 2/19/2013 9:30:17 AM - Software Distribution Service 3.0
    RP297: 2/19/2013 10:25:16 PM - Software Distribution Service 3.0
    .
    ==== Hosts File Hijack ======================
    .
    Hosts: 216.239.32.20 www.google.ae # bck9
    Hosts: 216.239.32.20 www.google.at # bck9
    Hosts: 216.239.32.20 www.google.be # bck9
    Hosts: 216.239.32.20 www.google.ca # bck9
    Hosts: 216.239.32.20 www.google.ch # bck9
    Hosts: 216.239.32.20 www.google.cl # bck9
    Hosts: 216.239.32.20 www.google.co.il # bck9
    Hosts: 216.239.32.20 www.google.co.in # bck9
    Hosts: 216.239.32.20 www.google.co.jp # bck9
    Hosts: 216.239.32.20 www.google.co.kr # bck9
    Hosts: 216.239.32.20 www.google.co.nz # bck9
    Hosts: 216.239.32.20 www.google.co.uk # bck9
    Hosts: 216.239.32.20 www.google.co.ve # bck9
    Hosts: 216.239.32.20 www.google.co.za # bck9
    Hosts: 216.239.32.20 www.google.com # bck9
    Hosts: 216.239.32.20 www.google.com.ar # bck9
    Hosts: 216.239.32.20 www.google.com.au # bck9
    Hosts: 216.239.32.20 www.google.com.br # bck9
    Hosts: 216.239.32.20 www.google.com.co # bck9
    Hosts: 216.239.32.20 www.google.com.gr # bck9
    Hosts: 216.239.32.20 www.google.com.hk # bck9
    Hosts: 216.239.32.20 www.google.com.mx # bck9
    Hosts: 216.239.32.20 www.google.com.my # bck9
    Hosts: 216.239.32.20 www.google.com.pe # bck9
    Hosts: 216.239.32.20 www.google.com.ph # bck9
    Hosts: 216.239.32.20 www.google.com.pk # bck9
    Hosts: 216.239.32.20 www.google.com.sg # bck9
    Hosts: 216.239.32.20 www.google.com.tr # bck9
    Hosts: 216.239.32.20 www.google.com.tw # bck9
    Hosts: 216.239.32.20 www.google.com.ua # bck9
    Hosts: 216.239.32.20 www.google.de # bck9
    Hosts: 216.239.32.20 www.google.dk # bck9
    Hosts: 216.239.32.20 www.google.es # bck9
    Hosts: 216.239.32.20 www.google.fi # bck9
    Hosts: 216.239.32.20 www.google.fr # bck9
    Hosts: 216.239.32.20 www.google.it # bck9
    Hosts: 216.239.32.20 www.google.lt # bck9
    Hosts: 216.239.32.20 www.google.lv # bck9
    Hosts: 216.239.32.20 www.google.nl # bck9
    Hosts: 216.239.32.20 www.google.pl # bck9
    Hosts: 216.239.32.20 www.google.pt # bck9
    Hosts: 216.239.32.20 www.google.ro # bck9
    Hosts: 216.239.32.20 www.google.ru # bck9
    .
    ==== Installed Programs ======================
    .
    .
    ==== End Of File ===========================
     
  2. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    581
    Hello thadulous, and Welcome to the forum!

    My name is wannabeageek and I'll be helping you with any malware problems.
    I am a MRU Undergraduate trainee here, and as such my posts to you have to first be checked by a Teacher.
    Because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

    Before we begin, please read and follow these important guidelines, so things will proceed smoothly.

    1. The instructions being given are for YOUR computer and system only!
      Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
    2. You must have Administrator rights, permissions for this computer.
    3. DO NOT run any other fix or removal tools unless instructed to do so!
    4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
    5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
    6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
    7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:

      Absence of symptoms does not mean that everything is clear.


    I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

    Please take time to read TSG Forum Guidelines and Rules where the conditions for receiving help here are explained.

    Please read all instructions carefully before executing and perform the steps, in the order given.
    lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

    Because of this, I advise you to backup any personal files and folders before you start
     
  3. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    581
    Hello thadulous,



    Step 1.
    Junkware Removal Tool

    • Please download and run the following program: JRT.exe
    • Double click on JRT.exe to run it.
    • When the program is finished running, post the log JRT.txt in your next reply.



    Step 2.
    OTL
    Please download OTL ... by Old Timer . Save it to your Desktop.

    1. Double click on OTL.exe to run it.
    2. Click the Scan All Users checkbox.
    3. Check the Extra Registry block to make sure the "Use SafeList" button is highlighted.
      Leave the remaining selections to the default settings.
    4. Click on Run Scan at the top left hand corner.
    5. When done, two Notepad files will open.
      • OTL.txt <-- Will be opened, maximized
      • Extras.txt <-- Will be minimized on task bar.
    6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.



    Please include in your next reply:

    1. Contents of JRT.txt
    2. Contents of OTL.txt
    3. Contents of Extras.txt
    4. Any problem executing the instructions?

    Thanks,
    wbg
     
  4. thadulous

    thadulous Thread Starter

    Joined:
    Feb 20, 2013
    Messages:
    33
    I downloaded the JRT.exe but when I clicked on it - i would get 2 bad image errors for the JRT.exe and then another 2 bad image errors for CMD. exe. Did not get any txt file.

    OTL logfile created on: 2/25/2013 11:23:08 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1015.23 Mb Total Physical Memory | 320.20 Mb Available Physical Memory | 31.54% Memory free
    2.39 Gb Paging File | 1.60 Gb Available in Paging File | 67.15% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.05 Gb Total Space | 66.53 Gb Free Space | 44.64% Space Free | Partition Type: NTFS
    Drive D: | 14.47 Gb Total Space | 3.45 Gb Free Space | 23.82% Space Free | Partition Type: FAT32

    Computer Name: OWNER-802C021C6 | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/02/25 22:33:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
    PRC - [2013/02/19 10:18:39 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.135\GoogleCrashHandler.exe
    PRC - [2013/02/19 09:27:16 | 001,151,152 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
    PRC - [2013/02/19 09:27:16 | 000,968,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
    PRC - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2013/01/20 14:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
    PRC - [2013/01/20 03:59:02 | 001,683,456 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\SR Toolbar\Datamngr\datamngrUI.exe
    PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
    PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
    PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    PRC - [2012/10/22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
    PRC - [2012/10/22 13:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
    PRC - [2012/09/28 21:12:34 | 000,070,656 | ---- | M] (Nike) -- C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe
    PRC - [2012/08/23 11:31:24 | 001,532,280 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
    PRC - [2012/08/23 11:31:24 | 001,222,008 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
    PRC - [2012/08/13 09:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
    PRC - [2012/08/13 09:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
    PRC - [2012/06/11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
    PRC - [2012/06/11 15:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE
    PRC - [2012/02/13 14:02:32 | 001,604,880 | ---- | M] (Blue Coat Systems, Inc.) -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
    PRC - [2012/01/06 16:30:00 | 001,446,760 | ---- | M] (Garmin) -- C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
    PRC - [2011/08/24 17:30:58 | 000,651,832 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
    PRC - [2011/08/24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    PRC - [2011/06/09 13:06:06 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    PRC - [2011/01/27 16:13:50 | 000,226,624 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
    PRC - [2011/01/27 16:13:40 | 000,673,088 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
    PRC - [2009/04/02 03:51:00 | 000,288,560 | ---- | M] (syncables, LLC) -- C:\Program Files\syncables\syncables desktop\MigoMapi.exe
    PRC - [2009/04/02 03:51:00 | 000,173,360 | ---- | M] (syncables, LLC) -- C:\Program Files\syncables\syncables desktop\Syncables.exe
    PRC - [2009/04/02 03:51:00 | 000,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe
    PRC - [2009/03/29 23:47:00 | 000,483,428 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\STTRAY.EXE
    PRC - [2009/03/29 23:47:00 | 000,254,042 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\WDM\STACSV.EXE
    PRC - [2009/02/18 00:41:56 | 000,737,280 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFLTR.EXE
    PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/02/19 09:27:16 | 001,151,152 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
    MOD - [2013/02/19 09:27:16 | 000,968,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
    MOD - [2013/02/19 09:27:16 | 000,156,848 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll
    MOD - [2013/02/15 09:00:25 | 013,198,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\de3e6b59e3949f8086973d53518a9ecb\System.Windows.Forms.ni.dll
    MOD - [2013/01/12 22:39:31 | 000,391,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\80383b3ebbbeb285cb6164b84d3e1e85\System.Xml.Linq.ni.dll
    MOD - [2013/01/12 22:35:16 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\7256e28382f57416b828a0cc143b67b3\System.Xaml.ni.dll
    MOD - [2013/01/10 21:55:10 | 018,000,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\25884c52a01d74137ffacdb51d8f2d04\PresentationFramework.ni.dll
    MOD - [2013/01/10 21:54:19 | 000,309,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\471ffd2d91c4e06f89c84c93cfeddedf\PresentationFramework.Classic.ni.dll
    MOD - [2013/01/10 21:53:33 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8ba0620535aa28d509b9397500b7d530\System.Drawing.ni.dll
    MOD - [2013/01/10 21:53:14 | 000,739,328 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\b8cef9be9e5e7e9c533b639c9ef6dfe8\System.Security.ni.dll
    MOD - [2013/01/10 21:52:41 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6d9da56c9f607615b55d6742d8427d\System.Xml.ni.dll
    MOD - [2013/01/10 21:52:11 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\3ca69d589c23a0be94f3858f72e7a595\PresentationCore.ni.dll
    MOD - [2013/01/10 21:50:45 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a0db56351a1589e44868456609b01737\System.Core.ni.dll
    MOD - [2013/01/10 21:50:13 | 003,856,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\6133e360071a2fa7ba7deb483816e585\WindowsBase.ni.dll
    MOD - [2013/01/10 21:49:19 | 009,093,120 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c182d7a0bd88caf2cddccb7491a5fa6e\System.ni.dll
    MOD - [2013/01/10 21:48:04 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
    MOD - [2012/10/31 22:26:36 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
    MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/01/27 16:13:50 | 000,226,624 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
    MOD - [2011/01/27 16:13:40 | 000,673,088 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
    MOD - [2008/04/14 07:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
    MOD - [2008/04/14 07:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


    ========== Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2013/02/19 09:27:16 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
    SRV - [2013/02/10 18:10:42 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
    SRV - [2012/08/23 11:31:24 | 001,532,280 | ---- | M] (AVG) [Auto | Running] -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
    SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/06/11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
    SRV - [2012/06/11 15:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
    SRV - [2012/02/13 14:02:32 | 001,604,880 | ---- | M] (Blue Coat Systems, Inc.) [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs)
    SRV - [2011/08/24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
    SRV - [2011/01/27 16:13:50 | 000,226,624 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
    SRV - [2009/03/29 23:47:00 | 000,254,042 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\WDM\STACSV.EXE -- (STacSV)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts5161ccid.sys -- (USBCCID)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (Rts516xIR)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - [2013/02/19 09:27:16 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
    DRV - [2012/11/15 23:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
    DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
    DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
    DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
    DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
    DRV - [2012/07/04 15:26:12 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
    DRV - [2012/02/13 14:02:02 | 000,087,312 | ---- | M] (Blue Coat Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bckd.sys -- (bckd)
    DRV - [2009/09/23 09:12:40 | 001,735,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2009/03/29 23:47:00 | 001,550,891 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2009/03/18 21:55:06 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
    DRV - [2009/03/02 02:03:48 | 000,038,912 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
    DRV - [2008/11/25 06:44:04 | 000,058,080 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
    DRV - [2008/11/21 07:36:46 | 000,160,256 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)
    DRV - [2008/07/24 18:16:12 | 000,015,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Owner\Local Settings\Temp\pft8.tmp\UCORESYS.SYS -- (UCORESYS)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=4833128011114030&q={searchTerms}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/102
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{47E023EE-3FBA-41EB-842A-B541B341C533}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={726B4F1C-4D4D-4FF3-9C29-4E92FE7C3976}&mid=03b26bfa66ab47d19638d16cf5b27fce-d297aae8caec07a2eabe9809d8680de09dfac56a&lang=en&ds=AVG&pr=fr&d=2012-02-07 09:45:07&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
    IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=4833128011114030&q={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll (Amazon.com, Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\14.2.0.1 [2013/02/19 09:27:35 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - homepage: http://www.naaleh.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.naaleh.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
    CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
    CHR - Extension: Nanny for Google Chrome (TM) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cljcgchbnolheggdgaeclffeagnnmhno\0.993_0\
    CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
    CHR - Extension: ShopAtHome.com extension = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.0.1.0_0\
    CHR - Extension: AVG Security Toolbar = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\
    CHR - Extension: UserZoom Survey Tool = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\npeidojcmghjibnbnmjloedchcgdkbeo\2.0.13_0\
    CHR - Extension: Google Reader = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\
    CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
    CHR - Extension: RSS Feed Reader = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp\4.1.6_0\

    O1 HOSTS File: ([2013/02/25 23:10:11 | 000,002,432 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 216.239.32.20 www.google.ae # bck9
    O1 - Hosts: 216.239.32.20 www.google.at # bck9
    O1 - Hosts: 216.239.32.20 www.google.be # bck9
    O1 - Hosts: 216.239.32.20 www.google.ca # bck9
    O1 - Hosts: 216.239.32.20 www.google.ch # bck9
    O1 - Hosts: 216.239.32.20 www.google.cl # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.il # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.in # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.jp # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.kr # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.nz # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.uk # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.ve # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.za # bck9
    O1 - Hosts: 216.239.32.20 www.google.com # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.ar # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.au # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.br # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.co # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.gr # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.hk # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.mx # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.my # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.pe # bck9
    O1 - Hosts: 39 more lines...
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
    O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\SR Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
    O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\SR Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
    O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
    O4 - HKLM..\Run: [HP Mobile Broadband] c:\SWsetup\HPQWWAN\HPMobileBroadband.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [Nike+ Connect] C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike)
    O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
    O4 - HKLM..\Run: [Syncables] C:\Program Files\syncables\syncables desktop\Syncables.exe (syncables, LLC)
    O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\STTRAY.EXE (IDT, Inc.)
    O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
    O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background File not found
    O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7FF8E67-08A0-4AD8-AA1E-F33476B68C26}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\linkscanner - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
    O20 - AppInit_DLLs: (C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wincert\WIN32C~1.DLL) - C:\Documents and Settings\All Users\Application Data\Wincert\win32cert.dll ()
    O20 - AppInit_DLLs: (C:\PROGRA~1\SRTOOL~1\Datamngr\datamngr.dll) - C:\Program Files\SR Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
    O20 - AppInit_DLLs: (C:\PROGRA~1\SRTOOL~1\Datamngr\IEBHO.dll) - C:\Program Files\SR Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
    O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
    O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found
    O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found
    O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found
    O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found
    O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
    O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
    O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found
    O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
    O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found
    O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
    O24 - Desktop WallPaper: C:\WINDOWS\Tempest.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Tempest.bmp
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
    O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
    O29 - HKLM SecurityProviders - (schannel.dll) - File not found
    O29 - HKLM SecurityProviders - (digest.dll) - File not found
    O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/09/23 08:53:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{cde3356c-63ec-11e2-b7a2-0025b356963d}\Shell - "" = AutoRun
    O33 - MountPoints2\{cde3356c-63ec-11e2-b7a2-0025b356963d}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{cde3356c-63ec-11e2-b7a2-0025b356963d}\Shell\AutoRun\command - "" = E:\setup.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/02/25 22:22:03 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/02/25 22:01:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AVG
    [2013/02/20 20:04:11 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
    [2013/02/20 08:17:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Add-in Express
    [2013/02/19 23:22:13 | 000,032,120 | ---- | C] (AVG) -- C:\WINDOWS\System32\TURegOpt.exe
    [2013/02/19 23:21:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp
    [2013/02/19 23:21:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG
    [2013/02/19 23:20:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG
    [2013/02/19 23:20:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
    [2013/02/19 21:34:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Wincert
    [2013/02/19 21:34:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\jZip
    [2013/02/19 21:33:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
    [2013/02/19 21:33:43 | 000,000,000 | ---D | C] -- C:\Program Files\SR Toolbar
    [2013/02/19 21:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SanDisk
    [2013/02/15 09:19:19 | 000,000,000 | ---D | C] -- C:\700fd5ca17cb3e9a4a
    [2013/02/12 10:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
    [2013/02/11 11:24:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Mozilla
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/02/25 23:38:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{990FDF9F-A530-42E4-91C1-C549B1712AB6}.job
    [2013/02/25 23:37:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7F94364F-F556-4DF2-A997-BC3172BED459}.job
    [2013/02/25 23:23:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1292428093-299502267-1003UA.job
    [2013/02/25 23:08:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/02/25 22:09:17 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/02/25 21:56:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/02/21 10:23:44 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1292428093-299502267-1003Core.job
    [2013/02/20 23:59:12 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\My Sharing Folders.lnk
    [2013/02/20 23:37:04 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
    [2013/02/20 23:37:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2013/02/20 20:04:12 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
    [2013/02/20 09:56:16 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2013/02/20 08:18:32 | 000,000,314 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\poetsch.bat
    [2013/02/20 07:24:13 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2013/02/20 06:41:51 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
    [2013/02/19 23:37:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
    [2013/02/19 23:37:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2013/02/19 23:21:59 | 000,001,747 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC TuneUp.lnk
    [2013/02/19 23:21:59 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 1-Click Maintenance.lnk
    [2013/02/19 23:21:59 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG PC TuneUp.lnk
    [2013/02/19 22:36:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
    [2013/02/19 22:36:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
    [2013/02/19 22:23:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
    [2013/02/19 22:23:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
    [2013/02/19 09:27:16 | 000,033,112 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
    [2013/02/17 23:07:11 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
    [2013/02/17 23:07:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
    [2013/02/15 16:38:41 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
    [2013/02/15 16:38:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
    [2013/02/15 09:23:57 | 000,286,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/02/15 09:19:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2013/02/15 08:57:26 | 000,503,360 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/02/15 08:57:26 | 000,088,718 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/02/13 23:48:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
    [2013/02/13 23:48:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
    [2013/02/13 21:22:00 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/02/12 10:31:18 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
    [2013/02/11 23:10:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
    [2013/02/11 23:10:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
    [2013/02/10 18:10:39 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2013/02/10 18:10:39 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2013/01/31 10:17:17 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk
    [2013/01/31 10:13:49 | 000,001,008 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Dropbox.lnk
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/02/20 23:59:12 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\My Sharing Folders.lnk
    [2013/02/20 08:18:32 | 000,000,314 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\poetsch.bat
    [2013/02/19 23:21:59 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC TuneUp.lnk
    [2013/02/19 23:21:59 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 1-Click Maintenance.lnk
    [2013/02/19 23:21:59 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG PC TuneUp.lnk
    [2013/02/19 23:21:56 | 000,001,735 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp.lnk
    [2012/10/10 20:24:07 | 000,118,818 | ---- | C] () -- C:\WINDOWS\System32\Dctn.dll
    [2012/09/01 21:15:42 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\dt.dat
    [2012/08/29 08:24:57 | 000,243,450 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-682003330-1292428093-299502267-1007-0.dat
    [2012/06/21 17:20:48 | 000,243,450 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-682003330-1292428093-299502267-501-0.dat
    [2012/04/28 21:49:10 | 000,282,733 | ---- | C] () -- C:\WINDOWS\Halacha Brura Uninstaller.exe
    [2012/03/06 10:21:53 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/02/23 23:45:42 | 000,078,378 | ---- | C] () -- C:\Documents and Settings\Owner\.DLMSave_back.xml
    [2012/02/23 23:45:42 | 000,078,378 | ---- | C] () -- C:\Documents and Settings\Owner\.DLMSave.xml
    [2012/02/23 23:44:44 | 000,001,256 | ---- | C] () -- C:\Documents and Settings\Owner\.Setting.ini
    [2012/02/14 21:55:50 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/02/03 12:07:49 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\f9t.dat
    [2012/01/17 23:15:30 | 000,243,450 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-682003330-1292428093-299502267-1003-0.dat
    [2012/01/16 22:36:07 | 000,243,450 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2011/11/24 20:16:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/10/24 10:24:34 | 000,062,308 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2002/02/21 05:46:28 | 000,002,602 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat

    ========== ZeroAccess Check ==========

    [2009/09/23 09:14:43 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 07:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC359956

    < End of report >
    OTL Extras logfile created on: 2/25/2013 11:23:08 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1015.23 Mb Total Physical Memory | 320.20 Mb Available Physical Memory | 31.54% Memory free
    2.39 Gb Paging File | 1.60 Gb Available in Paging File | 67.15% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.05 Gb Total Space | 66.53 Gb Free Space | 44.64% Space Free | Partition Type: NTFS
    Drive D: | 14.47 Gb Total Space | 3.45 Gb Free Space | 23.82% Space Free | Partition Type: FAT32

    Computer Name: OWNER-802C021C6 | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .reg [@ = regfile] -- regedit.exe "%1"

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- winhlp32.exe %1
    piffile [open] -- "%1" %*
    regfile [open] -- regedit.exe "%1"
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
    "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
    "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
    "C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe" = C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
    "C:\Program Files\Brother\BRAdmin Light\BRAdmLight.exe" = C:\Program Files\Brother\BRAdmin Light\BRAdmLight.exe:*:Enabled:BRAdmin Light -- (Brother Industries, Ltd.)
    "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
    "C:\Documents and Settings\Owner\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\Owner\Application Data\Spotify\spotify.exe:*:Enabled:Spotify
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
    "C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
    "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
    "C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013 -- ()
    "C:\Program Files\AVG\AVG2013\avgemcx.exe" = C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0AF9A122-18A5-11D5-85EB-444553540000}" = Gemara
    "{0E13CAA3-B5FC-48C0-AA4A-26F5CD0C371C}" = Garmin Lifetime Updater
    "{0E6B3568-2337-4429-9E14-0D9D8157D45A}" = Network Recording Player
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP460" = Canon MP460
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{22644FC4-9EA9-4F67-A76C-91C51E9E0963}" = AVG 2013
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 29
    "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4F2AF17E-94F0-4F22-943D-216CE46AC502}" = HP Mobile Broadband Setup Utility
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
    "{69DAC00A-7665-4E9B-B441-093D40736429}" = HP BatteryCheck 2.10 A2
    "{6FABA483-0BAD-4EFA-9B1C-599CC4F6677D}" = HP User Guides 0139
    "{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{731E713B-C13E-4527-B624-8A6DF2D33DAF}" = AVG 2013
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7FD093C2-3493-4B17-BB15-B129A7D1DC51}" = AVG 2013
    "{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 2.2.1.3
    "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{918F4F34-2544-4519-9479-9239C8DD69DF}" = syncables desktop
    "{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
    "{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
    "{AC76BA86-7AD7-1033-7B44-A90100000001}" = Adobe Reader 9.0.1
    "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}" = AVG PC TuneUp
    "{D3D1D696-84A8-465A-BC61-CDAC852B24CD}_is1" = Phone to PC 4.1.6.2
    "{D952C4F9-2488-3723-84BE-1BFA907DCAC9}" = Google Talk Plugin
    "{DB75941E-30C4-4D97-B000-D17C764B998C}" = Brother BRAdmin Light 1.21.0001
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{ED65D5B7-FD18-4E75-AC2A-50C40544D797}" = Brother HL-2170W
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{FB03A941-815E-42F2-B604-FCE5636DB90B}" = AVG PC TuneUp Language Pack (en-US)
    "{FB29B583-945C-4094-BB4B-3A405574C560}" = Motorola Mobile Drivers Installation 5.0.0
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
    "AVG" = AVG 2013
    "AVG PC TuneUp" = AVG PC TuneUp
    "AVG Secure Search" = AVG Security Toolbar
    "Blue Coat K9 Web Protection" = Blue Coat K9 Web Protection
    "Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
    "eMusic Download Manager 5.0.5" = eMusic Download Manager
    "FormatFactory" = FormatFactory 2.96
    "Halacha Brura" = Halacha Brura
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "MotoHelper" = MotoHelper 2.0.45 Driver 5.0.0
    "MP Navigator 3.0" = Canon MP Navigator 3.0
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSNINST" = MSN
    "Nike+ Connect" = Nike+ Connect
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Picasa 3" = Picasa 3
    "Stamps.com" = Stamps.com
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome
    "Master Torah Download" = Master Torah Download

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 2/21/2013 6:32:21 AM | Computer Name = OWNER-802C021C6 | Source = SecurityCenter | ID = 1802
    Description = The Windows Security Center Service was unable to establish event
    queries with WMI to monitor third party AntiVirus and Firewall.

    Error - 2/21/2013 9:38:19 AM | Computer Name = OWNER-802C021C6 | Source = SecurityCenter | ID = 1802
    Description = The Windows Security Center Service was unable to establish event
    queries with WMI to monitor third party AntiVirus and Firewall.

    Error - 2/21/2013 9:44:14 AM | Computer Name = OWNER-802C021C6 | Source = Application Error | ID = 1000
    Description = Faulting application avgdiagex.exe, version 0.0.0.0, faulting module
    avgdiagex.exe, version 0.0.0.0, fault address 0x001be4bf.

    Error - 2/21/2013 10:22:04 AM | Computer Name = OWNER-802C021C6 | Source = SecurityCenter | ID = 1802
    Description = The Windows Security Center Service was unable to establish event
    queries with WMI to monitor third party AntiVirus and Firewall.

    Error - 2/21/2013 10:25:58 AM | Computer Name = OWNER-802C021C6 | Source = Application Error | ID = 1000
    Description = Faulting application avgdiagex.exe, version 0.0.0.0, faulting module
    avgdiagex.exe, version 0.0.0.0, fault address 0x001be4bf.

    Error - 2/21/2013 5:56:34 PM | Computer Name = OWNER-802C021C6 | Source = Userenv | ID = 1512
    Description = Windows cannot unload your registry file. The memory used by the registry
    has not been freed. This is often caused by services running as a user account,
    try configuring the services to run in either the LocalService or NetworkService
    account. If this problem persists, contact your administrator. DETAIL - Insufficient
    system resources exist to complete the requested service.

    Error - 2/25/2013 10:57:18 PM | Computer Name = OWNER-802C021C6 | Source = SecurityCenter | ID = 1802
    Description = The Windows Security Center Service was unable to establish event
    queries with WMI to monitor third party AntiVirus and Firewall.

    Error - 2/25/2013 11:11:07 PM | Computer Name = OWNER-802C021C6 | Source = Application Error | ID = 1000
    Description = Faulting application avgdiagex.exe, version 0.0.0.0, faulting module
    avgdiagex.exe, version 0.0.0.0, fault address 0x001be4bf.

    Error - 2/26/2013 12:10:17 AM | Computer Name = OWNER-802C021C6 | Source = SecurityCenter | ID = 1802
    Description = The Windows Security Center Service was unable to establish event
    queries with WMI to monitor third party AntiVirus and Firewall.

    Error - 2/26/2013 12:13:54 AM | Computer Name = OWNER-802C021C6 | Source = Application Error | ID = 1000
    Description = Faulting application avgdiagex.exe, version 0.0.0.0, faulting module
    avgdiagex.exe, version 0.0.0.0, fault address 0x001be4bf.

    [ System Events ]
    Error - 2/21/2013 9:53:34 AM | Computer Name = OWNER-802C021C6 | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 2/21/2013 10:55:24 AM | Computer Name = OWNER-802C021C6 | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 2/21/2013 12:03:31 PM | Computer Name = OWNER-802C021C6 | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 2/21/2013 12:11:55 PM | Computer Name = OWNER-802C021C6 | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 2/21/2013 12:15:36 PM | Computer Name = OWNER-802C021C6 | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 2/21/2013 12:23:59 PM | Computer Name = OWNER-802C021C6 | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 2/21/2013 2:46:37 PM | Computer Name = OWNER-802C021C6 | Source = PlugPlayManager | ID = 12
    Description = The device 'Generic- Multi-Card USB Device' (USBSTOR\Disk&Ven_Generic-&Prod_Multi-Card&Rev_1.00\00000)
    disappeared from the system without first being prepared for removal.

    Error - 2/21/2013 2:46:37 PM | Computer Name = OWNER-802C021C6 | Source = PlugPlayManager | ID = 12
    Description = The device 'Generic volume' (STORAGE\RemovableMedia\7&d7f206a&0&RM)
    disappeared from the system without first being prepared for removal.

    Error - 2/21/2013 2:55:55 PM | Computer Name = OWNER-802C021C6 | Source = PlugPlayManager | ID = 12
    Description = The device 'Generic- Multi-Card USB Device' (USBSTOR\Disk&Ven_Generic-&Prod_Multi-Card&Rev_1.00\00000)
    disappeared from the system without first being prepared for removal.

    Error - 2/21/2013 2:55:55 PM | Computer Name = OWNER-802C021C6 | Source = PlugPlayManager | ID = 12
    Description = The device 'Generic volume' (STORAGE\RemovableMedia\7&d7f206a&0&RM)
    disappeared from the system without first being prepared for removal.


    < End of report >

    thanks!
     
  5. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    581
    Hello thadulous,

    Please run the following and post the results.


    Step 1.
    Add/Remove Programs
    I need you to uninstall some programs from your computer.

    1. Click Start...then click Run.
    2. In the open text entry box...please copy/paste the following:
      appwiz.cpl
    3. Click the OK...button. It takes a few seconds for the program list to be "populated'.
    4. Locate the following program(s):
      Adobe Reader 9.0.1
      Java(TM) 6 Update 29
      Viewpoint Media Player
    5. Press the "Remove" or "Change/Remove"...button to uninstall the program.
      Carefully read any prompts...
      Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
      Don't worry if you can not find all programs...some may not have an uninstall feature.
    6. Repeat steps 4 - 5 for each program in the list.
    7. When finished...close/exit Add/Remove Programs.



    Step 2.
    OTL - System Scan/Fix
    Important! Close all applications and windows so that you have nothing open and are at your Desktop

    1. Double click on OTL.exe to execute it. Keep all other windows closed and let OTL run uninterrupted.
    2. Under the Standard Registry box change it to All.
    3. Check/tick the boxes beside LOP Check and Purity Check.
    4. Copy the following text... do not include the quote box title "Quote'
    5. Click under the Custom Scan/Fixes box and paste the copied text.
    6. Click the Run Fix button. If prompted... click OK.
    7. When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
    8. Please post the contents of report in your next reply.


    C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.


    Step 3.
    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2



    • Double-click SystemLook.exe to run it.
    • Copy and paste the content of the following codebox into the main textfield:
      Code:
      :filefind
      *Bandoo*
      *Community*
      *Conduit*
      *datamngr*
      *Fun4IM*
      *iLivid*
      *IObit*
      *Iminent*
      *Searchqu*
      *Searchnu*
      *Tarma*
      *trolltech*
      *vshare*
      *whitesmoke*
      *Yontoo*
      
      :folderfind
      *Bandoo*
      *Community*
      *Conduit*
      *datamngr*
      *Fun4IM*
      *iLivid*
      *IObit*
      *Iminent*
      *Searchqu*
      *Searchnu*
      *Tarma*
      *trolltech*
      *vshare*
      *whitesmoke*
      *Yontoo*
      
      :Regfind
      Bandoo
      Community
      Conduit
      datamngr
      Fun4IM
      iLivid
      IObit
      Iminent
      Searchqu
      Searchnu
      Tarma
      trolltech
      vshare
      whitesmoke
      Yontoo
      
    • Click the Look button to start the scan.
      Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

    Note: The log can also be found on your Desktop entitled SystemLook.txt


    Please include in your next reply:

    1. Contents of C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
    2. Contents of SystemLook.txt
    3. Any problem executing the instructions?
    4. How is the computer behaving?

    Thanks,
    wbg
     
  6. thadulous

    thadulous Thread Starter

    Joined:
    Feb 20, 2013
    Messages:
    33
    Did all the steps. When i restarted I got two bad image errors for Google and I get a problem message for "avgdiagex.exe". Thanks

    All processes killed
    ========== COMMANDS ==========
    System Restore Service not available.
    ========== OTL ==========
    No active process named datamngrUI.exe was found!
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
    C:\Program Files\SR Toolbar\Datamngr\BrowserConnection.dll moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR deleted successfully.
    C:\Program Files\SR Toolbar\Datamngr\datamngrUI.exe moved successfully.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wincert\WIN32C~1.DLL deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Wincert\win32cert.dll moved successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\SRTOOL~1\Datamngr\datamngr.dll deleted successfully.
    C:\Program Files\SR Toolbar\Datamngr\datamngr.dll moved successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\SRTOOL~1\Datamngr\IEBHO.dll deleted successfully.
    C:\Program Files\SR Toolbar\Datamngr\IEBHO.dll moved successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:BC359956 deleted successfully.
    ========== FILES ==========
    C:\Documents and Settings\All Users\Application Data\Wincert folder moved successfully.
    C:\Documents and Settings\Owner\Local Settings\Application Data\jZip folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\boost_interprocess\485C160FF80ECE01 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\boost_interprocess folder moved successfully.
    C:\Program Files\SR Toolbar\Datamngr\ChromeExtension\lib folder moved successfully.
    C:\Program Files\SR Toolbar\Datamngr\ChromeExtension\config\skin\images folder moved successfully.
    C:\Program Files\SR Toolbar\Datamngr\ChromeExtension\config\skin\css folder moved successfully.
    C:\Program Files\SR Toolbar\Datamngr\ChromeExtension\config\skin folder moved successfully.
    C:\Program Files\SR Toolbar\Datamngr\ChromeExtension\config folder moved successfully.
    C:\Program Files\SR Toolbar\Datamngr\ChromeExtension folder moved successfully.
    C:\Program Files\SR Toolbar\Datamngr folder moved successfully.
    C:\Program Files\SR Toolbar folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Guest
    ->Temporary Internet Files folder emptied: 1151878 bytes

    User: Guest.OWNER-802C021C6
    ->Temp folder emptied: 923875 bytes
    ->Temporary Internet Files folder emptied: 59807153 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 8386651 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 1184117 bytes

    User: Owner
    ->Temp folder emptied: 1713121492 bytes
    ->Temporary Internet Files folder emptied: 32244029 bytes
    ->Java cache emptied: 42497905 bytes
    ->Google Chrome cache emptied: 133122238 bytes
    ->Flash cache emptied: 107197 bytes

    User: saadia awsome
    ->Temp folder emptied: 12652747 bytes
    ->Temporary Internet Files folder emptied: 9252291 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 215973126 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 2582268 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 216369155 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 428465908 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 4293427989 bytes

    Total Files Cleaned = 6,839.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 02282013_204920
    SystemLook 30.07.11 by jpshortstuff
    Log created at 21:21 on 28/02/2013 by Owner
    Administrator - Elevation successful
    ========== filefind ==========
    Searching for "*Bandoo*"
    No files found.
    Searching for "*Community*"
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_community.babycenter.com_0.localstorage --a---- 58368 bytes [03:03 04/07/2012] [01:25 27/07/2012] 29E58AF988A0710EF2FEF560C6533887
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_community.babycenter.com_0.localstorage-journal --a---- 16384 bytes [03:03 04/07/2012] [01:25 27/07/2012] A6D338620AEAA16349EC09739B8F64DC
    C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\H1HPN5HZ\community.babycenter[1].xml --a---- 6197 bytes [15:53 05/06/2012] [15:56 05/06/2012] 3F437D33C7B48C0B51D738C0E2F510B1
    C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\S11JH164\www.jewishiphonecommunity[1].xml --a---- 13 bytes [02:08 21/05/2012] [02:08 21/05/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
    Searching for "*Conduit*"
    C:\Program Files\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1206120 bytes [17:44 09/10/2011] [17:44 09/10/2011] B62A4F0A72A9AEA383DA12F7B9FB7E18
    C:\Program Files\Common Files\Apple\Mobile Device Support\com.yahoo.go.sync.client.resources\PhoneConduit.plist --a---- 11408 bytes [17:57 09/10/2011] [17:57 09/10/2011] AB18CD2A656AE753C30E6276EC3DA0C2
    Searching for "*datamngr*"
    C:\_OTL\MovedFiles\02282013_204920\C_Program Files\SR Toolbar\Datamngr\datamngr.dll --a---- 1540096 bytes [02:34 20/02/2013] [08:59 20/01/2013] 5932E5863CC287D164426391A78F9ECA
    C:\_OTL\MovedFiles\02282013_204920\C_Program Files\SR Toolbar\Datamngr\datamngrUI.exe --a---- 1683456 bytes [02:34 20/02/2013] [08:59 20/01/2013] D4C00173E64C3F947B396C45D065DA6E
    Searching for "*Fun4IM*"
    No files found.
    Searching for "*iLivid*"
    No files found.
    Searching for "*IObit*"
    No files found.
    Searching for "*Iminent*"
    No files found.
    Searching for "*Searchqu*"
    No files found.
    Searching for "*Searchnu*"
    No files found.
    Searching for "*Tarma*"
    No files found.
    Searching for "*trolltech*"
    No files found.
    Searching for "*vshare*"
    No files found.
    Searching for "*whitesmoke*"
    No files found.
    Searching for "*Yontoo*"
    No files found.
    ========== folderfind ==========
    Searching for "*Bandoo*"
    No folders found.
    Searching for "*Community*"
    C:\Program Files\AVG\AVG PC TuneUp\data\CommunityRating d------ [04:21 20/02/2013]
    Searching for "*Conduit*"
    No folders found.
    Searching for "*datamngr*"
    C:\_OTL\MovedFiles\02282013_204920\C_Program Files\SR Toolbar\Datamngr d------ [01:49 01/03/2013]
    Searching for "*Fun4IM*"
    No folders found.
    Searching for "*iLivid*"
    No folders found.
    Searching for "*IObit*"
    No folders found.
    Searching for "*Iminent*"
    No folders found.
    Searching for "*Searchqu*"
    No folders found.
    Searching for "*Searchnu*"
    No folders found.
    Searching for "*Tarma*"
    No folders found.
    Searching for "*trolltech*"
    No folders found.
    Searching for "*vshare*"
    No folders found.
    Searching for "*whitesmoke*"
    No folders found.
    Searching for "*Yontoo*"
    No folders found.
    ========== Regfind ==========
    Searching for "Bandoo"
    No data found.
    Searching for "Community"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Standard TCP/IP Port\Ports\Thadeus]
    "SNMP Community"="public"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port\Ports\Thadeus]
    "SNMP Community"="public"
    Searching for "Conduit"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
    "A9DE3518A49CE6248908E576570CB826"="C:\Program Files\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB1E579405BE28F46B2E7AAE9534B564]
    "A9DE3518A49CE6248908E576570CB826"="C:\Program Files\Common Files\Apple\Mobile Device Support\com.yahoo.go.sync.client.resources\PhoneConduit.plist"
    Searching for "datamngr"
    [HKEY_CURRENT_USER\Software\DataMngr]
    [HKEY_CURRENT_USER\Software\DataMngr]
    "DLLPath"="C:\Program Files\SR Toolbar\Datamngr\datamngr.dll"
    [HKEY_CURRENT_USER\Software\DataMngr]
    "Path"="C:\Program Files\SR Toolbar\Datamngr"
    [HKEY_CURRENT_USER\Software\DataMngr]
    "ShortDllPath"="C:\PROGRA~1\SRTOOL~1\Datamngr\datamngr.dll C:\PROGRA~1\SRTOOL~1\Datamngr\IEBHO.dll"
    [HKEY_CURRENT_USER\Software\DataMngr]
    "UIPath"="C:\Program Files\SR Toolbar\Datamngr\datamngrUI.exe"
    [HKEY_CURRENT_USER\Software\DataMngr_Toolbar]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\PROGRA~1\SRTOOL~1\Datamngr\DATAMN~1.EXE"="Data Manager"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader]
    @="DataMngr"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader.1]
    @="DataMngr"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7abe12ca-e995-4ab4-9a4e-ef8820a20182}\InprocServer32]
    @="C:\PROGRA~1\SRTOOL~1\Datamngr\SRTOOL~1\searchresultsDx.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}\1.0\0\win32]
    @="C:\PROGRA~1\SRTOOL~1\Datamngr\BROWSE~1.DLL"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}\1.0\HELPDIR]
    @="C:\PROGRA~1\SRTOOL~1\Datamngr"
    [HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
    [HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
    "DLLPath"="C:\Program Files\SR Toolbar\Datamngr\datamngr.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
    "Path"="C:\Program Files\SR Toolbar\Datamngr"
    [HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
    "ShortDllPath"="C:\PROGRA~1\SRTOOL~1\Datamngr\datamngr.dll C:\PROGRA~1\SRTOOL~1\Datamngr\IEBHO.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
    "UIPath"="C:\Program Files\SR Toolbar\Datamngr\datamngrUI.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7abe12ca-e995-4ab4-9a4e-ef8820a20182}]
    "AppPath"="C:\PROGRA~1\SRTOOL~1\Datamngr\SRTOOL~1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\SearchquSRTB]
    "Folder"="C:\Program Files\SR Toolbar\Datamngr\SRToolBar"
    [HKEY_USERS\S-1-5-21-682003330-1292428093-299502267-1003\Software\DataMngr]
    [HKEY_USERS\S-1-5-21-682003330-1292428093-299502267-1003\Software\DataMngr]
    "DLLPath"="C:\Program Files\SR Toolbar\Datamngr\datamngr.dll"
    [HKEY_USERS\S-1-5-21-682003330-1292428093-299502267-1003\Software\DataMngr]
    "Path"="C:\Program Files\SR Toolbar\Datamngr"
    [HKEY_USERS\S-1-5-21-682003330-1292428093-299502267-1003\Software\DataMngr]
    "ShortDllPath"="C:\PROGRA~1\SRTOOL~1\Datamngr\datamngr.dll C:\PROGRA~1\SRTOOL~1\Datamngr\IEBHO.dll"
    [HKEY_USERS\S-1-5-21-682003330-1292428093-299502267-1003\Software\DataMngr]
    "UIPath"="C:\Program Files\SR Toolbar\Datamngr\datamngrUI.exe"
    [HKEY_USERS\S-1-5-21-682003330-1292428093-299502267-1003\Software\DataMngr_Toolbar]
    [HKEY_USERS\S-1-5-21-682003330-1292428093-299502267-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\PROGRA~1\SRTOOL~1\Datamngr\DATAMN~1.EXE"="Data Manager"
    Searching for "Fun4IM"
    No data found.
    Searching for "iLivid"
    No data found.
    Searching for "IObit"
    No data found.
    Searching for "Iminent"
    No data found.
    Searching for "Searchqu"
    [HKEY_CURRENT_USER\Software\DataMngr\IEBHO]
    "404Url"="http://www.searchqu.com/web?src=404&appid=0&systemid=102&apn_uid=4833128011114030&q="
    [HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\IEBHO]
    "404Url"="http://www.searchqu.com/web?src=404&appid=0&systemid=102&apn_uid=4833128011114030&q="
    [HKEY_LOCAL_MACHINE\SOFTWARE\SearchquSRTB]
    [HKEY_USERS\S-1-5-21-682003330-1292428093-299502267-1003\Software\DataMngr\IEBHO]
    "404Url"="http://www.searchqu.com/web?src=404&appid=0&systemid=102&apn_uid=4833128011114030&q="
    Searching for "Searchnu"
    [HKEY_CURRENT_USER\Software\DataMngr\Chrome\Preferences\Homepage]
    "Value"="http://www.searchnu.com/102"
    [HKEY_CURRENT_USER\Software\DataMngr\Chrome\Preferences\StartPages]
    "Value"="http://www.searchnu.com/102"
    [HKEY_CURRENT_USER\Software\DataMngr\Files\ChromeHomepage]
    "Value"="http://www.searchnu.com/102"
    [HKEY_CURRENT_USER\Software\DataMngr\IEBHO]
    "NewTabUrl"="http://www.searchnu.com/102"
    [HKEY_CURRENT_USER\Software\DataMngr\List\Item2]
    "Value"="http://www.searchnu.com/102"
    [HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\Chrome\Preferences\Homepage]
    "Value"="http://www.searchnu.com/102"
    [HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\Chrome\Preferences\StartPages]
    "Value"="http://www.searchnu.com/102"
    [HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\Files\ChromeHomepage]
    "Value"="http://www.searchnu.com/102"
    [HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\IEBHO]
    "NewTabUrl"="http://www.searchnu.com/102"
    [HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\List\Item2]
    "Value"="http://www.searchnu.com/102"
    [HKEY_USERS\S-1-5-21-682003330-1292428093-299502267-1003\Software\DataMngr\Chrome\Preferences\Homepage]
    "Value"="http://www.searchnu.com/102"
    [HKEY_USERS\S-1-5-21-682003330-1292428093-299502267-1003\Software\DataMngr\Chrome\Preferences\StartPages]
    "Value"="http://www.searchnu.com/102"
    [HKEY_USERS\S-1-5-21-682003330-1292428093-299502267-1003\Software\DataMngr\Files\ChromeHomepage]
    "Value"="http://www.searchnu.com/102"
    [HKEY_USERS\S-1-5-21-682003330-1292428093-299502267-1003\Software\DataMngr\IEBHO]
    "NewTabUrl"="http://www.searchnu.com/102"
    [HKEY_USERS\S-1-5-21-682003330-1292428093-299502267-1003\Software\DataMngr\List\Item2]
    "Value"="http://www.searchnu.com/102"
    Searching for "Tarma"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mml\OpenWithProgIDs]
    "soffice.StarMathDocument.6"=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.sxm]
    @="soffice.StarMathDocument.6"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.sxm\OpenWithProgIDs]
    "soffice.StarMathDocument.6"=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\ProgID]
    @="soffice.StarMathDocument.6"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\VersionIndependentProgID]
    @="soffice.StarMathDocument.6"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\soffice.StarMathDocument]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\soffice.StarMathDocument\CurVer]
    @="soffice.StarMathDocument.6"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\soffice.StarMathDocument.6]
    [HKEY_LOCAL_MACHINE\SOFTWARE\OpenOffice.org\OpenOffice.org\3.4.1\Capabilities\FileAssociations]
    ".mml"="soffice.StarMathDocument.6"
    [HKEY_LOCAL_MACHINE\SOFTWARE\OpenOffice.org\OpenOffice.org\3.4.1\Capabilities\FileAssociations]
    ".sxm"="soffice.StarMathDocument.6"
    Searching for "trolltech"
    No data found.
    Searching for "vshare"
    No data found.
    Searching for "whitesmoke"
    No data found.
    Searching for "Yontoo"
    No data found.
    -= EOF =-
     
  7. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    581
    Hello thadulous,

    Let me know if the 2 bad image errors returns. Is it when you use Google Chrome? Google Chrome has no factory reset button - so to say. That means any problems with Google Chrome requires that it be removed and then reinstalled.


    Step 1.
    Registry Backup (TCRB)

    Please download tweaking.com_registry_backup_setup.exe
    Choose a download site for the installer... download and save it to your desktop.
    Double click on the "...setup.exe" program and install the program. Let the install use the default installation. How to tutorial here.

    Once the program is installed...

    1. Double click the Tweaking.com Registry Backup icon ... on your Desktop to open the program.
    2. It should open with the Backup Registry tab selected and all file options checked. Check any that are not already checked.
    3. Click on Backup Now to create a backup of your Registry.
      You'll see "Waiting for Volume Shadow Copy snapshot..." this may take a few moments, just be patient.
    4. When completed you should see a message saying something like ... Successful ??/?? Registry Files Backed Up ... ?? is total number of files, both numbers should match.
    5. Close and exit the program.


    < STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


    Step 2.
    OTL - System Scan/Fix
    Important! Close all applications and windows so that you have nothing open and are at your Desktop

    1. Double click on OTL.exe to execute it. Keep all other windows closed and let OTL run uninterrupted.
    2. Under the Standard Registry box change it to All.
    3. Check/tick the boxes beside LOP Check and Purity Check.
    4. Copy the following text... do not include the quote box title "Quote'
    5. Click under the Custom Scan/Fixes box and paste the copied text.
    6. Click the Run Fix button. If prompted... click OK.
    7. When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
    8. Please post the contents of report in your next reply.


    C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.


    Step 3.
    SystemLook should still be on your Desktop.
    For 64 bit Systems:


    • Double-click SystemLook.exe to run it.
    • Copy and paste the content of the following codebox into the main textfield:
      Code:
      :Regfind
      datamngr
      Searchqu
      Searchnu
      
    • Click the Look button to start the scan.
      Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

    Note: The log can also be found on your Desktop entitled SystemLook.txt


    Please include in your next reply:

    1. Contents of C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
    2. Contents of SystemLook.txt
    3. Any problem executing the instructions?
    4. How is the computer behaving?

    Thanks,
    wbg
     
  8. thadulous

    thadulous Thread Starter

    Joined:
    Feb 20, 2013
    Messages:
    33
    I did step 1 and received message Error! 0/17 registryfiles files backed up.
     
  9. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    581
    Greetings thadulous,

    I apologize for the long delay.

    And

    Good job on posting back the results from the failed backup attempt.

    Please run the following:

    Farbar Service Scanner (FSS)
    SCAN Option
    Please download Farbar Service Scanner ... by Farbar and save it to your Desktop.

    1. Double click FSS.exe to run it on the computer with the issue.
    2. Make sure the following options are checked:
      • Internet Services (checked by default)
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    3. Press the "Scan" button.
      When finished, a text file named FSS.txt will be created on your desktop. (Same folder the tool is run).
    4. Please copy and paste the contents of the FSS.txt log to your reply.
      Note: If you receive an AutoIt error indicating: Error: Variable must be of type "Object", please UNCHECK the "Report Windows Version Fully" option and run the scan again.
     
  10. thadulous

    thadulous Thread Starter

    Joined:
    Feb 20, 2013
    Messages:
    33
    Farbar Service Scanner Version: 03-03-2013
    Ran by Owner (administrator) on 08-03-2013 at 13:00:11
    Running from "C:\Documents and Settings\Owner\Desktop"
    Microsoft Windows XP Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Security Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================
    RpcSs Service is not running. Checking service configuration:
    The start type of RpcSs service is OK.
    The ImagePath of RpcSs service is OK.

    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll
    [2009-09-23 08:50] - [2008-04-14 07:00] - 0006656 ____A (Microsoft Corporation) 35321FB577CDC98CE3EB3A3EB9E4610A
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe
    [2008-04-14 07:00] - [2009-02-06 06:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315

    Extra List:
    =======
    Avgtdix(11) bckd(9) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) WSIMD(8)
    0x0B00000005000000010000000200000003000000040000000A0000000B00000009000000070000000800000006000000
    IpSec Tag value is correct.
    **** End of log ****
     
  11. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    581
    Hello thadulous,

    Again, I apologize for the long delay.

    And;

    Please let me know if the 2 bad image errors returns.

    Step 1.
    Create a Restore Point
    Because we are going to be making changes to your computer...it is advisable to create a new System Restore Point.
    Since we know the System Restore feature is not working, let's check the computers setting before we go any further.
    Turn ON System Restore

    1. Click Start,
    2. Right-click My Computer, then click Properties...from the menu.
    3. In the System Properties dialog box, click the System Restore tab.
    4. NOTE: If the System Restore tab is NOT visible, make mention of this in your next post. Continue to the "Create a New System Restore Point." step.
    5. Uncheck...the Turn off System Restore on all drives check box, if checked.
    6. Click OK.
      After a few moments, the System Properties dialog box closes.

    Note: If the System Restore function was NOT active... by turning it ON, a restore point was automatically created.

    Be sure to perform this step.
    Create a New System Restore Point.
    1. Click Start,
    2. Select All Programs, Accessories, System Tools... press System Restore.
    3. At the Welcome screen...select Create a restore point...then press Next.
    4. In the description box, type a name - "My Save Point" to describe this restore point.
      • System Restore automatically adds (to your description) the current date and time.
    5. Click Create...to finish creating this restore point.
    6. Click Close to exit System Restore.

    Unless you use some other method to create system restore points... it is advisable to leave this feature ON and active.

    If you have successfully created a System Restore Point...we can proceed.
    STOP! If you have NOT successfully created a System Restore Point... STOP! do not go any further!
    Please post back so we can determine why it was unsuccessful.



    Step 2.
    OTL - System Scan/Fix
    Important! Close all applications and windows so that you have nothing open and are at your Desktop

    1. Double click on OTL.exe to execute it. Keep all other windows closed and let OTL run uninterrupted.
    2. Under the Standard Registry box change it to All.
    3. Check/tick the boxes beside LOP Check and Purity Check.
    4. Copy the following text... do not include the quote box title "Quote'
    5. Click under the Custom Scan/Fixes box and paste the copied text.
    6. Click the Run Fix button. If prompted... click OK.
    7. When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
    8. Please post the contents of report in your next reply.


    C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.


    Step 3.
    SystemLook should still be on your Desktop.
    For 64 bit Systems:


    • Double-click SystemLook.exe to run it.
    • Copy and paste the content of the following codebox into the main textfield:
      Code:
      :Regfind
      datamngr
      Searchqu
      Searchnu
      
    • Click the Look button to start the scan.
      Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

    Note: The log can also be found on your Desktop entitled SystemLook.txt


    Please include in your next reply:

    1. Contents of C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
    2. Contents of SystemLook.txt
    3. Any problem executing the instructions?
    4. How is the computer behaving?

    Thanks,
    wbg
     
  12. thadulous

    thadulous Thread Starter

    Joined:
    Feb 20, 2013
    Messages:
    33
    still getting bad image message for google crash handler.exe and google updater.exe also error report for avgdiagex.exe. thanks

    ========== REGISTRY ==========
    Registry key HKEY_CURRENT_USER\Software\DataMngr\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\DataMngr_Toolbar\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SearchquSRTB\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader.1\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7abe12ca-e995-4ab4-9a4e-ef8820a20182}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7abe12ca-e995-4ab4-9a4e-ef8820a20182}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7abe12ca-e995-4ab4-9a4e-ef8820a20182}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7abe12ca-e995-4ab4-9a4e-ef8820a20182}\ not found.
    Registry key HKEY_USERS\S-1-5-21-682003330-1292428093-299502267-1003\Software\DataMngr_Toolbar\ not found.
    Registry key HKEY_USERS\S-1-5-21-682003330-1292428093-299502267-1003\Software\DataMngr\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\PROGRA~1\SRTOOL~1\Datamngr\DATAMN~1.EXE deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-682003330-1292428093-299502267-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\PROGRA~1\SRTOOL~1\Datamngr\DATAMN~1.EXE not found.
    ========== COMMANDS ==========
    Error: Unable to interpret <[EMPTYTEMP> in the current context!

    OTL by OldTimer - Version 3.2.69.0 log created on 03102013_133326
    SystemLook 30.07.11 by jpshortstuff
    Log created at 13:41 on 10/03/2013 by Owner
    Administrator - Elevation successful
    ========== Regfind ==========
    Searching for "datamngr"
    No data found.
    Searching for "Searchqu"
    No data found.
    Searching for "Searchnu"
    No data found.
    -= EOF =-
     
  13. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    581
    Hello thadulous,

    When you get these messages, is it only during startup or when you use other programs?
    Does it happen when you try the Google Chrome browser; Internet Explorer; Firefox?

    Please be specific when these errors occur and what the exact wording is of the error message.

    Also? How is the computer performing?

    Please run the following:

    Step 1.
    ESET online scanner

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

    Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    • First please Disable any Antivirus you have active, as shown in This topic. Scroll down to find your product.
    • Note: Don't forget to re-enable it after the scan.
    • Next hold down Control then click on the following link to open a new window to ESET online scanner
    • Press the Blue Run ESET Online Scanner button on the left side of the page.
    • A popup box will open.
    • Select the option YES, I accept the Terms of Use then click on Start.
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:

      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Now click on Start.
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • When the scan is completed and you would like the program removed, select Uninstall application on close. Be sure you have copied the log file first!
    • Now click on Finish.
    • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    • Copy and paste that log as a reply to this topic.


    Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


    Step 2.
    OTL
    OTL should still be on your Desktop.

    1. Double click on OTL.exe to run it.
    2. Click the Scan All Users checkbox.
    3. Check the Extra Registry block to make sure the "Use SafeList" button is highlighted.
      Leave the remaining selections to the default settings.
    4. Click on Run Scan at the top left hand corner.
    5. When done, two Notepad files will open.
      • OTL.txt <-- Will be opened, maximized
      • Extras.txt <-- Will be minimized on task bar.
    6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.



    Please include in your next reply:

    1. Answer to my question about image error(s) and computer performance
    2. Contents of Eset log
    3. Contents of OTL.txt log
    4. Contents of Extras.txt
    5. Any problem executing the instructions?
    6. How is the computer behaving?

    Thanks,
    wbg
     
  14. thadulous

    thadulous Thread Starter

    Joined:
    Feb 20, 2013
    Messages:
    33
    Attached are the errors I received while running the eset scanner. I also receive the google update.exe error when the computer starts up. Below are the files. Besides the exe errors my computer seems to run ok. Thanks

    [email protected] as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=8
    # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6920
    # api_version=3.0.2
    # EOSSerial=da0515c8d0ca9d4c96466a2491681978
    # engine=13369
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2013-03-13 06:48:09
    # local_time=2013-03-13 02:48:09 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=1039 16777213 100 99 1556082 49348073 0 0
    # scanned=119438
    # found=9
    # cleaned=0
    # scan_time=18101
    sh=47EF53486FF826F192DBE1C2912D20FF41407159 ft=1 fh=8766b46152348b06 vn="Win32/DownloadAdmin.D application" ac=I fn="C:\Documents and Settings\Owner\My Documents\Downloads\cbsidlm-tr1_7-4Sync-SEO2-75629652.exe"
    sh=D2245F6F12A5A13635A2F9814D29E02DFD584084 ft=1 fh=cf6796d6a3d03d0a vn="Win32/Toolbar.SearchSuite application" ac=I fn="C:\Documents and Settings\Owner\My Documents\Downloads\jZipSetup.exe"
    sh=07CA0867C4488ACD9610E0BF8DF8559A0A9C0AB9 ft=1 fh=7de2aac01d81f613 vn="a variant of Win32/SoftonicDownloader.D application" ac=I fn="C:\Documents and Settings\Owner\My Documents\Downloads\SoftonicDownloader_for_format-factory.exe"
    sh=0BA5315F2A97F86BB0EC0EC76AA0F08506C6CF99 ft=1 fh=930441eeb74ab255 vn="probably a variant of Win32/InstallIQ application" ac=I fn="C:\Documents and Settings\Owner\My Documents\Downloads\unziplite_d1178550.exe"
    sh=BA5C14A5AB0FE88E85E12529A0D030AD25A4CC79 ft=1 fh=ed1964f03e1bac1f vn="a variant of Win32/OpenInstall application" ac=I fn="C:\Documents and Settings\Owner\My Documents\Downloads\WinZip170 (1).exe"
    sh=BA5C14A5AB0FE88E85E12529A0D030AD25A4CC79 ft=1 fh=ed1964f03e1bac1f vn="a variant of Win32/OpenInstall application" ac=I fn="C:\Documents and Settings\Owner\My Documents\Downloads\WinZip170.exe"
    sh=F24180EB21274E325B8A6FFF6132DA11C73BED0C ft=1 fh=0543fcb830746d4c vn="a variant of Win32/Toolbar.SearchSuite.A application" ac=I fn="C:\_OTL\MovedFiles\02282013_204920\C_Program Files\SR Toolbar\Datamngr\datamngrUI.exe"
    sh=76435044460C66990082F28480F1794C68B1419A ft=1 fh=8e47ead6ac7c2d34 vn="a variant of Win32/Toolbar.SearchSuite application" ac=I fn="C:\_OTL\MovedFiles\02282013_204920\C_Program Files\SR Toolbar\Datamngr\DnsBHO.dll"
    sh=33A5446828EE95E3A5069F89C11BCDC6F996E703 ft=1 fh=70961415e3007f72 vn="a variant of Win32/Toolbar.SearchSuite application" ac=I fn="C:\_OTL\MovedFiles\02282013_204920\C_Program Files\SR Toolbar\Datamngr\IEBHO.dll"

    OTL logfile created on: 3/13/2013 8:40:43 AM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1015.23 Mb Total Physical Memory | 499.41 Mb Available Physical Memory | 49.19% Memory free
    2.39 Gb Paging File | 1.52 Gb Available in Paging File | 63.74% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.05 Gb Total Space | 73.26 Gb Free Space | 49.15% Space Free | Partition Type: NTFS
    Drive D: | 14.47 Gb Total Space | 3.45 Gb Free Space | 23.82% Space Free | Partition Type: FAT32

    Computer Name: OWNER-802C021C6 | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/02/25 23:33:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    PRC - [2013/01/31 11:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2013/01/20 15:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
    PRC - [2012/12/11 04:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
    PRC - [2012/11/16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
    PRC - [2012/10/22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    PRC - [2012/10/22 14:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
    PRC - [2012/10/22 14:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
    PRC - [2012/09/28 22:12:34 | 000,070,656 | ---- | M] (Nike) -- C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe
    PRC - [2012/08/13 10:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
    PRC - [2012/08/13 10:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
    PRC - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
    PRC - [2012/02/13 15:02:32 | 001,604,880 | ---- | M] (Blue Coat Systems, Inc.) -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
    PRC - [2011/08/24 18:30:58 | 000,651,832 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
    PRC - [2011/08/24 18:30:58 | 000,430,136 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    PRC - [2011/01/27 17:13:50 | 000,226,624 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
    PRC - [2011/01/27 17:13:40 | 000,673,088 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
    PRC - [2009/06/11 11:17:38 | 003,618,104 | ---- | M] (brother) -- C:\Program Files\Brownie\BrStsWnd.exe
    PRC - [2009/04/02 04:51:00 | 000,288,560 | ---- | M] (syncables, LLC) -- C:\Program Files\syncables\syncables desktop\MigoMapi.exe
    PRC - [2009/04/02 04:51:00 | 000,173,360 | ---- | M] (syncables, LLC) -- C:\Program Files\syncables\syncables desktop\Syncables.exe
    PRC - [2009/04/02 04:51:00 | 000,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe
    PRC - [2009/03/30 00:47:00 | 000,483,428 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\STTRAY.EXE
    PRC - [2009/03/30 00:47:00 | 000,254,042 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\WDM\STACSV.EXE
    PRC - [2009/02/18 01:41:56 | 000,737,280 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFLTR.EXE
    PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/10/31 23:26:36 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
    MOD - [2012/10/31 23:26:36 | 000,170,496 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxslt.dll
    MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/01/27 17:13:50 | 000,226,624 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
    MOD - [2011/01/27 17:13:40 | 000,673,088 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
    MOD - [2008/04/14 08:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
    MOD - [2008/04/14 08:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


    ========== Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2013/03/12 21:11:59 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/01/31 11:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2012/11/16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/10/22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
    SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
    SRV - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
    SRV - [2012/02/13 15:02:32 | 001,604,880 | ---- | M] (Blue Coat Systems, Inc.) [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs)
    SRV - [2011/08/24 18:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
    SRV - [2011/01/27 17:13:50 | 000,226,624 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
    SRV - [2009/03/30 00:47:00 | 000,254,042 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\WDM\STACSV.EXE -- (STacSV)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts5161ccid.sys -- (USBCCID)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\pft8.tmp\UCORESYS.SYS -- (UCORESYS)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (Rts516xIR)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - [2012/11/16 00:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2012/10/22 14:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
    DRV - [2012/10/15 04:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
    DRV - [2012/10/02 04:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2012/09/21 04:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2012/09/21 04:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
    DRV - [2012/09/21 04:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
    DRV - [2012/09/14 04:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
    DRV - [2012/02/13 15:02:02 | 000,087,312 | ---- | M] (Blue Coat Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bckd.sys -- (bckd)
    DRV - [2009/09/23 10:12:40 | 001,735,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2009/03/30 00:47:00 | 001,550,891 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2009/03/18 22:55:06 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
    DRV - [2009/03/02 03:03:48 | 000,038,912 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
    DRV - [2008/11/25 07:44:04 | 000,058,080 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
    DRV - [2008/11/21 08:36:46 | 000,160,256 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-682003330-1292428093-299502267-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-682003330-1292428093-299502267-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    IE - HKU\S-1-5-21-682003330-1292428093-299502267-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKU\S-1-5-21-682003330-1292428093-299502267-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
    IE - HKU\S-1-5-21-682003330-1292428093-299502267-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-682003330-1292428093-299502267-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-682003330-1292428093-299502267-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 5B 3B 29 87 1F CE 01 [binary data]
    IE - HKU\S-1-5-21-682003330-1292428093-299502267-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-682003330-1292428093-299502267-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-682003330-1292428093-299502267-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-682003330-1292428093-299502267-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-682003330-1292428093-299502267-1003\..\SearchScopes\{47E023EE-3FBA-41EB-842A-B541B341C533}: "URL" = http://www.google.com/search?q={sea...ource}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKU\S-1-5-21-682003330-1292428093-299502267-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-682003330-1292428093-299502267-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

    IE - HKU\S-1-5-21-682003330-1292428093-299502267-501\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-682003330-1292428093-299502267-501\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-682003330-1292428093-299502267-501\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 72 01 FB 1C 0F CE 01 [binary data]
    IE - HKU\S-1-5-21-682003330-1292428093-299502267-501\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
    IE - HKU\S-1-5-21-682003330-1292428093-299502267-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll (Amazon.com, Inc.)



    ========== Chrome ==========

    CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
    CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cljcgchbnolheggdgaeclffeagnnmhno\0.993_0\
    CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
    CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.0.1.0_0\
    CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\
    CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\npeidojcmghjibnbnmjloedchcgdkbeo\2.0.15_0\
    CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\
    CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
    CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp\4.1.7_0\

    O1 HOSTS File: ([2013/03/12 20:48:47 | 000,002,432 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 216.239.32.20 www.google.ae # bck9
    O1 - Hosts: 216.239.32.20 www.google.at # bck9
    O1 - Hosts: 216.239.32.20 www.google.be # bck9
    O1 - Hosts: 216.239.32.20 www.google.ca # bck9
    O1 - Hosts: 216.239.32.20 www.google.ch # bck9
    O1 - Hosts: 216.239.32.20 www.google.cl # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.il # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.in # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.jp # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.kr # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.nz # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.uk # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.ve # bck9
    O1 - Hosts: 216.239.32.20 www.google.co.za # bck9
    O1 - Hosts: 216.239.32.20 www.google.com # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.ar # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.au # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.br # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.co # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.gr # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.hk # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.mx # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.my # bck9
    O1 - Hosts: 216.239.32.20 www.google.com.pe # bck9
    O1 - Hosts: 39 more lines...
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKU\S-1-5-21-682003330-1292428093-299502267-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O3 - HKU\S-1-5-21-682003330-1292428093-299502267-501\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
    O4 - HKLM..\Run: [HP Mobile Broadband] c:\SWsetup\HPQWWAN\HPMobileBroadband.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [Nike+ Connect] C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike)
    O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
    O4 - HKLM..\Run: [Syncables] C:\Program Files\syncables\syncables desktop\Syncables.exe (syncables, LLC)
    O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\STTRAY.EXE (IDT, Inc.)
    O4 - HKU\S-1-5-21-682003330-1292428093-299502267-1003..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background File not found
    O4 - HKU\S-1-5-21-682003330-1292428093-299502267-1003..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe -update activex File not found
    O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O4 - Startup: C:\Documents and Settings\saadia awsome\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-682003330-1292428093-299502267-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-682003330-1292428093-299502267-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7FF8E67-08A0-4AD8-AA1E-F33476B68C26}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\linkscanner - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
    O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
    O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found
    O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found
    O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found
    O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found
    O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
    O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
    O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found
    O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
    O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found
    O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
    O24 - Desktop WallPaper: C:\WINDOWS\Tempest.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Tempest.bmp
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
    O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
    O29 - HKLM SecurityProviders - (schannel.dll) - File not found
    O29 - HKLM SecurityProviders - (digest.dll) - File not found
    O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/09/23 09:53:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{cde3356c-63ec-11e2-b7a2-0025b356963d}\Shell - "" = AutoRun
    O33 - MountPoints2\{cde3356c-63ec-11e2-b7a2-0025b356963d}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{cde3356c-63ec-11e2-b7a2-0025b356963d}\Shell\AutoRun\command - "" = E:\setup.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/03/12 21:18:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2013/03/10 13:51:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2013/03/08 13:58:51 | 000,354,265 | ---- | C] (Farbar) -- C:\Documents and Settings\Owner\Desktop\FSS.exe
    [2013/03/03 23:28:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
    [2013/03/03 23:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
    [2013/02/28 21:49:20 | 000,000,000 | ---D | C] -- C:\_OTL
    [2013/02/25 23:33:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2013/02/25 23:22:03 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/02/25 23:01:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AVG
    [2013/02/20 21:04:11 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
    [2013/02/20 09:17:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Add-in Express
    [2013/02/20 00:21:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG
    [2013/02/20 00:20:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG
    [2013/02/20 00:20:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
    [2013/02/19 22:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SanDisk
    [2013/02/15 10:19:19 | 000,000,000 | ---D | C] -- C:\700fd5ca17cb3e9a4a
    [2013/02/12 11:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG

    ========== Files - Modified Within 30 Days ==========

    [2013/03/13 08:48:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{990FDF9F-A530-42E4-91C1-C549B1712AB6}.job
    [2013/03/13 08:47:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7F94364F-F556-4DF2-A997-BC3172BED459}.job
    [2013/03/13 02:09:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/03/12 23:08:37 | 000,266,317 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\errors.odt
    [2013/03/12 21:11:36 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2013/03/12 21:11:34 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2013/03/12 20:47:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/03/12 20:47:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/03/10 14:09:52 | 000,503,360 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/03/10 14:09:52 | 000,088,718 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/03/10 14:02:26 | 000,286,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/03/08 13:58:53 | 000,354,265 | ---- | M] (Farbar) -- C:\Documents and Settings\Owner\Desktop\FSS.exe
    [2013/03/03 23:28:14 | 000,001,876 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tweaking.com - Registry Backup.lnk
    [2013/03/03 23:27:03 | 004,038,919 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tweaking.com_registry_backup_setup.exe
    [2013/02/28 20:32:57 | 000,005,291 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Document.rtf
    [2013/02/25 23:33:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2013/02/21 00:59:12 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\My Sharing Folders.lnk
    [2013/02/21 00:37:04 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
    [2013/02/21 00:37:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2013/02/20 21:04:12 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
    [2013/02/20 10:56:16 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2013/02/20 09:18:32 | 000,000,314 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\poetsch.bat
    [2013/02/20 08:24:13 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2013/02/20 07:41:51 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
    [2013/02/20 00:37:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
    [2013/02/20 00:37:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2013/02/19 23:36:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
    [2013/02/19 23:36:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
    [2013/02/19 23:23:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
    [2013/02/19 23:23:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
    [2013/02/18 00:07:11 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
    [2013/02/18 00:07:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
    [2013/02/15 17:38:41 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
    [2013/02/15 17:38:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
    [2013/02/15 10:19:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2013/02/14 00:48:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
    [2013/02/14 00:48:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
    [2013/02/13 22:22:00 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/02/12 11:31:18 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
    [2013/02/12 00:10:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
    [2013/02/12 00:10:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm

    ========== Files Created - No Company Name ==========

    [2013/03/12 21:17:17 | 000,266,317 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\errors.odt
    [2013/03/03 23:28:14 | 000,001,876 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tweaking.com - Registry Backup.lnk
    [2013/03/03 23:27:03 | 004,038,919 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tweaking.com_registry_backup_setup.exe
    [2013/02/28 20:32:56 | 000,005,291 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Document.rtf
    [2013/02/21 00:59:12 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\My Sharing Folders.lnk
    [2013/02/20 09:18:32 | 000,000,314 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\poetsch.bat
    [2012/10/10 21:24:07 | 000,118,818 | ---- | C] () -- C:\WINDOWS\System32\Dctn.dll
    [2012/09/01 22:15:42 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\dt.dat
    [2012/08/29 09:24:57 | 000,243,450 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-682003330-1292428093-299502267-1007-0.dat
    [2012/06/21 18:20:48 | 000,243,450 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-682003330-1292428093-299502267-501-0.dat
    [2012/04/28 22:49:10 | 000,282,733 | ---- | C] () -- C:\WINDOWS\Halacha Brura Uninstaller.exe
    [2012/03/06 11:21:53 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/02/24 00:45:42 | 000,078,378 | ---- | C] () -- C:\Documents and Settings\Owner\.DLMSave_back.xml
    [2012/02/24 00:45:42 | 000,078,378 | ---- | C] () -- C:\Documents and Settings\Owner\.DLMSave.xml
    [2012/02/24 00:44:44 | 000,001,256 | ---- | C] () -- C:\Documents and Settings\Owner\.Setting.ini
    [2012/02/14 22:55:50 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/02/03 13:07:49 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\f9t.dat
    [2012/01/18 00:15:30 | 000,243,450 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-682003330-1292428093-299502267-1003-0.dat
    [2012/01/16 23:36:07 | 000,243,450 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2011/11/24 21:16:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/10/24 11:24:34 | 000,062,308 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2002/02/21 06:46:28 | 000,002,602 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat

    ========== ZeroAccess Check ==========

    [2009/09/23 10:14:43 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 08:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 08:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
    < End of report >

    OTL Extras logfile created on: 3/13/2013 8:40:43 AM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1015.23 Mb Total Physical Memory | 499.41 Mb Available Physical Memory | 49.19% Memory free
    2.39 Gb Paging File | 1.52 Gb Available in Paging File | 63.74% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.05 Gb Total Space | 73.26 Gb Free Space | 49.15% Space Free | Partition Type: NTFS
    Drive D: | 14.47 Gb Total Space | 3.45 Gb Free Space | 23.82% Space Free | Partition Type: FAT32

    Computer Name: OWNER-802C021C6 | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .reg [@ = regfile] -- regedit.exe "%1"

    [HKEY_USERS\S-1-5-21-682003330-1292428093-299502267-1003\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- winhlp32.exe %1
    piffile [open] -- "%1" %*
    regfile [open] -- regedit.exe "%1"
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
    "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
    "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
    "C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe" = C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
    "C:\Program Files\Brother\BRAdmin Light\BRAdmLight.exe" = C:\Program Files\Brother\BRAdmin Light\BRAdmLight.exe:*:Enabled:BRAdmin Light -- (Brother Industries, Ltd.)
    "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
    "C:\Documents and Settings\Owner\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\Owner\Application Data\Spotify\spotify.exe:*:Enabled:Spotify
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin
    "C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
    "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
    "C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013 -- ()
    "C:\Program Files\AVG\AVG2013\avgemcx.exe" = C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0AF9A122-18A5-11D5-85EB-444553540000}" = Gemara
    "{0E6B3568-2337-4429-9E14-0D9D8157D45A}" = Network Recording Player
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP460" = Canon MP460
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{22644FC4-9EA9-4F67-A76C-91C51E9E0963}" = AVG 2013
    "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4F2AF17E-94F0-4F22-943D-216CE46AC502}" = HP Mobile Broadband Setup Utility
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
    "{69DAC00A-7665-4E9B-B441-093D40736429}" = HP BatteryCheck 2.10 A2
    "{6FABA483-0BAD-4EFA-9B1C-599CC4F6677D}" = HP User Guides 0139
    "{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{731E713B-C13E-4527-B624-8A6DF2D33DAF}" = AVG 2013
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7FD093C2-3493-4B17-BB15-B129A7D1DC51}" = AVG 2013
    "{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 2.2.1.3
    "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{918F4F34-2544-4519-9479-9239C8DD69DF}" = syncables desktop
    "{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
    "{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
    "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D3D1D696-84A8-465A-BC61-CDAC852B24CD}_is1" = Phone to PC 4.1.6.2
    "{DB75941E-30C4-4D97-B000-D17C764B998C}" = Brother BRAdmin Light 1.21.0001
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{ED65D5B7-FD18-4E75-AC2A-50C40544D797}" = Brother HL-2170W
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{FB29B583-945C-4094-BB4B-3A405574C560}" = Motorola Mobile Drivers Installation 5.0.0
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
    "AVG" = AVG 2013
    "Blue Coat K9 Web Protection" = Blue Coat K9 Web Protection
    "Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
    "eMusic Download Manager 5.0.5" = eMusic Download Manager
    "FormatFactory" = FormatFactory 2.96
    "Halacha Brura" = Halacha Brura
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "MotoHelper" = MotoHelper 2.0.45 Driver 5.0.0
    "MP Navigator 3.0" = Canon MP Navigator 3.0
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSNINST" = MSN
    "Nike+ Connect" = Nike+ Connect
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Picasa 3" = Picasa 3
    "Stamps.com" = Stamps.com
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "Tweaking.com - Registry Backup" = Tweaking.com - Registry Backup
    "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-682003330-1292428093-299502267-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Master Torah Download" = Master Torah Download

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 3/12/2013 8:48:48 PM | Computer Name = OWNER-802C021C6 | Source = SecurityCenter | ID = 1802
    Description = The Windows Security Center Service was unable to establish event
    queries with WMI to monitor third party AntiVirus and Firewall.

    Error - 3/12/2013 8:50:17 PM | Computer Name = OWNER-802C021C6 | Source = Application Error | ID = 1000
    Description = Faulting application avgdiagex.exe, version 0.0.0.0, faulting module
    avgdiagex.exe, version 0.0.0.0, fault address 0x001be4bf.

    Error - 3/12/2013 8:56:57 PM | Computer Name = OWNER-802C021C6 | Source = MsiInstaller | ID = 1024
    Description = Product: Microsoft Office Home and Student 2007 - Update 'Update for
    Microsoft Office 2007 suites (KB2767916) 32-Bit Edition' could not be installed.
    Error code 1603. Windows Installer can create logs to help troubleshoot issues
    with installing software packages. Use the following link for instructions on turning
    on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

    Error - 3/12/2013 9:00:08 PM | Computer Name = OWNER-802C021C6 | Source = MsiInstaller | ID = 1024
    Description = Product: Microsoft Office Home and Student 2007 - Update 'Update for
    Microsoft Office 2007 suites (KB2596620) 32-Bit Edition' could not be installed.
    Error code 1603. Windows Installer can create logs to help troubleshoot issues
    with installing software packages. Use the following link for instructions on turning
    on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

    Error - 3/13/2013 2:50:20 AM | Computer Name = OWNER-802C021C6 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 3/13/2013 2:50:20 AM | Computer Name = OWNER-802C021C6 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 8235

    Error - 3/13/2013 2:50:20 AM | Computer Name = OWNER-802C021C6 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 8235

    Error - 3/13/2013 7:54:01 AM | Computer Name = OWNER-802C021C6 | Source = Application Error | ID = 1000
    Description = Faulting application avgdiagex.exe, version 0.0.0.0, faulting module
    avgdiagex.exe, version 0.0.0.0, fault address 0x001be4bf.

    Error - 3/13/2013 7:55:52 AM | Computer Name = OWNER-802C021C6 | Source = MsiInstaller | ID = 1024
    Description = Product: Microsoft Office Home and Student 2007 - Update 'Update for
    Microsoft Office 2007 suites (KB2767916) 32-Bit Edition' could not be installed.
    Error code 1603. Windows Installer can create logs to help troubleshoot issues
    with installing software packages. Use the following link for instructions on turning
    on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

    Error - 3/13/2013 8:21:44 AM | Computer Name = OWNER-802C021C6 | Source = Application Error | ID = 1000
    Description = Faulting application avgdiagex.exe, version 0.0.0.0, faulting module
    avgdiagex.exe, version 0.0.0.0, fault address 0x001be4bf.

    [ System Events ]
    Error - 3/10/2013 1:51:44 PM | Computer Name = OWNER-802C021C6 | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 3/10/2013 1:51:45 PM | Computer Name = OWNER-802C021C6 | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 3/10/2013 1:51:45 PM | Computer Name = OWNER-802C021C6 | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 3/10/2013 1:51:45 PM | Computer Name = OWNER-802C021C6 | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 3/10/2013 1:51:45 PM | Computer Name = OWNER-802C021C6 | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 3/10/2013 1:51:45 PM | Computer Name = OWNER-802C021C6 | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 3/12/2013 8:50:51 PM | Computer Name = OWNER-802C021C6 | Source = Service Control Manager | ID = 7022
    Description = The AVGIDSAgent service hung on starting.

    Error - 3/12/2013 9:06:40 PM | Computer Name = OWNER-802C021C6 | Source = Windows Update Agent | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Update for Microsoft Office 2007 suites (KB2767916).

    Error - 3/12/2013 9:06:40 PM | Computer Name = OWNER-802C021C6 | Source = Windows Update Agent | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Update for Microsoft Office 2007 suites (KB2596620).

    Error - 3/13/2013 7:59:20 AM | Computer Name = OWNER-802C021C6 | Source = Windows Update Agent | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Update for Microsoft Office 2007 suites (KB2767916).


    < End of report >
     

    Attached Files:

  15. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    581
    Greetings thadulous,

    Please run the following:

    SystemLook

    SystemLook should still be on your Desktop.

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield: Do not include the word Code
      Code:
      :filefind
      *dbghelp.dll*
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt



    Please post the results in your next post.
    Thanks
    wbg
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1090475

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice