[Inactive] google redirect virus

google is my home page. Searches being redirected. dell vostro 200. running windows xp. pc tools spyware not running. Microsoft security essentials disabled. Can you help?

Follow the instructions here..

http://discussions.virtualdr.com/sho...d.php?t=167915

and copy/paste the log files/results of all 4 scanners in this thread.

gmer kept crashing. The scan took forever and finally the operating system shut down to protect itself here are the other logs: I have regained control of my search engine but its slow and still nto right.

Mary Forgione :: MARY [administrator]

6/12/2012 11:17:10 PM
mbam-log-2012-06-12 (23-17-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 425588
Time elapsed: 1 hour(s), 30 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Documents and Settings\All Users\Application Data\TheBflix (PUP.BFlix) -> No action taken.
C:\Documents and Settings\All Users\Application Data\TheBflix\data (PUP.BFlix) -> No action taken.

Files Detected: 7
C:\Documents and Settings\All Users\Application Data\TheBflix\bhoclass.dll (PUP.DownloadnSave) -> No action taken.
C:\Documents and Settings\All Users\Application Data\TheBflix\background.html (PUP.BFlix) -> No action taken.
C:\Documents and Settings\All Users\Application Data\TheBflix\content.js (PUP.BFlix) -> No action taken.
C:\Documents and Settings\All Users\Application Data\TheBflix\fhocdmhohpjjbaamenhbaidaoihaiflb.crx (PUP.BFlix) -> No action taken.
C:\Documents and Settings\All Users\Application Data\TheBflix\settings.ini (PUP.BFlix) -> No action taken.
C:\Documents and Settings\All Users\Application Data\TheBflix\data\content.js (PUP.BFlix) -> No action taken.
C:\Documents and Settings\All Users\Application Data\TheBflix\data\jsondb.js (PUP.BFlix) -> No action taken.

(end)



aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-13 21:07:14
-----------------------------
21:07:14.093 OS Version: Windows 5.1.2600 Service Pack 3
21:07:14.093 Number of processors: 1 586 0x1601
21:07:14.093 ComputerName: MARY UserName:
21:07:14.703 Initialize success
21:11:58.531 AVAST engine defs: 12061301
22:37:30.062 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:37:30.062 Disk 0 Vendor: WDC_WD800JD-75MSA3 10.01E04 Size: 76293MB BusType: 3
22:37:30.093 Disk 0 MBR read successfully
22:37:30.093 Disk 0 MBR scan
22:37:30.140 Disk 0 Windows XP default MBR code
22:37:30.140 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
22:37:30.171 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76238 MB offset 96390
22:37:30.171 Disk 0 scanning sectors +156232125
22:37:30.250 Disk 0 scanning C:\WINDOWS\system32\drivers
22:37:47.734 Service scanning
22:38:12.781 Modules scanning
22:38:30.562 Disk 0 trace - called modules:
22:38:30.578 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:38:30.937 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d7dab8]
22:38:30.937 3 CLASSPNP.SYS[f7673fd7] -> nt!IofCallDriver -> [0x86d15948]
22:38:30.937 5 PCTCore.sys[f72fb82d] -> nt!IofCallDriver -> \Device\00000067[0x86d85f18]
22:38:30.937 7 ACPI.sys[f74ea620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86d92940]
22:38:31.921 AVAST engine scan C:\WINDOWS
22:38:48.140 AVAST engine scan C:\WINDOWS\system32
22:40:59.421 AVAST engine scan C:\WINDOWS\system32\drivers
22:41:19.203 AVAST engine scan C:\Documents and Settings\Mary Forgione
22:43:39.031 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mary Forgione\My Documents\MBR.dat"
22:43:39.046 The log file has been saved successfully to "C:\Documents and Settings\Mary Forgione\My Documents\aswMBR.txt"


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Mary Forgione at 22:48:03 on 2012-06-13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.384 [GMT -4:00]
.
AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Protector by IB\ExtensionUpdaterService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1196384047\ee\AOLSoftware.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Microsoft Works\wkgdcach.exe
C:\Program Files\Microsoft Works\WksWP.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Windows Internet Explorer provided by Yahoo!
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
uURLSearchHooks: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\my.freeze.com netassistant\NetAssistant.dll
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PriceGongBHO Class: {1631550f-191d-4826-b069-d9439253d926} - c:\program files\pricegong\2.1.0\PriceGongIE.dll
BHO: Shop to Win 2: {20fec4e7-f7b7-438b-8191-33d2efc5ebea} - c:\program files\shop to win 2\ShoppingBHO.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Protector by IB: {336d0c35-8a85-403a-b9d2-65c292c39087} - c:\program files\protector by ib\Extension32.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\my.freeze.com netassistant\NetAssistant.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Media Finder] "c:\program files\media finder\MF.exe" /opentotray
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
mRun: [HostManager] c:\program files\common files\aol\1196384047\ee\AOLSoftware.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [ISTray] "c:\program files\pc tools\pc tools security\pctsGui.exe" /hideGUI
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: &Dictionary - http://files.db3nf.com/scripts/ie.htm
IE: &Encyclopedia - http://files.db3nf.com/scripts/ie-e.htm
IE: Download with &Media Finder - c:\program files\media finder\hook.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
LSP: mswsock.dll
Trusted Zone: motive.com\patttbc.att
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
TCP: DhcpNameServer = 167.206.251.130 167.206.251.129
TCP: Interfaces\{039BC112-797C-492E-B17E-B2194D804BFC} : DhcpNameServer = 167.206.251.130 167.206.251.129
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-6-9 383368]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-6-9 342168]
R1 MpKslf6737c92;MpKslf6737c92;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e0d84cf4-9707-41f5-ac29-25b5e9f70ee6}\MpKslf6737c92.sys [2012-6-13 29904]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-6-9 203088]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-10-29 587096]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools\pc tools security\bdt\BDTUpdateService.exe [2012-6-9 575416]
R2 Protector by IB Updater;Protector by IB Updater;c:\program files\protector by ib\ExtensionUpdaterService.exe [2012-4-25 185856]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools\pc tools security\pctsAuxs.exe [2012-6-9 402336]
R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools\pc tools security\pctsSvc.exe [2012-6-9 1118648]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2012-6-9 70736]
S1 axijmkwc;axijmkwc;\??\c:\windows\system32\drivers\axijmkwc.sys --> c:\windows\system32\drivers\axijmkwc.sys [?]
S1 frahugpl;frahugpl;\??\c:\windows\system32\drivers\frahugpl.sys --> c:\windows\system32\drivers\frahugpl.sys [?]
S1 gghcyyvs;gghcyyvs;\??\c:\windows\system32\drivers\gghcyyvs.sys --> c:\windows\system32\drivers\gghcyyvs.sys [?]
S1 msgxxslg;msgxxslg;\??\c:\windows\system32\drivers\msgxxslg.sys --> c:\windows\system32\drivers\msgxxslg.sys [?]
S1 ooertbom;ooertbom;\??\c:\windows\system32\drivers\ooertbom.sys --> c:\windows\system32\drivers\ooertbom.sys [?]
S1 tbdjgeud;tbdjgeud;\??\c:\windows\system32\drivers\tbdjgeud.sys --> c:\windows\system32\drivers\tbdjgeud.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-4-24 136176]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-11-25 29744]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-4-24 136176]
.
=============== Created Last 30 ================
.
2012-06-13 13:32:10 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e0d84cf4-9707-41f5-ac29-25b5e9f70ee6}\MpKslf6737c92.sys
2012-06-13 05:07:43 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e0d84cf4-9707-41f5-ac29-25b5e9f70ee6}\offreg.dll
2012-06-12 22:12:56 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e0d84cf4-9707-41f5-ac29-25b5e9f70ee6}\mpengine.dll
2012-06-12 21:58:51 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-06-12 21:53:56 -------- d-sh--w- C:\found.000
2012-06-10 04:29:50 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-10 04:18:05 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-10 03:27:37 254912 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-06-10 03:27:33 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2012-06-10 03:27:28 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-06-10 03:25:29 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-06-10 03:25:29 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-06-10 03:25:25 383368 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-06-10 03:25:25 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-06-10 03:09:09 -------- d-----w- c:\documents and settings\mary forgione\application data\DriverCure
2012-06-10 03:09:08 -------- d-----w- c:\documents and settings\mary forgione\application data\SpeedMaxPc
2012-06-10 03:08:58 -------- d-----w- c:\documents and settings\all users\application data\SpeedMaxPc
2012-06-10 02:30:15 -------- d-----w- c:\documents and settings\mary forgione\local settings\application data\Threat Expert
2012-06-10 01:56:07 -------- d-----w- c:\program files\PC Tools
2012-06-10 01:18:56 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-06-10 01:18:56 -------- d-----w- c:\program files\common files\PC Tools
2012-06-10 01:18:37 -------- d-----w- c:\documents and settings\mary forgione\application data\TestApp
2012-06-10 01:18:37 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2012-05-26 04:13:21 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-05-26 04:13:21 215920 ----a-w- c:\windows\system32\muweb.dll
2012-05-26 04:13:21 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-25 15:01:12 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-19 18:29:05 -------- d-----w- c:\documents and settings\mary forgione\application data\RealNetworks
.
==================== Find3M ====================
.
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10:58 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35:52 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-21 00:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
============= FINISH: 22:50:04.64 ==============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 11/29/2007 7:49:39 PM
System Uptime: 6/13/2012 8:49:36 PM (2 hours ago)
.
Motherboard: Dell Inc. | | 0CU409
Processor: Intel Pentium II processor | Socket 775 | 1596/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 27.145 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1087: 3/27/2012 4:43:06 PM - Installed AVG 2012
RP1088: 3/27/2012 4:43:34 PM - Installed AVG 2012
RP1089: 3/28/2012 5:29:42 AM - Software Distribution Service 3.0
RP1090: 3/29/2012 6:38:22 AM - System Checkpoint
RP1091: 3/30/2012 6:52:57 AM - System Checkpoint
RP1092: 3/31/2012 8:23:38 AM - System Checkpoint
RP1093: 4/2/2012 4:44:49 PM - System Checkpoint
RP1094: 4/3/2012 5:01:35 PM - System Checkpoint
RP1095: 4/4/2012 7:02:41 PM - System Checkpoint
RP1096: 4/5/2012 9:01:37 PM - System Checkpoint
RP1097: 4/7/2012 2:44:55 AM - System Checkpoint
RP1098: 4/8/2012 3:20:01 AM - System Checkpoint
RP1099: 4/9/2012 3:21:43 AM - System Checkpoint
RP1100: 4/10/2012 4:20:47 AM - System Checkpoint
RP1101: 4/11/2012 8:14:09 AM - System Checkpoint
RP1102: 4/12/2012 3:00:15 AM - Software Distribution Service 3.0
RP1103: 4/13/2012 1:38:37 PM - System Checkpoint
RP1104: 4/14/2012 3:10:52 PM - System Checkpoint
RP1105: 4/15/2012 3:37:05 PM - System Checkpoint
RP1106: 4/16/2012 5:01:20 PM - System Checkpoint
RP1107: 4/17/2012 5:37:17 PM - System Checkpoint
RP1108: 4/17/2012 8:30:06 PM - Installed QuickTime
RP1109: 4/18/2012 9:31:45 PM - System Checkpoint
RP1110: 4/19/2012 10:56:47 PM - System Checkpoint
RP1111: 4/20/2012 11:31:43 PM - System Checkpoint
RP1112: 4/22/2012 1:21:40 AM - System Checkpoint
RP1113: 4/23/2012 3:21:40 AM - System Checkpoint
RP1114: 4/24/2012 10:39:20 AM - System Checkpoint
RP1115: 4/24/2012 8:54:29 PM - avast! Free Antivirus Setup
RP1116: 4/25/2012 11:03:12 PM - System Checkpoint
RP1117: 4/26/2012 11:37:47 PM - System Checkpoint
RP1118: 4/28/2012 12:18:34 AM - System Checkpoint
RP1119: 4/29/2012 1:35:04 AM - System Checkpoint
RP1120: 4/30/2012 3:35:04 AM - System Checkpoint
RP1121: 5/1/2012 5:09:20 PM - System Checkpoint
RP1122: 5/2/2012 6:50:22 PM - System Checkpoint
RP1123: 5/3/2012 8:50:22 PM - System Checkpoint
RP1124: 5/4/2012 9:52:13 PM - System Checkpoint
RP1125: 5/5/2012 11:52:13 PM - System Checkpoint
RP1126: 5/7/2012 2:24:59 AM - System Checkpoint
RP1127: 5/8/2012 3:19:52 AM - System Checkpoint
RP1128: 5/9/2012 5:19:57 AM - System Checkpoint
RP1129: 5/10/2012 3:00:14 AM - Software Distribution Service 3.0
RP1130: 5/11/2012 3:22:32 AM - System Checkpoint
RP1131: 5/12/2012 5:22:32 AM - System Checkpoint
RP1132: 5/13/2012 10:26:31 PM - System Checkpoint
RP1133: 5/15/2012 2:32:51 AM - System Checkpoint
RP1134: 5/16/2012 3:26:56 AM - System Checkpoint
RP1135: 5/17/2012 5:26:57 AM - System Checkpoint
RP1136: 5/18/2012 7:30:09 AM - System Checkpoint
RP1137: 5/19/2012 7:54:20 AM - System Checkpoint
RP1138: 5/20/2012 9:54:20 AM - System Checkpoint
RP1139: 5/21/2012 12:14:00 PM - System Checkpoint
RP1140: 5/22/2012 3:13:10 PM - System Checkpoint
RP1141: 5/23/2012 10:23:17 PM - System Checkpoint
RP1142: 5/25/2012 10:45:01 AM - avast! Free Antivirus Setup
RP1143: 5/25/2012 10:51:41 AM - Removed AVG 2012
RP1144: 5/25/2012 10:53:10 AM - Removed AVG 2012
RP1145: 5/25/2012 11:01:12 AM - Software Distribution Service 3.0
RP1146: 5/26/2012 3:00:16 AM - Software Distribution Service 3.0
RP1147: 5/27/2012 1:48:00 AM - Software Distribution Service 3.0
RP1148: 5/27/2012 9:40:36 AM - Software Distribution Service 3.0
RP1149: 5/28/2012 9:41:42 AM - Software Distribution Service 3.0
RP1150: 5/29/2012 9:40:45 AM - Software Distribution Service 3.0
RP1151: 5/30/2012 9:40:55 AM - Software Distribution Service 3.0
RP1152: 5/31/2012 9:40:59 AM - Software Distribution Service 3.0
RP1153: 6/1/2012 9:41:06 AM - Software Distribution Service 3.0
RP1154: 6/2/2012 9:40:58 AM - Software Distribution Service 3.0
RP1155: 6/3/2012 1:46:43 AM - Software Distribution Service 3.0
RP1156: 6/3/2012 9:40:57 AM - Software Distribution Service 3.0
RP1157: 6/4/2012 3:00:24 AM - Software Distribution Service 3.0
RP1158: 6/5/2012 3:22:44 AM - System Checkpoint
RP1159: 6/5/2012 3:30:11 AM - Software Distribution Service 3.0
RP1160: 6/5/2012 4:26:57 PM - Software Distribution Service 3.0
RP1161: 6/6/2012 4:26:44 PM - Software Distribution Service 3.0
RP1162: 6/7/2012 4:26:40 PM - Software Distribution Service 3.0
RP1163: 6/8/2012 4:26:40 PM - Software Distribution Service 3.0
RP1164: 6/9/2012 4:27:46 PM - Software Distribution Service 3.0
RP1165: 6/10/2012 12:35:21 AM - Software Distribution Service 3.0
RP1166: 6/10/2012 2:38:48 AM - Software Distribution Service 3.0
RP1167: 6/11/2012 9:23:21 AM - System Checkpoint
RP1168: 6/11/2012 10:02:49 AM - Software Distribution Service 3.0
RP1169: 6/12/2012 5:42:00 PM - Software Distribution Service 3.0
RP1170: 6/12/2012 6:12:28 PM - Software Distribution Service 3.0
RP1171: 6/13/2012 2:54:22 PM - System Checkpoint
RP1172: 6/13/2012 9:26:23 PM - System Checkpoint
.
==== Installed Programs ======================
.
.
µTorrent
5600
5600_Help
5600Trb
Ad-Aware 2007
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
AiO_Scan
AiOSoftware
AOL Registration
AOL Toolbar 5.0
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Software Update
AT&T Internet Security Wizard 1.5.11
AT&T Self Support Tool
Browser Address Error Redirector
Browser Guard 4.0
BufferChm
Conexant D850 56K V.9x DFVc Modem
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CustomerResearchQFolder
Dell Driver Reset Tool
Dell Network Assistant
Dell Support Center
DellSupport
Destinations
DeviceManagementQFolder
Dictionary.com Toolbar
Dictionary.com Toolbar Updater
Digital Line Detect
DocProc
eSupportQFolder
Fax
Final Media Player 2010
Google Chrome
Google Desktop
Google Earth
Google Update Helper
HP Extended Capabilities 5.3
HP Image Zone Express
HP Imaging Device Functions 5.3
HP Product Assistant
HP PSC & OfficeJet 5.3.B
HP Solution Center & Imaging Support Tools 5.3
HP Update
HPProductAssistant
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 12.1.8.0
J2SE Runtime Environment 5.0 Update 6
K-Lite Codec Pack 8.7.0 (Basic)
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Security Client
Microsoft Security Essentials
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Modem Diagnostic Tool
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
My.Freeze.com NetAssistant
NetWaiting
NewCopy
PowerDVD
PriceGong 2.1.0
ProductContext
Protector by IB 2.0.0.426
QualxServ Service Agreement
QuickTime
Readme
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Scan
ScannerCopy
SearchAssist
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Shop to Win 2
SolutionCenter
Sonic Activation Module
Status
TrayApp
Unload
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2718704)
Viewpoint Media Player
WeatherBug
WebFldrs XP
WebReg
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
6/13/2012 9:34:10 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
6/13/2012 9:02:28 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.1867.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80072efd Error description: A connection with the server could not be established
6/13/2012 8:59:01 PM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 861f6d78, parameter3 861f6eec, parameter4 805c863c.
6/13/2012 7:57:48 PM, error: Srv [2019] - The server was unable to allocate from the system nonpaged pool because the pool was empty.
6/13/2012 7:57:11 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'change.log' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
6/13/2012 7:57:02 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: Insufficient system resources exist to complete the requested service. .
6/13/2012 7:57:02 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Real\RealPlayer\update\setu3270.dll. Reference error message: The operation completed successfully. .
6/13/2012 7:55:03 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls. Reference error message: Insufficient system resources exist to complete the requested service. .
6/13/2012 7:55:03 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\WININET.dll. Reference error message: The operation completed successfully. .
6/13/2012 7:55:03 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\urlmon.dll. Reference error message: The operation completed successfully. .
6/13/2012 2:23:33 PM, error: PCTCore [280] -
6/13/2012 2:19:15 PM, error: System Error [1003] - Error code c000021a, parameter1 e75c8138, parameter2 c0000006, parameter3 7e79c7d9, parameter4 0127e224.
6/12/2012 6:34:35 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
6/12/2012 5:56:32 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
6/12/2012 5:55:00 PM, error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070003 Error description: The system cannot find the path specified. Signature version: 1.127.1752.0;1.127.1752.0 Engine version: 1.1.8403.0
.
==== End Of File =========================

Welcome aboard https://discussions.virtualdr.com/

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===========================================================

Your MBAM log says "No action taken".
Re-run MBAM, fix all issues and post new log.

You're running two AV programs, AVG and MSE.
One of them has to go.
If AVG use AVG Remover to uninstall it: http://www.avg.com/us-en/utilities

When done....

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

• Double-click on the Rkill icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

I cannot access my firewall on control panel. should I do anythng about that at this time.

I want to delete a trial version of pc tools spyware doctor but it is not on the list of add remove programs and there is no uninstall. If you could recommend something.

I uninstalled avg but I guess I didn't get it all. which remover should I use 32 or 64 bit

Your computer is 32-bit.

Don't worry about Windows firewall for now.

I don;t think avg remover is running heres the log from the most recent attempt. it s large ans i may need two responses to get it all the log is 131000 and the reply limit is 50ooo pleas advise. heres the first third or so

2012-06-20 02:49:32,343 INFO AvgRemover 2012.0.5
-------------------------------------------------------
2012-06-20 02:49:32,343 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
2012-06-20 02:49:32,343 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
2012-06-20 02:49:32,343 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:ProgramFilesDir (x86) value failed (error: e001003d)
2012-06-20 02:49:32,343 INFO Command line: "C:\Documents and Settings\Mary Forgione\Desktop\avg_remover_stf_x86_2012_2125.exe"
2012-06-20 02:49:32,343 WARN AvgDir param empty.
2012-06-20 02:49:32,343 WARN AvgDataDir param empty, but Remover found AvgDataDir at 'C:\Documents and Settings\All Users\Application Data\AVG2012', use this path as default.
2012-06-20 02:49:34,031 INFO AvgRemover runs in attempt number 1
2012-06-20 02:49:34,031 INFO Attempting to unregister AVG from the Windows Security Center.
2012-06-20 02:49:34,046 INFO Attempting to uninstall AVG Identity Protection.
2012-06-20 02:49:34,265 INFO Attempting to uninstall toolbar
2012-06-20 02:49:34,265 INFO ***** Msi data *****
2012-06-20 02:49:34,265 DEBUG No product code found for our upgrade codes, nothing to do here
2012-06-20 02:49:34,265 INFO ***** Exchange&Outlook plugins data *****
2012-06-20 02:49:34,265 INFO Removing AvgOutlook addin
2012-06-20 02:49:34,265 INFO AvgOutlook Removing HKCR addin keys x86
2012-06-20 02:49:34,265 DEBUG Failed to delete key 'avgoutlook.Addin': 0xe001003d
2012-06-20 02:49:34,265 DEBUG Failed to delete key 'avgoutlook.Addin.1': 0xe001003d
2012-06-20 02:49:34,265 DEBUG Failed to delete key 'CLSID\{9F39046C-801E-4E15-8CD9-ACF0ACF29048}': 0xe001003d
2012-06-20 02:49:34,265 DEBUG Failed to delete key 'CLSID\{F083C5AB-08AD-4ABF-A2BE-8FA5C7D2F10A}': 0xe001003d
2012-06-20 02:49:34,265 DEBUG Failed to delete key 'AppID\avgoutlook.DLL': 0xe001003d
2012-06-20 02:49:34,265 INFO AvgOutlook Removing HKCR addin keys x64
2012-06-20 02:49:34,265 DEBUG Failed to delete key 'avgoutlook.Addin': 0xe001003d
2012-06-20 02:49:34,265 DEBUG Failed to delete key 'avgoutlook.Addin.1': 0xe001003d
2012-06-20 02:49:34,265 DEBUG Failed to delete key 'CLSID\{9F39046C-801E-4E15-8CD9-ACF0ACF29048}': 0xe001003d
2012-06-20 02:49:34,265 DEBUG Failed to delete key 'CLSID\{F083C5AB-08AD-4ABF-A2BE-8FA5C7D2F10A}': 0xe001003d
2012-06-20 02:49:34,265 DEBUG Failed to delete key 'AppID\avgoutlook.DLL': 0xe001003d
2012-06-20 02:49:34,265 INFO Removing Sharepoint plugin if exists
2012-06-20 02:49:34,265 DEBUG Failed to open key 'Software\Microsoft\Shared Tools\Web Server Extensions\AVScanner': 0xe0010013
2012-06-20 02:49:34,265 DEBUG Failed to open key 'Software\Microsoft\Shared Tools\Web Server Extensions\AVScanner': 0xe0010013
2012-06-20 02:49:34,265 INFO Removing Antispam plugin for Exchange 2000/2003 if exists
2012-06-20 02:49:34,265 DEBUG Stopping service 'MSExchangeIS' to remove VSAPI plugin...
2012-06-20 02:49:34,265 DEBUG Service MSExchangeIS Stop failed (error: c0070424)
2012-06-20 02:49:34,265 DEBUG Exchange&Outlook plugins removal failed with error 0xc0070424
2012-06-20 02:49:34,265 INFO ***** Services *****
2012-06-20 02:49:34,265 INFO Processing service avg8emc, it can take several minutes...
2012-06-20 02:49:34,281 INFO Service avg8emc is not installed
2012-06-20 02:49:34,281 DEBUG Service avg8emc RegCleanup
2012-06-20 02:49:34,281 DEBUG Registry keys for service avg8emc are not present
2012-06-20 02:49:34,281 INFO Processing service avgfws8, it can take several minutes...
2012-06-20 02:49:34,281 INFO Service avgfws8 is not installed
2012-06-20 02:49:34,281 DEBUG Service avgfws8 RegCleanup
2012-06-20 02:49:34,281 DEBUG Registry keys for service avgfws8 are not present
2012-06-20 02:49:34,281 INFO Processing service avg8wd, it can take several minutes...
2012-06-20 02:49:34,281 INFO Service avg8wd is not installed
2012-06-20 02:49:34,281 DEBUG Service avg8wd RegCleanup
2012-06-20 02:49:34,281 DEBUG Registry keys for service avg8wd are not present
2012-06-20 02:49:34,281 INFO Processing service AvgWFPx, it can take several minutes...
2012-06-20 02:49:34,281 INFO Service AvgWFPx is not installed
2012-06-20 02:49:34,281 DEBUG Service AvgWFPx RegCleanup
2012-06-20 02:49:34,281 DEBUG Registry keys for service AvgWFPx are not present
2012-06-20 02:49:34,281 INFO Processing service AvgWFPa, it can take several minutes...
2012-06-20 02:49:34,281 INFO Service AvgWFPa is not installed
2012-06-20 02:49:34,281 DEBUG Service AvgWFPa RegCleanup
2012-06-20 02:49:34,281 DEBUG Registry keys for service AvgWFPa are not present
2012-06-20 02:49:34,281 INFO Processing service avg9wd, it can take several minutes...
2012-06-20 02:49:34,281 INFO Service avg9wd is not installed
2012-06-20 02:49:34,281 DEBUG Service avg9wd RegCleanup
2012-06-20 02:49:34,281 DEBUG Registry keys for service avg9wd are not present
2012-06-20 02:49:34,281 INFO Processing service AvgMfx86, it can take several minutes...
2012-06-20 02:49:34,281 INFO Service AvgMfx86 is not installed
2012-06-20 02:49:34,296 DEBUG Service AvgMfx86 RegCleanup
2012-06-20 02:49:34,296 DEBUG Registry keys for service AvgMfx86 are not present
2012-06-20 02:49:34,296 INFO Processing service AvgMfx64, it can take several minutes...
2012-06-20 02:49:34,296 INFO Service AvgMfx64 is not installed
2012-06-20 02:49:34,296 DEBUG Service AvgMfx64 RegCleanup
2012-06-20 02:49:34,296 DEBUG Registry keys for service AvgMfx64 are not present
2012-06-20 02:49:34,296 INFO Processing service AvgLdx86, it can take several minutes...
2012-06-20 02:49:34,296 INFO Service AvgLdx86 is not installed
2012-06-20 02:49:34,296 DEBUG Service AvgLdx86 RegCleanup
2012-06-20 02:49:34,296 DEBUG Registry keys for service AvgLdx86 are not present
2012-06-20 02:49:34,296 INFO Processing service AvgLdx64, it can take several minutes...
2012-06-20 02:49:34,296 INFO Service AvgLdx64 is not installed
2012-06-20 02:49:34,296 DEBUG Service AvgLdx64 RegCleanup
2012-06-20 02:49:34,296 DEBUG Registry keys for service AvgLdx64 are not present
2012-06-20 02:49:34,296 INFO Processing service AvgTdiX, it can take several minutes...
2012-06-20 02:49:34,296 INFO Service AvgTdiX is not installed
2012-06-20 02:49:34,296 DEBUG Service AvgTdiX RegCleanup
2012-06-20 02:49:34,296 DEBUG Registry keys for service AvgTdiX are not present
2012-06-20 02:49:34,296 INFO Processing service AvgTdiA, it can take several minutes...
2012-06-20 02:49:34,296 INFO Service AvgTdiA is not installed
2012-06-20 02:49:34,296 DEBUG Service AvgTdiA RegCleanup
2012-06-20 02:49:34,296 DEBUG Registry keys for service AvgTdiA are not present
2012-06-20 02:49:34,296 INFO Processing service AvgWfpX, it can take several minutes...
2012-06-20 02:49:34,312 INFO Service AvgWfpX is not installed
2012-06-20 02:49:34,312 DEBUG Service AvgWfpX RegCleanup
2012-06-20 02:49:34,312 DEBUG Registry keys for service AvgWfpX are not present
2012-06-20 02:49:34,312 INFO Processing service AvgWfpA, it can take several minutes...
2012-06-20 02:49:34,312 INFO Service AvgWfpA is not installed
2012-06-20 02:49:34,312 DEBUG Service AvgWfpA RegCleanup
2012-06-20 02:49:34,312 DEBUG Registry keys for service AvgWfpA are not present
2012-06-20 02:49:34,312 INFO Processing service AvgRkx86, it can take several minutes...
2012-06-20 02:49:34,312 INFO Service AvgRkx86 is not installed
2012-06-20 02:49:34,312 DEBUG Service AvgRkx86 RegCleanup
2012-06-20 02:49:34,312 DEBUG Registry keys for service AvgRkx86 are not present
2012-06-20 02:49:34,312 INFO Processing service AvgRkx64, it can take several minutes...
2012-06-20 02:49:34,312 INFO Service AvgRkx64 is not installed
2012-06-20 02:49:34,312 DEBUG Service AvgRkx64 RegCleanup
2012-06-20 02:49:34,312 DEBUG Registry keys for service AvgRkx64 are not present
2012-06-20 02:49:34,312 INFO Processing service avg9emc, it can take several minutes...
2012-06-20 02:49:34,312 INFO Service avg9emc is not installed
2012-06-20 02:49:34,312 DEBUG Service avg9emc RegCleanup
2012-06-20 02:49:34,312 DEBUG Registry keys for service avg9emc are not present
2012-06-20 02:49:34,312 INFO Processing service avgfws9, it can take several minutes...
2012-06-20 02:49:34,312 INFO Service avgfws9 is not installed
2012-06-20 02:49:34,312 DEBUG Service avgfws9 RegCleanup
2012-06-20 02:49:34,312 DEBUG Registry keys for service avgfws9 are not present
2012-06-20 02:49:34,312 INFO Processing service avgfws, it can take several minutes...
2012-06-20 02:49:34,312 INFO Service avgfws is not installed
2012-06-20 02:49:34,312 DEBUG Service avgfws RegCleanup
2012-06-20 02:49:34,328 DEBUG Registry keys for service avgfws are not present
2012-06-20 02:49:34,328 INFO Processing service AVGIDSAgent, it can take several minutes...
2012-06-20 02:49:34,328 INFO Service AVGIDSAgent is not installed
2012-06-20 02:49:34,328 DEBUG Service AVGIDSAgent RegCleanup
2012-06-20 02:49:34,328 DEBUG Registry keys for service AVGIDSAgent are not present
2012-06-20 02:49:34,328 INFO Processing service AVGIDSWatcher, it can take several minutes...
2012-06-20 02:49:34,328 INFO Service AVGIDSWatcher is not installed
2012-06-20 02:49:34,328 DEBUG Service AVGIDSWatcher RegCleanup
2012-06-20 02:49:34,328 DEBUG Registry keys for service AVGIDSWatcher are not present
2012-06-20 02:49:34,328 INFO Processing service AVGIDSShimxpx, it can take several minutes...
2012-06-20 02:49:34,328 INFO Service AVGIDSShimxpx is not installed
2012-06-20 02:49:34,328 DEBUG Service AVGIDSShimxpx RegCleanup
2012-06-20 02:49:34,328 DEBUG Registry keys for service AVGIDSShimxpx are not present
2012-06-20 02:49:34,328 INFO Processing service AVGIDSFilterxpx, it can take several minutes...
2012-06-20 02:49:34,328 INFO Service AVGIDSFilterxpx is not installed
2012-06-20 02:49:34,328 DEBUG Service AVGIDSFilterxpx RegCleanup
2012-06-20 02:49:34,328 DEBUG Registry keys for service AVGIDSFilterxpx are not present
2012-06-20 02:49:34,328 INFO Processing service AVGIDSDriverxpx, it can take several minutes...
2012-06-20 02:49:34,328 INFO Service AVGIDSDriverxpx is not installed
2012-06-20 02:49:34,328 DEBUG Service AVGIDSDriverxpx RegCleanup
2012-06-20 02:49:34,328 DEBUG Registry keys for service AVGIDSDriverxpx are not present
2012-06-20 02:49:34,328 INFO Processing service AVGIDSShimvtx, it can take several minutes...
2012-06-20 02:49:34,328 INFO Service AVGIDSShimvtx is not installed
2012-06-20 02:49:34,328 DEBUG Service AVGIDSShimvtx RegCleanup
2012-06-20 02:49:34,328 DEBUG Registry keys for service AVGIDSShimvtx are not present
2012-06-20 02:49:34,328 INFO Processing service AVGIDSFiltervtx, it can take several minutes...
2012-06-20 02:49:34,343 INFO Service AVGIDSFiltervtx is not installed
2012-06-20 02:49:34,343 DEBUG Service AVGIDSFiltervtx RegCleanup
2012-06-20 02:49:34,343 DEBUG Registry keys for service AVGIDSFiltervtx are not present
2012-06-20 02:49:34,343 INFO Processing service AVGIDSDrivervtx, it can take several minutes...
2012-06-20 02:49:34,343 INFO Service AVGIDSDrivervtx is not installed
2012-06-20 02:49:34,343 DEBUG Service AVGIDSDrivervtx RegCleanup
2012-06-20 02:49:34,343 DEBUG Registry keys for service AVGIDSDrivervtx are not present
2012-06-20 02:49:34,343 INFO Processing service AVGIDSFiltervta, it can take several minutes...
2012-06-20 02:49:34,343 INFO Service AVGIDSFiltervta is not installed
2012-06-20 02:49:34,343 DEBUG Service AVGIDSFiltervta RegCleanup
2012-06-20 02:49:34,343 DEBUG Registry keys for service AVGIDSFiltervta are not present
2012-06-20 02:49:34,343 INFO Processing service AVGIDSDrivervta, it can take several minutes...
2012-06-20 02:49:34,343 INFO Service AVGIDSDrivervta is not installed
2012-06-20 02:49:34,343 DEBUG Service AVGIDSDrivervta RegCleanup
2012-06-20 02:49:34,343 DEBUG Registry keys for service AVGIDSDrivervta are not present
2012-06-20 02:49:34,343 INFO Processing service AVGIDSShimw7x, it can take several minutes...
2012-06-20 02:49:34,343 INFO Service AVGIDSShimw7x is not installed
2012-06-20 02:49:34,343 DEBUG Service AVGIDSShimw7x RegCleanup
2012-06-20 02:49:34,343 DEBUG Registry keys for service AVGIDSShimw7x are not present
2012-06-20 02:49:34,343 INFO Processing service AVGIDSFilterw7x, it can take several minutes...
2012-06-20 02:49:34,343 INFO Service AVGIDSFilterw7x is not installed
2012-06-20 02:49:34,343 DEBUG Service AVGIDSFilterw7x RegCleanup
2012-06-20 02:49:34,343 DEBUG Registry keys for service AVGIDSFilterw7x are not present
2012-06-20 02:49:34,343 INFO Processing service AVGIDSDriverw7x, it can take several minutes...
2012-06-20 02:49:34,359 INFO Service AVGIDSDriverw7x is not installed
2012-06-20 02:49:34,359 DEBUG Service AVGIDSDriverw7x RegCleanup
2012-06-20 02:49:34,359 DEBUG Registry keys for service AVGIDSDriverw7x are not present
2012-06-20 02:49:34,359 INFO Processing service AVGIDSFilterw7a, it can take several minutes...
2012-06-20 02:49:34,359 INFO Service AVGIDSFilterw7a is not installed
2012-06-20 02:49:34,359 DEBUG Service AVGIDSFilterw7a RegCleanup
2012-06-20 02:49:34,359 DEBUG Registry keys for service AVGIDSFilterw7a are not present
2012-06-20 02:49:34,359 INFO Processing service AVGIDSDriverw7a, it can take several minutes...
2012-06-20 02:49:34,359 INFO Service AVGIDSDriverw7a is not installed
2012-06-20 02:49:34,359 DEBUG Service AVGIDSDriverw7a RegCleanup
2012-06-20 02:49:34,359 DEBUG Registry keys for service AVGIDSDriverw7a are not present
2012-06-20 02:49:34,359 INFO Processing service AVGIDSErHrxpx, it can take several minutes...
2012-06-20 02:49:34,359 INFO Service AVGIDSErHrxpx is not installed
2012-06-20 02:49:34,359 DEBUG Service AVGIDSErHrxpx RegCleanup
2012-06-20 02:49:34,359 DEBUG Registry keys for service AVGIDSErHrxpx are not present
2012-06-20 02:49:34,359 INFO Processing service AVGIDSErHrvtx, it can take several minutes...
2012-06-20 02:49:34,359 INFO Service AVGIDSErHrvtx is not installed
2012-06-20 02:49:34,359 DEBUG Service AVGIDSErHrvtx RegCleanup
2012-06-20 02:49:34,359 DEBUG Registry keys for service AVGIDSErHrvtx are not present
2012-06-20 02:49:34,359 INFO Processing service AVGIDSErHrvta, it can take several minutes...
2012-06-20 02:49:34,359 INFO Service AVGIDSErHrvta is not installed
2012-06-20 02:49:34,359 DEBUG Service AVGIDSErHrvta RegCleanup
2012-06-20 02:49:34,359 DEBUG Registry keys for service AVGIDSErHrvta are not present
2012-06-20 02:49:34,359 INFO Processing service AVGIDSErHrw7x, it can take several minutes...
2012-06-20 02:49:34,359 INFO Service AVGIDSErHrw7x is not installed
2012-06-20 02:49:34,359 DEBUG Service AVGIDSErHrw7x RegCleanup
2012-06-20 02:49:34,375 DEBUG Registry keys for service AVGIDSErHrw7x are not present
2012-06-20 02:49:34,375 INFO Processing service AVGIDSErHrw7a, it can take several minutes...
2012-06-20 02:49:34,375 INFO Service AVGIDSErHrw7a is not installed
2012-06-20 02:49:34,375 DEBUG Service AVGIDSErHrw7a RegCleanup
2012-06-20 02:49:34,375 DEBUG Registry keys for service AVGIDSErHrw7a are not present
2012-06-20 02:49:34,375 INFO Processing service avgwd, it can take several minutes...
2012-06-20 02:49:34,375 INFO Service avgwd is not installed
2012-06-20 02:49:34,375 DEBUG Service avgwd RegCleanup
2012-06-20 02:49:34,375 DEBUG Registry keys for service avgwd are not present
2012-06-20 02:49:34,375 INFO ***** Avg Fw NDIS driver(separate process) *****
2012-06-20 02:49:34,468 INFO AvgRemover 2012.0.5
-------------------------------------------------------
2012-06-20 02:49:34,468 DEBUG Deleting stuck RunOnce value from registry.
2012-06-20 02:49:34,468 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
2012-06-20 02:49:34,468 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
2012-06-20 02:49:34,468 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:ProgramFilesDir (x86) value failed (error: e001003d)
2012-06-20 02:49:34,468 INFO Command line: "C:\Documents and Settings\Mary Forgione\Desktop\avg_remover_stf_x86_2012_2125.exe" /ndisonly /skipask
2012-06-20 02:49:34,468 WARN AvgDir param empty.
2012-06-20 02:49:34,468 WARN AvgDataDir param empty, but Remover found AvgDataDir at 'C:\Documents and Settings\All Users\Application Data\AVG2012', use this path as default.
2012-06-20 02:49:34,468 INFO AvgRemover runs in attempt number 1
2012-06-20 02:49:34,468 INFO ***** Avg Fw NDIS driver *****
2012-06-20 02:49:34,468 INFO ...this operation can take several minutes...
2012-06-20 02:49:34,484 INFO FW removing policy
2012-06-20 02:49:34,687 INFO FW NDIS driver not present
2012-06-20 02:49:34,703 DEBUG Remove NDIS driver pass, next uninstalation step is 10, old was 1
2012-06-20 02:49:34,703 INFO ***** end of Fw NDIS separated process *****
2012-06-20 02:49:34,703 INFO ***** Drivers *****
2012-06-20 02:49:34,703 INFO ***** Running AVG process *****
2012-06-20 02:49:35,437 INFO ***** Registry keys and values *****
2012-06-20 02:49:35,437 INFO Processing registry SOFTWARE\Mozilla\Firefox\Extensions
2012-06-20 02:49:35,437 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{3f963a5b-e555-4543-90e2-c3908898db71} Remove
2012-06-20 02:49:35,437 INFO Value SOFTWARE\Mozilla\Firefox\Extensions:{3f963a5b-e555-4543-90e2-c3908898db71} is not present
2012-06-20 02:49:35,437 INFO Processing registry SOFTWARE\Mozilla\Firefox\Extensions
2012-06-20 02:49:35,437 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{1d5287d1-8a92-0001-1f31-1cec198018d8} Remove
2012-06-20 02:49:35,437 INFO Value SOFTWARE\Mozilla\Firefox\Extensions:{1d5287d1-8a92-0001-1f31-1cec198018d8} is not present
2012-06-20 02:49:35,437 INFO Processing registry SOFTWARE\Mozilla\Firefox\Extensions
2012-06-20 02:49:35,437 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{1E73965B-8B48-48be-9C8D-68B920ABC1C4} Remove
2012-06-20 02:49:35,437 INFO Value SOFTWARE\Mozilla\Firefox\Extensions:{1E73965B-8B48-48be-9C8D-68B920ABC1C4} is not present
2012-06-20 02:49:35,437 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt
2012-06-20 02:49:35,437 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt ForceRemove
2012-06-20 02:49:35,437 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt not found
2012-06-20 02:49:35,437 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg9Alrt
2012-06-20 02:49:35,437 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg9Alrt ForceRemove
2012-06-20 02:49:35,437 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg9Alrt not found
2012-06-20 02:49:35,437 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg10Alrt
2012-06-20 02:49:35,437 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg10Alrt ForceRemove
2012-06-20 02:49:35,437 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg10Alrt not found
2012-06-20 02:49:35,437 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg2012Alrt
2012-06-20 02:49:35,437 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg2012Alrt ForceRemove
2012-06-20 02:49:35,453 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg2012Alrt not found
2012-06-20 02:49:35,453 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms
2012-06-20 02:49:35,453 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms ForceRemove
2012-06-20 02:49:35,453 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms not found
2012-06-20 02:49:35,453 INFO Processing registry SYSTEM\CurrentControlSet\Services\Avg
2012-06-20 02:49:35,453 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg ForceRemove
2012-06-20 02:49:35,453 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg not found
2012-06-20 02:49:35,453 INFO Processing registry SYSTEM\CurrentControlSet\Services\Avg
2012-06-20 02:49:35,453 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg ForceRemove
2012-06-20 02:49:35,453 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg not found
2012-06-20 02:49:35,453 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054}
2012-06-20 02:49:35,453 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054} ForceRemove
2012-06-20 02:49:35,453 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054} not found
2012-06-20 02:49:35,453 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2012-06-20 02:49:35,453 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2012-06-20 02:49:35,453 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2012-06-20 02:49:35,453 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Toolbar
2012-06-20 02:49:35,453 DEBUG Value SOFTWARE\Microsoft\Internet Explorer\Toolbar:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Remove
2012-06-20 02:49:35,453 INFO Value SOFTWARE\Microsoft\Internet Explorer\Toolbar:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} is not present
2012-06-20 02:49:35,453 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2012-06-20 02:49:35,453 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2012-06-20 02:49:35,453 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2012-06-20 02:49:35,453 INFO Processing registry SOFTWARE\Microsoft\Exchange\Client\Extensions
2012-06-20 02:49:35,453 DEBUG Value SOFTWARE\Microsoft\Exchange\Client\Extensions:Outlook Setup Extension Remove
2012-06-20 02:49:35,453 INFO Value SOFTWARE\Microsoft\Exchange\Client\Extensions:Outlook Setup Extension is not present
2012-06-20 02:49:35,453 INFO Processing registry SOFTWARE\Microsoft\Exchange\Client\Extensions
2012-06-20 02:49:35,453 DEBUG Value SOFTWARE\Microsoft\Exchange\Client\Extensions:AVG Exchange Extension Remove
2012-06-20 02:49:35,453 INFO Value SOFTWARE\Microsoft\Exchange\Client\Extensions:AVG Exchange Extension is not present
2012-06-20 02:49:35,453 INFO Processing registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
2012-06-20 02:49:35,453 DEBUG Value SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs Modify
2012-06-20 02:49:35,453 DEBUG Value SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs doesn't need to be modified
2012-06-20 02:49:35,453 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2012-06-20 02:49:35,468 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} Remove
2012-06-20 02:49:35,531 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} is not present
2012-06-20 02:49:35,531 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2012-06-20 02:49:35,531 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} Remove
2012-06-20 02:49:35,531 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} is not present
2012-06-20 02:49:35,531 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2012-06-20 02:49:35,531 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Remove
2012-06-20 02:49:35,546 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} is not present
2012-06-20 02:49:35,546 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2012-06-20 02:49:35,546 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Remove
2012-06-20 02:49:35,546 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} is not present
2012-06-20 02:49:35,546 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Run
2012-06-20 02:49:35,546 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG8_TRAY Remove
2012-06-20 02:49:35,546 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG8_TRAY is not present
2012-06-20 02:49:35,546 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Run
2012-06-20 02:49:35,546 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG9_TRAY Remove
2012-06-20 02:49:35,546 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG9_TRAY is not present
2012-06-20 02:49:35,546 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall
2012-06-20 02:49:35,546 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall ForceRemove
2012-06-20 02:49:35,546 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall not found
2012-06-20 02:49:35,546 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall
2012-06-20 02:49:35,546 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall ForceRemove
2012-06-20 02:49:35,546 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall not found
2012-06-20 02:49:35,546 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall
2012-06-20 02:49:35,546 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall ForceRemove
2012-06-20 02:49:35,546 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall not found
2012-06-20 02:49:35,546 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avg9LsUninstall
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avg9LsUninstall ForceRemove
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avg9LsUninstall not found
2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C} ForceRemove
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found
2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ForceRemove
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} not found
2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ForceRemove
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} not found
2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Classes\CLSID\{6E801D47-45B7-4D10-8268-DBBD5C233F82}
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\CLSID\{6E801D47-45B7-4D10-8268-DBBD5C233F82} ForceRemove
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\CLSID\{6E801D47-45B7-4D10-8268-DBBD5C233F82} not found
2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Classes\CLSID\{6E801D47-45B7-4D10-8268-DBBD5C233F82}
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\CLSID\{6E801D47-45B7-4D10-8268-DBBD5C233F82} ForceRemove
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\CLSID\{6E801D47-45B7-4D10-8268-DBBD5C233F82} not found
2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Classes\AvgDiagFile
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\AvgDiagFile ForceRemove
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\AvgDiagFile not found
2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Classes\AvgDiagFile
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\AvgDiagFile ForceRemove
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\AvgDiagFile not found
2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Classes\.avgdi
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\.avgdi ForceRemove
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\.avgdi not found
2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Classes\.avgdx
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\.avgdx ForceRemove
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\.avgdx not found
2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Classes\.avgdx
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\.avgdx ForceRemove
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\.avgdx not found
2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Classes\.avgdx
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\.avgdx ForceRemove
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\.avgdx not found
2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Classes\.avgdx
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\.avgdx ForceRemove
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\.avgdx not found
2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension not found
2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
2012-06-20 02:49:35,562 DEBUG Key SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension not found
2012-06-20 02:49:35,562 INFO Processing registry SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension not found
2012-06-20 02:49:35,578 INFO Processing registry SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG9 Shell Extension
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG9 Shell Extension ForceRemove
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG9 Shell Extension not found
2012-06-20 02:49:35,578 INFO Processing registry SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG9 Shell Extension
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG9 Shell Extension ForceRemove
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG9 Shell Extension not found
2012-06-20 02:49:35,578 INFO Processing registry SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\AVG9 Shell Extension
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\AVG9 Shell Extension ForceRemove
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\AVG9 Shell Extension not found
2012-06-20 02:49:35,578 INFO Processing registry SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\AVG9 Shell Extension
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\AVG9 Shell Extension ForceRemove
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\AVG9 Shell Extension not found
2012-06-20 02:49:35,578 INFO Processing registry SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG9 Shell Extension
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG9 Shell Extension ForceRemove
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG9 Shell Extension not found
2012-06-20 02:49:35,578 INFO Processing registry SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG9 Shell Extension
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG9 Shell Extension ForceRemove
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG9 Shell Extension not found
2012-06-20 02:49:35,578 INFO Processing registry SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner ForceRemove
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner not found
2012-06-20 02:49:35,578 INFO Processing registry SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner ForceRemove
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner not found
2012-06-20 02:49:35,578 INFO Processing registry SOFTWARE\Classes\avgsbg.state
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\avgsbg.state ForceRemove
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\avgsbg.state not found
2012-06-20 02:49:35,578 INFO Processing registry SOFTWARE\Classes\avgsbg.state
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\avgsbg.state ForceRemove
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\avgsbg.state not found
2012-06-20 02:49:35,578 INFO Processing registry SOFTWARE\Classes\avgsbg.state.1
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\avgsbg.state.1 ForceRemove
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\avgsbg.state.1 not found
2012-06-20 02:49:35,578 INFO Processing registry SOFTWARE\Classes\avgsbg.state.1
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\avgsbg.state.1 ForceRemove
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\avgsbg.state.1 not found
2012-06-20 02:49:35,578 INFO Processing registry SOFTWARE\Classes\LinkScannerIE.NavFilter
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\LinkScannerIE.NavFilter ForceRemove
2012-06-20 02:49:35,578 DEBUG Key SOFTWARE\Classes\LinkScannerIE.NavFilter not found
2012-06-20 02:49:35,578 INFO Processing registry SOFTWARE\Classes\LinkScannerIE.NavFilter
2012-06-20 02:49:35,593 DEBUG Key SOFTWARE\Classes\LinkScannerIE.NavFilter ForceRemove
2012-06-20 02:49:35,593 DEBUG Key SOFTWARE\Classes\LinkScannerIE.NavFilter not found
2012-06-20 02:49:35,593 INFO Processing registry SOFTWARE\Classes\LinkScannerIE.NavFilter.1
2012-06-20 02:49:35,593 DEBUG Key SOFTWARE\Classes\LinkScannerIE.NavFilter.1 ForceRemove
2012-06-20 02:49:35,593 DEBUG Key SOFTWARE\Classes\LinkScannerIE.NavFilter.1 not found
2012-06-20 02:49:35,593 INFO Processing registry SOFTWARE\Classes\LinkScannerIE.NavFilter.1
2012-06-20 02:49:35,593 DEBUG Key SOFTWARE\Classes\LinkScannerIE.NavFilter.1 ForceRemove
2012-06-20 02:49:35,593 DEBUG Key SOFTWARE\Classes\LinkScannerIE.NavFilter.1 not found
2012-06-20 02:49:35,593 INFO Processing registry SOFTWARE\Classes\MicroScanner.MicroScanner
2012-06-20 02:49:35,593 DEBUG Key SOFTWARE\Classes\MicroScanner.MicroScanner ForceRemove
2012-06-20 02:49:35,593 DEBUG Key SOFTWARE\Classes\MicroScanner.MicroScanner not found
2012-06-20 02:49:35,593 INFO Processing registry SOFTWARE\Classes\MicroScanner.MicroScanner
2012-06-20 02:49:35,593 DEBUG Key SOFTWARE\Classes\MicroScanner.MicroScanner ForceRemove
2012-06-20 02:49:35,593 DEBUG Key SOFTWARE\Classes\MicroScanner.MicroScanner not found
2012-06-20 02:49:35,593 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AVGSE.DLL
2012-06-20 02:49:35,593 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AVGSE.DLL ForceRemove
2012-06-20 02:49:35,593 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AVGSE.DLL not found
2012-06-20 02:49:35,593 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Run
2012-06-20 02:49:35,593 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG_TRAY Remove
2012-06-20 02:49:35,593 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG_TRAY is not present
2012-06-20 02:49:35,593 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Run
2012-06-20 02:49:35,593 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG_TRAY Remove
2012-06-20 02:49:35,593 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG_TRAY is not present
2012-06-20 02:49:35,593 INFO Processing registry SOFTWARE\Classes\AppID\avgsbg.DLL
2012-06-20 02:49:35,593 DEBUG Key SOFTWARE\Classes\AppID\avgsbg.DLL ForceRemove
2012-06-20 02:49:35,593 DEBUG Key SOFTWARE\Classes\AppID\avgsbg.DLL not found
2012-06-20 02:49:35,593 INFO Processing registry SOFTWARE\Classes\AppID\avgsbg.DLL
2012-06-20 02:49:35,609 DEBUG Key SOFTWARE\Classes\AppID\avgsbg.DLL ForceRemove
2012-06-20 02:49:35,609 DEBUG Key SOFTWARE\Classes\AppID\avgsbg.DLL not found
2012-06-20 02:49:35,609 INFO Processing registry SYSTEM\ControlSet001\Control\GroupOrderList
2012-06-20 02:49:35,609 DEBUG Value SYSTEM\ControlSet001\Control\GroupOrderList:AVG Remove
2012-06-20 02:49:35,609 INFO Value SYSTEM\ControlSet001\Control\GroupOrderList:AVG is not present
2012-06-20 02:49:35,609 INFO Processing registry SYSTEM\ControlSet001\services\Avg
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\Avg ForceRemove
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\Avg not found
2012-06-20 02:49:35,609 INFO Processing registry SYSTEM\ControlSet001\services\Avgfwfd
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\Avgfwfd ForceRemove
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\Avgfwfd not found
2012-06-20 02:49:35,609 INFO Processing registry SYSTEM\ControlSet001\services\AVG Security Toolbar Service
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\AVG Security Toolbar Service ForceRemove
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\AVG Security Toolbar Service not found
2012-06-20 02:49:35,609 INFO Processing registry SYSTEM\ControlSet001\services\Avgfws
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\Avgfws ForceRemove
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\Avgfws not found
2012-06-20 02:49:35,609 INFO Processing registry SYSTEM\ControlSet001\services\AVGIDSAgent
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\AVGIDSAgent ForceRemove
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\AVGIDSAgent not found
2012-06-20 02:49:35,609 INFO Processing registry SYSTEM\ControlSet001\services\AVGIDSDriver
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\AVGIDSDriver ForceRemove
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\AVGIDSDriver not found
2012-06-20 02:49:35,609 INFO Processing registry SYSTEM\ControlSet001\services\AVGIDSEH
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\AVGIDSEH ForceRemove
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\AVGIDSEH not found
2012-06-20 02:49:35,609 INFO Processing registry SYSTEM\ControlSet001\services\AVGIDSFilter
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\AVGIDSFilter ForceRemove
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\AVGIDSFilter not found
2012-06-20 02:49:35,609 INFO Processing registry SYSTEM\ControlSet001\services\avgldx64
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\avgldx64 ForceRemove
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\avgldx64 not found
2012-06-20 02:49:35,609 INFO Processing registry SYSTEM\ControlSet001\services\avgldx86
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\avgldx86 ForceRemove
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\avgldx86 not found
2012-06-20 02:49:35,609 INFO Processing registry SYSTEM\ControlSet001\services\avgmfx64
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\avgmfx64 ForceRemove
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\avgmfx64 not found
2012-06-20 02:49:35,609 INFO Processing registry SYSTEM\ControlSet001\services\avgmfx86
2012-06-20 02:49:35,609 DEBUG Key SYSTEM\ControlSet001\services\

Quote:

---

Your MBAM log says "No action taken".
Re-run MBAM, fix all issues and post new log.

---

Then try Revo to uninstall AVG...

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of the previous uninstall. If that is the case simply stop and let me know.

• Please download and install Revo Uninstaller Free
• Double click Revo Uninstaller to run it.
• From the list of programs double click on the program you want to remove
• When prompted if you want to uninstall click Yes.
• Be sure the Moderate option is selected then click Next.
• The program will run, If prompted again click Yes
• When the built-in uninstaller is finished click on Next
• Once the program has searched for leftovers click Next.
• Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
• When prompted click on Yes and then on Next.
• Put a check on any folders that are found and select Delete
• When prompted select Yes then Next
• Once done click Finish.

I will try to remove avg again

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.20.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Mary Forgione :: MARY [administrator]

6/20/2012 7:48:45 PM
mbam-log-2012-06-20 (19-48-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 428750
Time elapsed: 1 hour(s), 15 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Documents and Settings\All Users\Application Data\TheBflix (PUP.BFlix) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\TheBflix\data (PUP.BFlix) -> Quarantined and deleted successfully.

Files Detected: 7
C:\Documents and Settings\All Users\Application Data\TheBflix\bhoclass.dll (PUP.DownloadnSave) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\TheBflix\background.html (PUP.BFlix) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\TheBflix\content.js (PUP.BFlix) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\TheBflix\fhocdmhohpjjbaamenhbaidaoihaiflb.crx (PUP.BFlix) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\TheBflix\settings.ini (PUP.BFlix) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\TheBflix\data\content.js (PUP.BFlix) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\TheBflix\data\jsondb.js (PUP.BFlix) -> Quarantined and deleted successfully.

(end)

avg not on list

Go ahead with Combofix.

Just want to be sure. Combofix prompts me about possible danger running it with an active virus scanner. i should cliock ok and run it anyway.

Yes go ahead.

heres the log what do I do next

ComboFix 12-06-21.02 - Mary Forgione 06/21/2012 21:39:09.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.376 [GMT -4:00]
Running from: c:\documents and settings\Mary Forgione\Desktop\ComboFix.exe
AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
c:\documents and settings\Guest\Application Data\PriceGong
c:\documents and settings\Guest\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\j.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Mary Forgione\Application Data\HPSU_48BitScanUpdate.log
c:\documents and settings\Mary Forgione\Application Data\PriceGong
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Mary Forgione\Application Data\PriceGong\Data\z.xml
c:\program files\Freeze.com\My.Freeze.com NetAssistant\NeTAssistant.dll
c:\program files\Protector by IB\ExTEnsion32.dll
c:\program files\Shop to Win 2\ShOPpingbho.dll
c:\windows\Installer\{5a948e11-f431-c727-d66d-db96ce9a949e}\@
c:\windows\Installer\{5a948e11-f431-c727-d66d-db96ce9a949e}\L\00000004.@
c:\windows\Installer\{5a948e11-f431-c727-d66d-db96ce9a949e}\L\1afb2d56
c:\windows\Installer\{5a948e11-f431-c727-d66d-db96ce9a949e}\L\201d3dde
c:\windows\Installer\{5a948e11-f431-c727-d66d-db96ce9a949e}\U\00000004.@
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\7d3dafd103a8533f.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\download
c:\windows\system32\download\ispinfo.csv
.
.
((((((((((((((((((((((((( Files Created from 2012-05-22 to 2012-06-22 )))))))))))))))))))))))))))))))
.
.
2012-06-22 02:09 . 2012-06-22 02:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2012-06-21 01:48 . 2012-06-21 01:48 -------- d-----w- c:\documents and settings\Mary Forgione\Local Settings\Application Data\VS Revo Group
2012-06-21 01:48 . 2012-06-21 01:52 -------- d-----w- c:\windows\LastGood.Tmp
2012-06-21 01:48 . 2009-12-30 15:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-06-21 01:48 . 2012-06-21 01:48 -------- d-----w- c:\program files\VS Revo Group
2012-06-20 14:15 . 2012-05-08 13:40 6737808 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0A8A315-B5FE-41B7-8D01-2583DA9806BE}\mpengine.dll
2012-06-18 03:29 . 2012-05-08 13:40 6737808 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-14 03:15 . 2012-05-11 14:42 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-12 21:53 . 2012-06-12 21:53 -------- d-----w- C:\found.000
2012-06-10 04:29 . 2012-06-10 04:32 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-10 04:18 . 2012-06-10 04:18 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-10 03:27 . 2012-05-11 15:08 254912 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-06-10 03:27 . 2012-05-11 15:13 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2012-06-10 03:27 . 2012-05-11 15:14 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-06-10 03:25 . 2012-02-28 15:43 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-06-10 03:25 . 2012-02-28 15:43 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-06-10 03:25 . 2012-04-23 16:36 383368 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-06-10 03:25 . 2012-04-23 16:36 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-06-10 03:09 . 2012-06-10 03:09 -------- d-----w- c:\documents and settings\Mary Forgione\Application Data\DriverCure
2012-06-10 03:09 . 2012-06-10 03:09 -------- d-----w- c:\documents and settings\Mary Forgione\Application Data\SpeedMaxPc
2012-06-10 03:08 . 2012-06-10 06:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedMaxPc
2012-06-10 02:30 . 2012-06-10 02:30 -------- d-----w- c:\documents and settings\Mary Forgione\Local Settings\Application Data\Threat Expert
2012-06-10 01:57 . 2012-05-08 22:21 70736 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-06-10 01:57 . 2012-05-08 22:21 149432 ----a-w- c:\windows\SGDetectionTool.dll
2012-06-10 01:57 . 2012-05-08 22:21 2267064 ----a-w- c:\windows\PCTBDCore.dll
2012-06-10 01:57 . 2012-05-08 22:21 1681336 ----a-w- c:\windows\PCTBDRes.dll
2012-06-10 01:57 . 2012-05-08 22:21 767928 ----a-w- c:\windows\BDTSupport.dll
2012-06-10 01:56 . 2012-06-10 03:27 -------- d-----w- c:\program files\PC Tools
2012-06-10 01:18 . 2012-06-10 05:07 -------- d-----w- c:\program files\Common Files\PC Tools
2012-06-10 01:18 . 2012-05-11 15:14 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-06-10 01:18 . 2012-06-10 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-06-10 01:18 . 2012-06-10 01:18 -------- d-----w- c:\documents and settings\Mary Forgione\Application Data\TestApp
2012-05-26 04:13 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-05-26 04:13 . 2009-08-06 23:23 215920 ----a-w- c:\windows\system32\muweb.dll
2012-05-25 15:01 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 13:22 . 2004-08-10 17:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-08-10 17:51 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2004-08-10 17:51 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-08-10 17:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec
2012-05-08 21:47 . 2012-06-10 01:57 3488 ----a-w- c:\windows\UDB.zip
2012-05-08 21:47 . 2012-06-10 01:57 131 ----a-w- c:\windows\IDB.zip
2012-05-04 13:12 . 2004-08-10 17:51 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-04 03:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2004-08-10 18:01 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-04 19:56 . 2010-12-25 18:58 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-05-04 19:43 1519272 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-05-13 880496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files\Common Files\AOL\1196384047\ee\AOLSoftware.exe" [2010-03-08 41800]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-04-06 296056]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-05-04 1561768]
"ISTray"="c:\program files\PC Tools\PC Tools Security\pctsGui.exe" [2012-05-11 2670520]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 02:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2007-06-14 01:41 69632 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2007-10-31 17:46 50528 ----a-w- c:\program files\AOL 9.1\aol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 17:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-07-30 09:40 16384 ----a-w- c:\dell\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-24 12:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-08-30 18:11 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2010-03-08 07:27 41800 ----a-w- c:\program files\Common Files\AOL\1196384047\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-06-14 00:21 162584 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-10 00:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-06-14 00:21 142104 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-10-03 16:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 16:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW.exe]
2007-05-03 18:12 2061816 ----a-w- c:\program files\AT&T\Internet Security Wizard\ISW.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 22:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-06-14 00:21 138008 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 14:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-11-05 16:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-06-14 01:41 16132608 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 18:03 36975 ----a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
2009-12-29 14:08 1653248 ----a-r- c:\program files\AWS\WeatherBug\Weather.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/9/2012 11:25 PM 383368]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [6/9/2012 11:25 PM 342168]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [6/9/2012 9:18 PM 203088]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [6/9/2012 9:57 PM 575416]
R2 Protector by IB Updater;Protector by IB Updater;c:\program files\Protector by IB\ExtensionUpdaterService.exe [4/25/2012 8:00 PM 185856]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools\PC Tools Security\pctsAuxs.exe [6/9/2012 11:27 PM 402336]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [6/9/2012 9:57 PM 70736]
S1 axijmkwc;axijmkwc;\??\c:\windows\system32\drivers\axijmkwc.sys --> c:\windows\system32\drivers\axijmkwc.sys [?]
S1 frahugpl;frahugpl;\??\c:\windows\system32\drivers\frahugpl.sys --> c:\windows\system32\drivers\frahugpl.sys [?]
S1 gghcyyvs;gghcyyvs;\??\c:\windows\system32\drivers\gghcyyvs.sys --> c:\windows\system32\drivers\gghcyyvs.sys [?]
S1 MpKslecf76eb8;MpKslecf76eb8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1AA78B0A-723E-483F-A426-0F3F94D7B364}\MpKslecf76eb8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1AA78B0A-723E-483F-A426-0F3F94D7B364}\MpKslecf76eb8.sys [?]
S1 msgxxslg;msgxxslg;\??\c:\windows\system32\drivers\msgxxslg.sys --> c:\windows\system32\drivers\msgxxslg.sys [?]
S1 ooertbom;ooertbom;\??\c:\windows\system32\drivers\ooertbom.sys --> c:\windows\system32\drivers\ooertbom.sys [?]
S1 tbdjgeud;tbdjgeud;\??\c:\windows\system32\drivers\tbdjgeud.sys --> c:\windows\system32\drivers\tbdjgeud.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/24/2012 8:58 PM 136176]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/25/2007 6:32 PM 29744]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/24/2012 8:58 PM 136176]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [6/20/2012 9:48 PM 27064]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PCTSDInjDriver32
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-25 00:57]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-25 00:57]
.
2012-06-21 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]
.
2012-06-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3523368890-677521806-3999189474-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 21:45]
.
2012-06-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3523368890-677521806-3999189474-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 21:45]
.
2012-06-22 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-05-04 19:43]
.
2012-06-22 c:\windows\Tasks\User_Feed_Synchronization-{659CB606-EEE8-4E82-B48C-89DCB3FB84F7}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
IE: &Dictionary - http://files.db3nf.com/scripts/ie.htm
IE: &Encyclopedia - http://files.db3nf.com/scripts/ie-e.htm
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: motive.com\patttbc.att
TCP: DhcpNameServer = 167.206.251.130 167.206.251.129
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKCU-Run-Media Finder - c:\program files\Media Finder\MF.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-ATT-SST_McciTrayApp - c:\program files\ATT-SST\McciTrayApp.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-21 22:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(828)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(3768)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\PC Tools\PC Tools Security\pctsSvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-06-21 22:53:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-22 02:53
.
Pre-Run: 32,680,919,040 bytes free
Post-Run: 33,734,696,960 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 812B65A5C586EF2A5E7A6CC13F4E423B

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

---

SecCenter::
{17DDD097-36FF-435F-9E1B-52D74245D6BF}

File::
c:\windows\system32\drivers\axijmkwc.sys
c:\windows\system32\drivers\frahugpl.sys
c:\windows\system32\drivers\msgxxslg.sys
c:\windows\system32\drivers\gghcyyvs.sys
c:\windows\system32\drivers\ooertbom.sys
c:\windows\system32\drivers\tbdjgeud.sys


Folder::

Driver::
axijmkwc
frahugpl
gghcyyvs
MpKslecf76eb8
msgxxslg
ooertbom
tbdjgeud

Registry::

ClearJavaCache::

---

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

https://discussions.virtualdr.com/im.../2016/03/2.gif


6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

did as you said heres the log. what next

ComboFix 12-06-21.03 - Mary Forgione 06/22/2012 12:27:17.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.471 [GMT -4:00]
Running from: c:\documents and settings\Mary Forgione\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mary Forgione\Desktop\cfscript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\windows\system32\drivers\axijmkwc.sys"
"c:\windows\system32\drivers\frahugpl.sys"
"c:\windows\system32\drivers\gghcyyvs.sys"
"c:\windows\system32\drivers\msgxxslg.sys"
"c:\windows\system32\drivers\ooertbom.sys"
"c:\windows\system32\drivers\tbdjgeud.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MPKSLECF76EB8
-------\Service_axijmkwc
-------\Service_frahugpl
-------\Service_gghcyyvs
-------\Service_msgxxslg
-------\Service_ooertbom
-------\Service_tbdjgeud
.
.
((((((((((((((((((((((((( Files Created from 2012-05-22 to 2012-06-22 )))))))))))))))))))))))))))))))
.
.
2012-06-22 10:00 . 2012-06-22 10:01 -------- d-----w- c:\windows\LastGood.Tmp
2012-06-21 01:48 . 2012-06-21 01:48 -------- d-----w- c:\documents and settings\Mary Forgione\Local Settings\Application Data\VS Revo Group
2012-06-21 01:48 . 2009-12-30 15:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-06-21 01:48 . 2012-06-21 01:48 -------- d-----w- c:\program files\VS Revo Group
2012-06-20 14:15 . 2012-05-08 13:40 6737808 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0A8A315-B5FE-41B7-8D01-2583DA9806BE}\mpengine.dll
2012-06-18 03:29 . 2012-05-08 13:40 6737808 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-14 03:15 . 2012-05-11 14:42 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-12 21:53 . 2012-06-12 21:53 -------- d-----w- C:\found.000
2012-06-10 04:29 . 2012-06-10 04:32 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-10 04:18 . 2012-06-10 04:18 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-10 03:27 . 2012-05-11 15:08 254912 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-06-10 03:27 . 2012-05-11 15:13 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2012-06-10 03:27 . 2012-05-11 15:14 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-06-10 03:25 . 2012-02-28 15:43 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-06-10 03:25 . 2012-02-28 15:43 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-06-10 03:25 . 2012-04-23 16:36 383368 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-06-10 03:25 . 2012-04-23 16:36 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-06-10 03:09 . 2012-06-10 03:09 -------- d-----w- c:\documents and settings\Mary Forgione\Application Data\DriverCure
2012-06-10 03:09 . 2012-06-10 03:09 -------- d-----w- c:\documents and settings\Mary Forgione\Application Data\SpeedMaxPc
2012-06-10 03:08 . 2012-06-10 06:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedMaxPc
2012-06-10 02:30 . 2012-06-10 02:30 -------- d-----w- c:\documents and settings\Mary Forgione\Local Settings\Application Data\Threat Expert
2012-06-10 01:57 . 2012-05-08 22:21 70736 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-06-10 01:57 . 2012-05-08 22:21 149432 ----a-w- c:\windows\SGDetectionTool.dll
2012-06-10 01:57 . 2012-05-08 22:21 2267064 ----a-w- c:\windows\PCTBDCore.dll
2012-06-10 01:57 . 2012-05-08 22:21 1681336 ----a-w- c:\windows\PCTBDRes.dll
2012-06-10 01:57 . 2012-05-08 22:21 767928 ----a-w- c:\windows\BDTSupport.dll
2012-06-10 01:56 . 2012-06-10 03:27 -------- d-----w- c:\program files\PC Tools
2012-06-10 01:18 . 2012-06-10 05:07 -------- d-----w- c:\program files\Common Files\PC Tools
2012-06-10 01:18 . 2012-05-11 15:14 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-06-10 01:18 . 2012-06-10 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-06-10 01:18 . 2012-06-10 01:18 -------- d-----w- c:\documents and settings\Mary Forgione\Application Data\TestApp
2012-05-26 04:13 . 2012-06-02 19:18 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-26 04:13 . 2012-06-02 19:18 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-25 15:01 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 19:19 . 2007-07-31 00:18 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2007-07-31 00:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2004-08-10 18:02 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2004-08-10 18:02 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2004-08-10 18:02 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2007-07-31 00:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2007-07-31 00:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2004-08-10 18:02 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2004-08-10 18:02 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2004-08-10 17:50 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2007-07-31 00:18 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2004-08-10 18:02 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2004-08-10 18:02 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2004-08-10 17:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-08-10 17:51 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2004-08-10 17:51 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-08-10 17:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec
2012-05-08 21:47 . 2012-06-10 01:57 3488 ----a-w- c:\windows\UDB.zip
2012-05-08 21:47 . 2012-06-10 01:57 131 ----a-w- c:\windows\IDB.zip
2012-05-04 13:12 . 2004-08-10 17:51 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-04 03:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2004-08-10 18:01 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-04 19:56 . 2010-12-25 18:58 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-22_02.45.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-22 03:11 . 2012-06-22 03:11 16384 c:\windows\Temp\Perflib_Perfdata_a4c.dat
+ 2012-06-22 16:44 . 2012-06-22 16:44 16384 c:\windows\Temp\Perflib_Perfdata_77c.dat
+ 2012-06-22 10:01 . 2012-06-02 19:19 45080 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.6.7600.256\wups2.dll
+ 2012-06-22 10:01 . 2012-06-02 19:19 35864 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.6.7600.256\wups.dll
+ 2004-08-10 18:02 . 2012-06-02 19:19 35864 c:\windows\system32\dllcache\wups.dll
+ 2004-08-10 18:02 . 2012-06-02 19:19 53784 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-10 17:50 . 2012-06-02 19:19 97304 c:\windows\system32\dllcache\cdm.dll
+ 2004-08-10 18:02 . 2012-06-02 19:19 210968 c:\windows\system32\dllcache\wuweb.dll
+ 2004-08-10 18:02 . 2012-06-02 19:19 329240 c:\windows\system32\dllcache\wucltui.dll
+ 2004-08-10 18:02 . 2012-06-02 19:19 577048 c:\windows\system32\dllcache\wuapi.dll
+ 2004-08-10 18:02 . 2012-06-02 19:19 1933848 c:\windows\system32\dllcache\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-05-04 19:43 1519272 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-05-13 880496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files\Common Files\AOL\1196384047\ee\AOLSoftware.exe" [2010-03-08 41800]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-04-06 296056]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-05-04 1561768]
"ISTray"="c:\program files\PC Tools\PC Tools Security\pctsGui.exe" [2012-05-11 2670520]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 02:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2007-06-14 01:41 69632 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2007-10-31 17:46 50528 ----a-w- c:\program files\AOL 9.1\aol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 17:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-07-30 09:40 16384 ----a-w- c:\dell\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-24 12:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-08-30 18:11 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2010-03-08 07:27 41800 ----a-w- c:\program files\Common Files\AOL\1196384047\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-06-14 00:21 162584 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-10 00:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-06-14 00:21 142104 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-10-03 16:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 16:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW.exe]
2007-05-03 18:12 2061816 ----a-w- c:\program files\AT&T\Internet Security Wizard\ISW.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 22:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-06-14 00:21 138008 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 14:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-11-05 16:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-06-14 01:41 16132608 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 18:03 36975 ----a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
2009-12-29 14:08 1653248 ----a-r- c:\program files\AWS\WeatherBug\Weather.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/9/2012 11:25 PM 383368]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [6/9/2012 11:25 PM 342168]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [6/9/2012 9:18 PM 203088]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [6/9/2012 9:57 PM 575416]
R2 Protector by IB Updater;Protector by IB Updater;c:\program files\Protector by IB\ExtensionUpdaterService.exe [4/25/2012 8:00 PM 185856]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools\PC Tools Security\pctsAuxs.exe [6/9/2012 11:27 PM 402336]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [6/9/2012 9:57 PM 70736]
S1 MpKsl16804b37;MpKsl16804b37;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0A8A315-B5FE-41B7-8D01-2583DA9806BE}\MpKsl16804b37.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0A8A315-B5FE-41B7-8D01-2583DA9806BE}\MpKsl16804b37.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/24/2012 8:58 PM 136176]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/25/2007 6:32 PM 29744]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/24/2012 8:58 PM 136176]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [6/20/2012 9:48 PM 27064]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PCTSDInjDriver32
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-25 00:57]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-25 00:57]
.
2012-06-22 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]
.
2012-06-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3523368890-677521806-3999189474-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 21:45]
.
2012-06-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3523368890-677521806-3999189474-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 21:45]
.
2012-06-22 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-05-04 19:43]
.
2012-06-22 c:\windows\Tasks\User_Feed_Synchronization-{659CB606-EEE8-4E82-B48C-89DCB3FB84F7}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
IE: &Dictionary - http://files.db3nf.com/scripts/ie.htm
IE: &Encyclopedia - http://files.db3nf.com/scripts/ie-e.htm
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
Trusted Zone: motive.com\patttbc.att
TCP: DhcpNameServer = 167.206.251.130 167.206.251.129
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-22 12:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(824)
c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(2932)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\PC Tools\PC Tools Security\pctsSvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\AOL\1196384047\ee\aolupdates.exe
.
**************************************************************************
.
Completion time: 2012-06-22 12:50:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-22 16:50
ComboFix2.txt 2012-06-22 02:53
.
Pre-Run: 33,529,229,312 bytes free
Post-Run: 33,664,770,048 bytes free
.
- - End Of File - - 4B068ACC0B6330FCC2D5146B66D83DF4

Looks good.

How is computer doing?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
&#37;SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

[wrong log]

You posted Combofix log already.
Please read my previous reply.

i ran otl with the script you gave. It gets hung up and stops responding while scanning hkey_local_machine\system\current control set\control\device classes\(#'s.....

please advice. Computer is working better.

See if you can run it from safe mode.

logfile created on: 6/23/2012 11:00:10 PM - Run 1
OTL by OldTimer - Version 3.2.52.0 Folder = C:\Documents and Settings\Mary Forgione\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.11 Mb Total Physical Memory | 671.99 Mb Available Physical Memory | 66.33% Memory free
2.38 Gb Paging File | 1.90 Gb Available in Paging File | 79.67% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.45 Gb Total Space | 32.29 Gb Free Space | 43.37% Space Free | Partition Type: NTFS

Computer Name: MARY | User Name: Mary Forgione | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/23 13:24:06 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Forgione\Desktop\OTL.exe
PRC - [2012/05/11 11:13:38 | 002,670,520 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe
PRC - [2012/05/11 11:13:38 | 001,118,648 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
PRC - [2012/05/11 10:07:20 | 000,402,336 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/29 14:27:04 | 000,587,096 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/11 11:13:32 | 000,157,624 | ---- | M] () -- C:\Program Files\PC Tools\PC Tools Security\NetworkLayer\PCTCFHook.dll
MOD - [2012/05/11 11:13:12 | 000,091,576 | ---- | M] () -- C:\Program Files\PC Tools\PC Tools Security\avengine\sdkBSCtrl.dll
MOD - [2007/08/27 10:41:54 | 000,525,664 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware 2007\Update.dll
MOD - [2004/08/04 06:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/05/11 11:13:38 | 001,118,648 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012/05/11 10:07:20 | 000,402,336 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012/05/08 18:21:30 | 000,575,416 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2012/04/24 10:33:52 | 000,185,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Protector by IB\ExtensionUpdaterService.exe -- (Protector by IB Updater)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2007/10/29 14:27:04 | 000,587,096 | ---- | M] (Lavasoft AB) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/05/25 12:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) [Auto | Stopped] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2007/03/19 13:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0A8A315-B5FE-41B7-8D01-2583DA9806BE}\MpKsl16804b37.sys -- (MpKsl16804b37)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/05/11 11:14:20 | 000,203,088 | ---- | M] (PC Tools) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2012/05/08 18:21:46 | 000,070,736 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCTBD.sys -- (PCTBD)
DRV - [2012/04/23 12:36:50 | 000,383,368 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2012/02/28 11:43:00 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2008/07/28 18:26:30 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/07/28 18:26:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/06/13 21:41:44 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/05/28 22:46:08 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2007/05/28 22:46:06 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/05/28 22:46:06 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/12/18 20:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/10/05 18:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/18 14:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 14:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 14:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 14:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 14:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 14:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 14:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 14:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 11:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 11:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2004/11/22 18:36:39 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/11/22 18:36:34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6071126
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6071126
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6071126
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6071126
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
IE - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-results.com/web?q={searchTerms}&o=15868&l=dis&prt=BDIE&chn=retail&geo=US&ver=4.0.0.1550
IE - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\..\SearchScopes\{C14AC97F-ECB1-4045-A6B6-3FF164008908}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=DIC3V5&o=13736&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=D6&apn_dtid=YYYYYYYYUS&apn_uid=DA5775AE-E897-47EA-BDFE-C91D50C099E6&apn_sauid=BB92DE34-7668-4DC1-89F7-3193070440EB
IE - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6R8r2wCsPn&i=26
IE - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\..\SearchScopes\{D5926558-0B72-4932-BEC0-C3E019FB6EFA}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\..\SearchScopes\{E77AFC67-DC98-4DE2-BEEE-804A860C33C7}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\..\SearchScopes\{F907940E-C6BD-4E3B-B844-BCEA5F4674EE}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
IE - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/05 21:42:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Protector by IB\Firefox [2012/04/25 20:00:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2012/06/09 23:28:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.1.0\FF [2010/04/29 20:58:08 | 000,000,000 | ---D | M]

[2012/04/14 13:08:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mary Forgione\Application Data\Mozilla\Extensions
[2012/04/25 20:00:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: No name found = C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: No name found = C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\2.5_0\
CHR - Extension: No name found = C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: No name found = C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: No name found = C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2111_0\
CHR - Extension: No name found = C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2126_0\
CHR - Extension: No name found = C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/06/22 12:44:31 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1196384047\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-3523368890-677521806-3999189474-1006..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 5.0\resources\en-us\local\search.html ()
O8 - Extra context menu item: &Dictionary - http://files.db3nf.com/scripts/ie.htm File not found
O8 - Extra context menu item: &Encyclopedia - http://files.db3nf.com/scripts/ie-e.htm File not found
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...8f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.130 167.206.251.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{039BC112-797C-492E-B17E-B2194D804BFC}: DhcpNameServer = 167.206.251.130 167.206.251.129
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mary Forgione\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mary Forgione\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/23 13:23:47 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mary Forgione\Desktop\OTL.exe
[2012/06/22 13:00:17 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/06/21 21:28:43 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/06/21 21:25:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/06/21 21:25:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/06/21 21:25:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/06/21 21:25:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/06/20 21:48:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\VS Revo Group
[2012/06/20 21:48:48 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2012/06/20 21:48:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2012/06/20 21:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/06/20 21:47:57 | 007,902,008 | ---- | C] (VS Revo Group ) -- C:\Documents and Settings\Mary Forgione\Desktop\RevoUninProSetup.exe
[2012/06/19 22:29:49 | 001,973,368 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Mary Forgione\Desktop\avg_remover_stf_x86_2012_2125.exe
[2012/06/19 22:07:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/19 22:07:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/06/19 22:01:01 | 004,565,264 | R--- | C] (Swearware) -- C:\Documents and Settings\Mary Forgione\Desktop\ComboFix.exe
[2012/06/13 22:46:37 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Mary Forgione\Desktop\dds.scr
[2012/06/13 22:45:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/06/13 14:17:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/06/12 17:53:56 | 000,000,000 | ---D | C] -- C:\found.000
[2012/06/10 09:35:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mary Forgione\Start Menu\Programs\Administrative Tools
[2012/06/10 00:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/06/10 00:18:05 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/09 23:27:37 | 000,254,912 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2012/06/09 23:27:33 | 000,017,848 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctBTFix.sys
[2012/06/09 23:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
[2012/06/09 23:27:28 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2012/06/09 23:25:29 | 000,909,728 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2012/06/09 23:25:29 | 000,342,168 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2012/06/09 23:25:25 | 000,383,368 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2012/06/09 23:25:25 | 000,162,584 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2012/06/09 23:09:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Forgione\Application Data\DriverCure
[2012/06/09 23:09:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Forgione\Application Data\SpeedMaxPc
[2012/06/09 23:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
[2012/06/09 22:30:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\Threat Expert
[2012/06/09 21:57:21 | 000,070,736 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTBD.sys
[2012/06/09 21:57:20 | 002,267,064 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll0641.old
[2012/06/09 21:57:20 | 002,267,064 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll0625.old
[2012/06/09 21:57:20 | 002,267,064 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll0603.old
[2012/06/09 21:57:20 | 002,267,064 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll0601.old
[2012/06/09 21:57:20 | 002,267,064 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll0600.old
[2012/06/09 21:57:20 | 002,267,064 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2012/06/09 21:57:20 | 001,681,336 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2012/06/09 21:57:20 | 000,149,432 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll0641.old
[2012/06/09 21:57:20 | 000,149,432 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll0625.old
[2012/06/09 21:57:20 | 000,149,432 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll0603.old
[2012/06/09 21:57:20 | 000,149,432 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll0601.old
[2012/06/09 21:57:20 | 000,149,432 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll0600.old
[2012/06/09 21:57:20 | 000,149,432 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2012/06/09 21:56:07 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/06/09 21:18:56 | 000,203,088 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2012/06/09 21:18:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/06/09 21:18:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Forgione\Application Data\TestApp
[2012/06/09 21:18:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/06/09 17:50:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/06/09 17:50:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/05/25 10:56:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/23 22:36:42 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/06/23 22:18:40 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/06/23 22:08:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/23 22:05:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/06/23 22:04:47 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/23 22:04:43 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3523368890-677521806-3999189474-1006.job
[2012/06/23 21:09:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/23 16:54:10 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{659CB606-EEE8-4E82-B48C-89DCB3FB84F7}.job
[2012/06/23 13:24:06 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Forgione\Desktop\OTL.exe
[2012/06/22 20:26:38 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Mary Forgione\My Documents\ammendment.wps
[2012/06/22 20:26:38 | 000,002,896 | ---- | M] () -- C:\Documents and Settings\Mary Forgione\Application Data\wklnhst.dat
[2012/06/22 14:08:24 | 000,000,624 | ---- | M] () -- C:\Documents and Settings\Mary Forgione\Desktop\Shortcut to steve1.lnk
[2012/06/22 13:00:13 | 000,001,487 | ---- | M] () -- C:\Documents and Settings\Mary Forgione\Desktop\Windows Explorer (2).lnk
[2012/06/22 12:44:31 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/06/22 12:24:43 | 004,565,264 | R--- | M] (Swearware) -- C:\Documents and Settings\Mary Forgione\Desktop\ComboFix.exe
[2012/06/21 21:28:47 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/06/21 16:35:28 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Mary Forgione\My Documents\statement.wps
[2012/06/20 21:48:23 | 007,902,008 | ---- | M] (VS Revo Group ) -- C:\Documents and Settings\Mary Forgione\Desktop\RevoUninProSetup.exe
[2012/06/20 19:26:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/06/19 22:30:09 | 001,973,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Mary Forgione\Desktop\avg_remover_stf_x86_2012_2125.exe
[2012/06/19 20:32:04 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3523368890-677521806-3999189474-1006.job
[2012/06/14 03:20:25 | 000,191,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/14 03:03:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/13 22:57:57 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Mary Forgione\My Documents\log3.wps
[2012/06/13 22:45:19 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Mary Forgione\Desktop\dds.scr
[2012/06/13 21:08:11 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Mary Forgione\My Documents\log2.wps
[2012/06/12 18:20:00 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/06/10 14:54:31 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/10 00:32:19 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/06/10 00:29:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/09 23:27:34 | 000,001,809 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor.lnk
[2012/06/09 23:10:25 | 000,000,486 | ---- | M] () -- C:\Documents and Settings\Mary Forgione\Desktop\Shortcut to comedy.lnk
[2012/06/09 21:19:36 | 000,673,367 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/06/09 18:02:36 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/25 11:01:30 | 000,000,780 | ---- | M] () -- C:\WINDOWS\orun32.ini
[2012/05/25 10:45:08 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/22 14:08:24 | 000,000,624 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\Desktop\Shortcut to steve1.lnk
[2012/06/22 13:00:13 | 000,001,487 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\Desktop\Windows Explorer (2).lnk
[2012/06/22 12:42:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/06/21 21:28:47 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/06/21 21:28:45 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/06/21 21:25:12 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/06/21 21:25:12 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/06/21 21:25:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/06/21 21:25:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/06/21 21:25:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/06/21 17:04:49 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\My Documents\ammendment.wps
[2012/06/21 10:58:54 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\My Documents\statement.wps
[2012/06/11 09:44:58 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\My Documents\log3.wps
[2012/06/10 18:37:38 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\My Documents\log2.wps
[2012/06/10 14:54:31 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/10 00:41:58 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/06/10 00:31:58 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/09 23:27:34 | 000,001,809 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor.lnk
[2012/06/09 21:57:20 | 000,767,928 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0641.old
[2012/06/09 21:57:20 | 000,767,928 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0625.old
[2012/06/09 21:57:20 | 000,767,928 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0603.old
[2012/06/09 21:57:20 | 000,767,928 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0601.old
[2012/06/09 21:57:20 | 000,767,928 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0600.old
[2012/06/09 21:57:20 | 000,767,928 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2012/06/09 21:57:20 | 000,003,488 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2012/06/09 21:57:20 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2012/06/09 21:57:20 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2012/06/09 21:57:20 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2012/06/09 21:19:03 | 000,673,367 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/06/09 18:07:49 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\{5a948e11-f431-c727-d66d-db96ce9a949e}\L\00000004.@
[2012/06/09 18:07:30 | 000,001,536 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\{5a948e11-f431-c727-d66d-db96ce9a949e}\U\00000004.@
[2012/06/09 17:53:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/25 10:57:15 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/05/23 21:23:58 | 000,017,407 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\dt.dat
[2012/05/14 17:00:27 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/03/27 21:29:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/24 15:46:05 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/05/12 14:06:54 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/09/09 14:53:58 | 000,129,830 | ---- | C] () -- C:\WINDOWS\HPHins13.dat
[2010/09/09 14:53:58 | 000,002,977 | ---- | C] () -- C:\WINDOWS\hphmdl13.dat
[2009/08/15 16:17:16 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\fusioncache.dat
[2009/08/12 07:54:03 | 000,002,896 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\Application Data\wklnhst.dat
[2009/05/03 12:12:35 | 000,008,004 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\DModem_Trace.trc
[2007/11/30 19:41:31 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/08/10 13:51:16 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\{5a948e11-f431-c727-d66d-db96ce9a949e}\@

========== LOP Check ==========

[2007/12/15 13:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2012/05/25 10:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/06/19 20:43:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/03/27 16:44:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/07/18 14:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2012/04/25 20:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2012/04/25 20:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Premium
[2007/11/25 18:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SingleClick Systems
[2012/06/10 02:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
[2007/11/25 18:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2007/11/29 20:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2012/05/01 18:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\AVG Secure Search
[2012/05/01 18:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\AVG2012
[2012/05/01 18:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\FCSB000062035
[2007/12/15 13:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Forgione\Application Data\AT&T
[2012/03/28 08:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Forgione\Application Data\AVG
[2012/03/27 16:48:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Forgione\Application Data\AVG2012
[2012/06/09 23:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Forgione\Application Data\DriverCure
[2010/04/29 20:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Forgione\Application Data\FCSB000062035
[2010/04/29 20:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Forgione\Application Data\FinalMediaPlayer
[2010/09/02 13:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Forgione\Application Data\Image Zone Express
[2012/04/25 12:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Forgione\Application Data\Media Finder
[2012/06/09 23:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Forgione\Application Data\SpeedMaxPc
[2012/04/10 20:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Forgione\Application Data\Template
[2012/06/09 21:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Forgione\Application Data\TestApp
[2012/06/23 22:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Forgione\Application Data\uTorrent
[2010/04/29 20:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Forgione\Application Data\WeatherBug
[2012/06/23 22:05:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2012/06/23 16:54:10 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{659CB606-EEE8-4E82-B48C-89DCB3FB84F7}.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2004/08/10 14:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/12/15 13:34:13 | 010,763,084 | ---- | M] () -- C:\BellSouthIW.re~
[2010/12/25 14:52:42 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/06/21 21:28:47 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/06/22 12:50:56 | 000,021,896 | ---- | M] () -- C:\ComboFix.txt
[2004/08/10 14:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/11/25 18:04:00 | 000,006,952 | RH-- | M] () -- C:\dell.sdr
[2012/06/13 16:28:34 | 000,000,081 | ---- | M] () -- C:\DVDPATH.TXT
[2009/04/22 10:25:36 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2011/04/21 09:05:40 | 000,030,301 | ---- | M] () -- C:\install.log
[2004/08/10 14:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2004/08/10 14:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/04/22 10:26:27 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/06/23 22:08:15 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2012/03/15 11:12:44 | 000,000,510 | ---- | M] () -- C:\settings.ini
[2012/06/09 21:16:32 | 000,086,940 | ---- | M] () -- C:\TDSSKiller.2.7.36.0_09.06.2012_21.15.41_log.txt
[2012/06/10 00:01:34 | 000,089,468 | ---- | M] () -- C:\TDSSKiller.2.7.36.0_10.06.2012_00.00.45_log.txt
[2012/06/10 00:18:14 | 000,185,200 | ---- | M] () -- C:\TDSSKiller.2.7.36.0_10.06.2012_00.15.04_log.txt
[2010/06/24 15:05:29 | 000,000,664 | ---- | M] () -- C:\updatedatfix.log
[2012/04/25 20:00:28 | 000,000,453 | ---- | M] () -- C:\user.js

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/10 14:03:42 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/12/29 09:57:18 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp4v2.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >
[2009/05/26 22:12:47 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\All Users\Favorites\helpme_att.lnk

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/10 13:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/10 13:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/10 13:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/04/22 10:32:32 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/04/22 10:44:20 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Mary Forgione\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/10 14:08:38 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Mary Forgione\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2012/06/19 22:30:09 | 001,973,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Mary Forgione\Desktop\avg_remover_stf_x86_2012_2125.exe
[2012/06/22 12:24:43 | 004,565,264 | R--- | M] (Swearware) -- C:\Documents and Settings\Mary Forgione\Desktop\ComboFix.exe
[2012/06/23 13:24:06 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Forgione\Desktop\OTL.exe
[2012/06/20 21:48:23 | 007,902,008 | ---- | M] (VS Revo Group ) -- C:\Documents and Settings\Mary Forgione\Desktop\RevoUninProSetup.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/06/20 19:26:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2004/08/04 06:00:00 | 000,000,065 | RH-- | M] () -- C:\WINDOWS\tasks\desktop.ini
[2012/06/23 22:04:47 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/23 21:09:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/23 22:18:40 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/06/23 22:04:43 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3523368890-677521806-3999189474-1006.job
[2012/06/19 20:32:04 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3523368890-677521806-3999189474-1006.job
[2012/06/23 22:07:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2012/06/23 22:05:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/06/23 16:54:10 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{659CB606-EEE8-4E82-B48C-89DCB3FB84F7}.job

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/04 06:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/04/22 10:44:20 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Mary Forgione\Favorites\Desktop.ini
[2009/05/26 22:12:47 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\Mary Forgione\Favorites\helpme_att.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2012/06/23 22:41:30 | 000,327,680 | ---- | M] () -- C:\Documents and Settings\Mary Forgione\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2008/04/13 20:12:38 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 02:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 02:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 02:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 02:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 02:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 02:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 02:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

OTL Extras logfile created on: 6/23/2012 11:00:10 PM - Run 1
OTL by OldTimer - Version 3.2.52.0 Folder = C:\Documents and Settings\Mary Forgione\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.11 Mb Total Physical Memory | 671.99 Mb Available Physical Memory | 66.33% Memory free
2.38 Gb Paging File | 1.90 Gb Available in Paging File | 79.67% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.45 Gb Total Space | 32.29 Gb Free Space | 43.37% Space Free | Partition Type: NTFS

Computer Name: MARY | User Name: Mary Forgione | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3523368890-677521806-3999189474-1006\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Disabled:µTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = QualxServ Service Agreement
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2466E904-7E48-4597-9321-722CF02930EB}" = 5600
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Protector by IB 2.0.0.426
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.8
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.8.0
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Dictionary.com Toolbar
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8F018A9E-56DE-4A79-A5EF-25F413F1D538}" = WeatherBug
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BFD5AC8A-5884-4da8-9873-3DF8E3DCCE18}" = 5600Trb
"{C252EB7B-7AE0-46DE-9BEE-DF681B885F13}" = Modem Diagnostic Tool
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC7984C5-020D-4944-85A0-58D09D4A8BFB}" = 5600_Help
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7B100D8-98A5-42AA-830F-16D6BD5351F1}" = My.Freeze.com NetAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AOL Regclient" = AOL Registration
"AOL Toolbar" = AOL Toolbar 5.0
"AOL Toolbar 5.0" =
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ATT-SST" = AT&T Self Support Tool
"Browser Defender_is1" = Browser Guard 4.0
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"FinalMediaPlayer_is1" = Final Media Player 2010
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.7.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Security Client" = Microsoft Security Essentials
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PriceGong" = PriceGong 2.1.0
"RadialpointClientGateway_is1" = AT&T Internet Security Wizard 1.5.11
"RealPlayer 15.0" = RealPlayer
"SearchAssist" = SearchAssist
"Shop to Win 2" = Shop to Win 2
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3523368890-677521806-3999189474-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Dictionary.com Toolbar Updater

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/13/2012 10:48:27 AM | Computer Name = MARY | Source = Application Error | ID = 1000
Description = Faulting application h70k0yk0[1].exe, version 1.0.15.15641, faulting
module h70k0yk0[1].exe, version 1.0.15.15641, fault address 0x0006ab2c.

Error - 6/20/2012 10:30:17 AM | Computer Name = MARY | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070666, P2 mpupdateengine, P3 am bde,
P4 11.1.3927.0, P5 mpsigstub.exe, P6 4.0.1526.0, P7 microsoft security essentials,
P8 NIL, P9 NIL, P10 NIL.

Error - 6/20/2012 10:13:09 PM | Computer Name = MARY | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070666, P2 mpupdateengine, P3 am fe,
P4 11.1.3927.0, P5 mpsigstub.exe, P6 4.0.1526.0, P7 microsoft security essentials,
P8 NIL, P9 NIL, P10 NIL.

Error - 6/21/2012 11:25:55 PM | Computer Name = MARY | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070666, P2 mpupdateengine, P3 am fe,
P4 11.1.3927.0, P5 mpsigstub.exe, P6 4.0.1526.0, P7 microsoft security essentials,
P8 NIL, P9 NIL, P10 NIL.

Error - 6/22/2012 1:02:34 PM | Computer Name = MARY | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070666, P2 mpupdateengine, P3 am fe,
P4 11.1.3927.0, P5 mpsigstub.exe, P6 4.0.1526.0, P7 microsoft security essentials,
P8 NIL, P9 NIL, P10 NIL.

Error - 6/23/2012 1:08:10 PM | Computer Name = MARY | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070666, P2 mpupdateengine, P3 am fe,
P4 11.1.3927.0, P5 mpsigstub.exe, P6 4.0.1526.0, P7 microsoft security essentials,
P8 NIL, P9 NIL, P10 NIL.

Error - 6/23/2012 1:08:38 PM | Computer Name = MARY | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070666, P2 mpupdateengine, P3 am delta,
P4 11.1.3927.0, P5 mpsigstub.exe, P6 4.0.1526.0, P7 microsoft security essentials,
P8 NIL, P9 NIL, P10 NIL.

Error - 6/23/2012 3:13:26 PM | Computer Name = MARY | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.52.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/23/2012 4:21:20 PM | Computer Name = MARY | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.52.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/23/2012 10:33:25 PM | Computer Name = MARY | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070666, P2 mpupdateengine, P3 am delta,
P4 11.1.3927.0, P5 mpsigstub.exe, P6 4.0.1526.0, P7 microsoft security essentials,
P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 6/23/2012 10:10:09 PM | Computer Name = MARY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm MpFilter PCTSD

Error - 6/23/2012 10:33:19 PM | Computer Name = MARY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 6/23/2012 10:33:19 PM | Computer Name = MARY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 6/23/2012 10:33:19 PM | Computer Name = MARY | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.129.43.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error
description: This service cannot be started in Safe Mode

Error - 6/23/2012 10:33:25 PM | Computer Name = MARY | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: 1.129.359.0 Previous Signature Version: 1.129.43.0 Update Source: %%815 Update
Stage: %%854 Source Path: Signature Type: %%800 Update Type: %%804 User: NT AUTHORITY\NETWORK
SERVICE Current Engine Version: 1.1.8403.0 Previous Engine Version: 1.1.8502.0 Error
code: 0x80070666 Error description: Another version of this product is already installed.
Installation of this version cannot continue. To configure or remove the existing
version of this product, use Add/Remove Programs on the Control Panel.

Error - 6/23/2012 10:33:25 PM | Computer Name = MARY | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: 1.129.359.0 Previous Signature Version: 1.129.43.0 Update Source: %%815 Update
Stage: %%854 Source Path: Signature Type: %%801 Update Type: %%804 User: NT AUTHORITY\NETWORK
SERVICE Current Engine Version: 1.1.8403.0 Previous Engine Version: 1.1.8502.0 Error
code: 0x80070666 Error description: Another version of this product is already installed.
Installation of this version cannot continue. To configure or remove the existing
version of this product, use Add/Remove Programs on the Control Panel.

Error - 6/23/2012 10:33:27 PM | Computer Name = MARY | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.129.43.0 Update Source: %%851 Update Stage:
%%854 Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.8502.0 Error code: 0x80070666 Error description: Another
version of this product is already installed. Installation of this version cannot
continue. To configure or remove the existing version of this product, use Add/Remove
Programs on the Control Panel.

Error - 6/23/2012 10:33:27 PM | Computer Name = MARY | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.129.43.0 Update Source: %%851 Update Stage:
%%854 Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.8502.0 Error code: 0x80070666 Error description: Another
version of this product is already installed. Installation of this version cannot
continue. To configure or remove the existing version of this product, use Add/Remove
Programs on the Control Panel.

Error - 6/23/2012 10:33:27 PM | Computer Name = MARY | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.129.43.0 Update Source: %%851 Update Stage:
%%854 Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.8502.0 Error code: 0x80070666 Error description: Another
version of this product is already installed. Installation of this version cannot
continue. To configure or remove the existing version of this product, use Add/Remove
Programs on the Control Panel.

Error - 6/23/2012 10:33:27 PM | Computer Name = MARY | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.129.43.0 Update Source: %%851 Update Stage:
%%854 Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.8502.0 Error code: 0x80070666 Error description: Another
version of this product is already installed. Installation of this version cannot
continue. To configure or remove the existing version of this product, use Add/Remove
Programs on the Control Panel.


< End of report >

You didn't say:

Quote:

---

How is computer doing?

---

https://discussions.virtualdr.com/

===========================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  Code:

  ---

  :OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0A8A315-B5FE-41B7-8D01-2583DA9806BE}\MpKsl16804b37.sys -- (MpKsl16804b37)
IE - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O15 - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-3523368890-677521806-3999189474-1006\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...8f/wvc1dmo.cab (Reg Error: Key error.)
[2012/06/09 18:07:49 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\{5a948e11-f431-c727-d66d-db96ce9a949e}\L\00000004.@
[2012/06/09 18:07:30 | 000,001,536 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\{5a948e11-f431-c727-d66d-db96ce9a949e}\U\00000004.@
[2004/08/10 13:51:16 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\{5a948e11-f431-c727-d66d-db96ce9a949e}\@


:Services

:Reg

:Files
C:\Program Files\Ask.com

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

  ---

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

=====================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

Computer is much improved; i will run remaining scans and post logs.

All processes killed
========== OTL ==========
Service MRESP50a64 stopped successfully!
Service MRESP50a64 deleted successfully!
File C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS not found.
Service MREMP50a64 stopped successfully!
Service MREMP50a64 deleted successfully!
File C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS not found.
Error: Unable to stop service MpKsl16804b37!
Service\Driver key MpKsl16804b37 not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F0A8A315-B5FE-41B7-8D01-2583DA9806BE}\MpKsl16804b37.sys not found.
Registry value HKEY_USERS\S-1-5-21-3523368890-677521806-3999189474-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-3523368890-677521806-3999189474-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.
Registry key HKEY_USERS\S-1-5-21-3523368890-677521806-3999189474-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3523368890-677521806-3999189474-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\motive.com\patttbc.att\ deleted successfully.
Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\{5a948e11-f431-c727-d66d-db96ce9a949e}\L\00000004.@ moved successfully.
C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\{5a948e11-f431-c727-d66d-db96ce9a949e}\U\00000004.@ moved successfully.
C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\{5a948e11-f431-c727-d66d-db96ce9a949e}\@ moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\Ask.com\Updater folder moved successfully.
C:\Program Files\Ask.com\assets\oobe folder moved successfully.
C:\Program Files\Ask.com\assets folder moved successfully.
C:\Program Files\Ask.com folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users
->Flash cache emptied: 113 bytes

User: Default User
->Temp folder emptied: 32768 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 566 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1511976 bytes
->Flash cache emptied: 1187 bytes

User: Mary Forgione
->Temp folder emptied: 1216016 bytes
->Temporary Internet Files folder emptied: 134820646 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 6232382 bytes
->Flash cache emptied: 47164 bytes

User: NetworkService
->Temp folder emptied: 53112 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 111248 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 419636 bytes

Total Files Cleaned = 138.00 mb


[EMPTYJAVA]

User: All Users

User: Default User

User: Guest

User: LocalService

User: Mary Forgione
->Java cache emptied: 0 bytes

User: NetworkService

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users
->Flash cache emptied: 0 bytes

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: Mary Forgione
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.52.0 log created on 06242012_103736

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Microsoft Security Essentials
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!
Microsoft Security Essentials msseces.exe
``````````End of Log````````````


Farbar Service Scanner Version: 24-06-2012
Ran by Mary Forgione (administrator) on 24-06-2012 at 13:33:21
Running from "C:\Documents and Settings\Mary Forgione\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit


**** End of log ****

i ran the final online scan you recommended. No threats were found.

how can I get rid of pc tools spywared doctor.

I am hoving trouble getting virus definition updates for microsoft security essentials.

Could you recommend a good free anti virus protection.

MSE is a decent program.
I suggest you reinstall and see if that solves the issue.
If not let me know.

As for PC Tools try Revo....

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of the previous uninstall. If that is the case simply stop and let me know.

• Please download and install Revo Uninstaller Free
• Double click Revo Uninstaller to run it.
• From the list of programs double click on the program you want to remove
• When prompted if you want to uninstall click Yes.
• Be sure the Moderate option is selected then click Next.
• The program will run, If prompted again click Yes
• When the built-in uninstaller is finished click on Next
• Once the program has searched for leftovers click Next.
• Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
• When prompted click on Yes and then on Next.
• Put a check on any folders that are found and select Delete
• When prompted select Yes then Next
• Once done click Finish.

Your computer is clean https://discussions.virtualdr.com/

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

---

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

---

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

moving along. pc tools spyware doctor doesnot appear in the list for the uninstall program. what then?

Post new OTL log.
No custom script needed. Just click on "Quick scan" button.
Only one log will be produced.

before i run otl can you tell me how to get rid of pc tools spyware when the program soes not appear on revo removal tool list of programs

I need OTL log to remove Spyware Doctor manually.

OTL logfile created on: 6/30/2012 9:22:23 PM - Run 2
OTL by OldTimer - Version 3.2.52.0 Folder = C:\Documents and Settings\Mary Forgione\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.11 Mb Total Physical Memory | 652.60 Mb Available Physical Memory | 64.42% Memory free
2.38 Gb Paging File | 1.63 Gb Available in Paging File | 68.49% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.45 Gb Total Space | 30.12 Gb Free Space | 40.46% Space Free | Partition Type: NTFS

Computer Name: MARY | User Name: Mary Forgione | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/23 13:24:06 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Forgione\Desktop\OTL.exe
PRC - [2012/05/13 18:33:53 | 000,880,496 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2012/05/11 11:13:38 | 002,670,520 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe
PRC - [2012/05/11 11:13:38 | 001,118,648 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
PRC - [2012/05/11 10:07:20 | 000,402,336 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
PRC - [2012/05/08 18:21:30 | 000,575,416 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2012/04/24 10:33:52 | 000,185,856 | ---- | M] () -- C:\Program Files\Protector by IB\ExtensionUpdaterService.exe
PRC - [2012/04/05 21:41:40 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2010/03/08 03:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\AOL\1196384047\ee\aolsoftware.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/29 14:27:04 | 000,587,096 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/05/25 12:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/11 11:13:32 | 000,157,624 | ---- | M] () -- C:\Program Files\PC Tools\PC Tools Security\NetworkLayer\PCTCFHook.dll
MOD - [2012/05/11 11:13:12 | 000,091,576 | ---- | M] () -- C:\Program Files\PC Tools\PC Tools Security\avengine\sdkBSCtrl.dll
MOD - [2012/05/08 18:21:30 | 000,108,472 | ---- | M] () -- C:\Program Files\PC Tools\PC Tools Security\BDT\BSPatch.dll
MOD - [2012/05/08 18:21:24 | 000,767,928 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
MOD - [2012/04/24 10:33:52 | 000,185,856 | ---- | M] () -- C:\Program Files\Protector by IB\ExtensionUpdaterService.exe
MOD - [2007/08/27 10:41:54 | 000,525,664 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware 2007\Update.dll
MOD - [2006/11/05 11:28:18 | 004,587,520 | R--- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/05/11 11:13:38 | 001,118,648 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012/05/11 10:07:20 | 000,402,336 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012/05/08 18:21:30 | 000,575,416 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2012/04/24 10:33:52 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Protector by IB\ExtensionUpdaterService.exe -- (Protector by IB Updater)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2007/10/29 14:27:04 | 000,587,096 | ---- | M] (Lavasoft AB) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/05/25 12:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2007/03/19 13:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/05/11 11:14:20 | 000,203,088 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2012/05/08 18:21:46 | 000,070,736 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PCTBD.sys -- (PCTBD)
DRV - [2012/04/23 12:36:50 | 000,383,368 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2012/02/28 11:43:00 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2008/07/28 18:26:30 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/07/28 18:26:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/06/13 21:41:44 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/05/28 22:46:08 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2007/05/28 22:46:06 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/05/28 22:46:06 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/12/18 20:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/10/05 18:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/18 14:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 14:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 14:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 14:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 14:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 14:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 14:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 14:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 11:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 11:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2004/11/22 18:36:39 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/11/22 18:36:34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6071126
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6071126
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-results.com/web?q={searchTerms}&o=15868&l=dis&prt=BDIE&chn=retail&geo=US&ver=4.0.0.1550
IE - HKCU\..\SearchScopes\{C14AC97F-ECB1-4045-A6B6-3FF164008908}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=DIC3V5&o=13736&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=D6&apn_dtid=YYYYYYYYUS&apn_uid=DA5775AE-E897-47EA-BDFE-C91D50C099E6&apn_sauid=BB92DE34-7668-4DC1-89F7-3193070440EB
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6R8r2wCsPn&i=26
IE - HKCU\..\SearchScopes\{D5926558-0B72-4932-BEC0-C3E019FB6EFA}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKCU\..\SearchScopes\{E77AFC67-DC98-4DE2-BEEE-804A860C33C7}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKCU\..\SearchScopes\{F907940E-C6BD-4E3B-B844-BCEA5F4674EE}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/05 21:42:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Protector by IB\Firefox [2012/04/25 20:00:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2012/06/09 23:28:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.1.0\FF [2010/04/29 20:58:08 | 000,000,000 | ---D | M]

[2012/04/14 13:08:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mary Forgione\Application Data\Mozilla\Extensions
[2012/04/25 20:00:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: No name found = C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: No name found = C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\2.5_0\
CHR - Extension: No name found = C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: No name found = C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: No name found = C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2111_0\
CHR - Extension: No name found = C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2126_0\
CHR - Extension: No name found = C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/06/22 12:44:31 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1196384047\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 5.0\resources\en-us\local\search.html ()
O8 - Extra context menu item: &Dictionary - http://files.db3nf.com/scripts/ie.htm File not found
O8 - Extra context menu item: &Encyclopedia - http://files.db3nf.com/scripts/ie-e.htm File not found
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.129 167.206.251.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{039BC112-797C-492E-B17E-B2194D804BFC}: DhcpNameServer = 167.206.251.129 167.206.251.130
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mary Forgione\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mary Forgione\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/30 02:14:14 | 000,000,000 | ---D | C] -- C:\742fc4b384a4ccb35ab6542cc4
[2012/06/24 14:04:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/06/24 13:54:29 | 000,000,000 | ---D | C] -- C:\0f9b2de7250e67958037924b6ef13b1d
[2012/06/24 13:26:15 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mary Forgione\Desktop\TFC.exe
[2012/06/24 10:37:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/24 01:35:54 | 000,000,000 | ---D | C] -- C:\d8380823f337fadfed
[2012/06/23 13:23:47 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mary Forgione\Desktop\OTL.exe
[2012/06/22 13:00:17 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/06/21 21:28:43 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/06/21 21:25:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/06/21 21:25:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/06/21 21:25:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/06/21 21:25:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/06/20 21:48:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\VS Revo Group
[2012/06/20 21:48:48 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2012/06/20 21:48:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2012/06/20 21:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/06/20 21:47:57 | 007,902,008 | ---- | C] (VS Revo Group ) -- C:\Documents and Settings\Mary Forgione\Desktop\RevoUninProSetup.exe
[2012/06/19 22:29:49 | 001,973,368 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Mary Forgione\Desktop\avg_remover_stf_x86_2012_2125.exe
[2012/06/19 22:07:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/19 22:07:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/06/19 22:01:01 | 004,565,264 | R--- | C] (Swearware) -- C:\Documents and Settings\Mary Forgione\Desktop\ComboFix.exe
[2012/06/13 22:46:37 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Mary Forgione\Desktop\dds.scr
[2012/06/13 22:45:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/06/13 14:17:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/06/12 17:53:56 | 000,000,000 | ---D | C] -- C:\found.000
[2012/06/10 09:35:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mary Forgione\Start Menu\Programs\Administrative Tools
[2012/06/10 00:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/06/10 00:18:05 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/09 23:27:37 | 000,254,912 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2012/06/09 23:27:33 | 000,017,848 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctBTFix.sys
[2012/06/09 23:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
[2012/06/09 23:27:28 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2012/06/09 23:25:29 | 000,909,728 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2012/06/09 23:25:29 | 000,342,168 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2012/06/09 23:25:25 | 000,383,368 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2012/06/09 23:25:25 | 000,162,584 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2012/06/09 23:09:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Forgione\Application Data\DriverCure
[2012/06/09 23:09:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Forgione\Application Data\SpeedMaxPc
[2012/06/09 23:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
[2012/06/09 22:30:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\Threat Expert
[2012/06/09 21:57:21 | 000,070,736 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTBD.sys
[2012/06/09 21:57:20 | 002,267,064 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll0641.old
[2012/06/09 21:57:20 | 002,267,064 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll0625.old
[2012/06/09 21:57:20 | 002,267,064 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll0603.old
[2012/06/09 21:57:20 | 002,267,064 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll0601.old
[2012/06/09 21:57:20 | 002,267,064 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll0600.old
[2012/06/09 21:57:20 | 002,267,064 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2012/06/09 21:57:20 | 001,681,336 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2012/06/09 21:57:20 | 000,149,432 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll0641.old
[2012/06/09 21:57:20 | 000,149,432 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll0625.old
[2012/06/09 21:57:20 | 000,149,432 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll0603.old
[2012/06/09 21:57:20 | 000,149,432 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll0601.old
[2012/06/09 21:57:20 | 000,149,432 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll0600.old
[2012/06/09 21:57:20 | 000,149,432 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2012/06/09 21:56:07 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/06/09 21:18:56 | 000,203,088 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2012/06/09 21:18:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/06/09 21:18:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Forgione\Application Data\TestApp
[2012/06/09 21:18:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/06/09 17:50:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/06/09 17:50:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

========== Files - Modified Within 30 Days ==========

[2012/06/30 21:25:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/06/30 21:09:04 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/30 21:09:01 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/30 18:18:52 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{659CB606-EEE8-4E82-B48C-89DCB3FB84F7}.job
[2012/06/30 15:33:20 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/06/30 03:11:39 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/06/30 03:01:46 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3523368890-677521806-3999189474-1006.job
[2012/06/30 03:01:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/30 03:01:25 | 1062,387,712 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/30 01:14:53 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/06/29 09:07:53 | 000,002,896 | ---- | M] () -- C:\Documents and Settings\Mary Forgione\Application Data\wklnhst.dat
[2012/06/27 19:26:54 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/06/26 20:32:03 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3523368890-677521806-3999189474-1006.job
[2012/06/26 13:38:25 | 000,000,722 | ---- | M] () -- C:\Documents and Settings\Mary Forgione\Desktop\Shortcut to general.lnk
[2012/06/25 21:08:32 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/24 13:26:23 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Forgione\Desktop\TFC.exe
[2012/06/24 13:25:59 | 000,340,631 | ---- | M] () -- C:\Documents and Settings\Mary Forgione\Desktop\FSS.exe
[2012/06/24 13:25:09 | 000,869,194 | ---- | M] () -- C:\Documents and Settings\Mary Forgione\Desktop\SecurityCheck.exe
[2012/06/23 13:24:06 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Forgione\Desktop\OTL.exe
[2012/06/22 20:26:38 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Mary Forgione\My Documents\ammendment.wps
[2012/06/22 14:08:24 | 000,000,624 | ---- | M] () -- C:\Documents and Settings\Mary Forgione\Desktop\Shortcut to steve1.lnk
[2012/06/22 13:00:13 | 000,001,487 | ---- | M] () -- C:\Documents and Settings\Mary Forgione\Desktop\Windows Explorer (2).lnk
[2012/06/22 12:44:31 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/06/22 12:24:43 | 004,565,264 | R--- | M] (Swearware) -- C:\Documents and Settings\Mary Forgione\Desktop\ComboFix.exe
[2012/06/21 21:28:47 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/06/21 16:35:28 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Mary Forgione\My Documents\statement.wps
[2012/06/20 21:48:23 | 007,902,008 | ---- | M] (VS Revo Group ) -- C:\Documents and Settings\Mary Forgione\Desktop\RevoUninProSetup.exe
[2012/06/19 22:30:09 | 001,973,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Mary Forgione\Desktop\avg_remover_stf_x86_2012_2125.exe
[2012/06/14 03:20:25 | 000,191,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/14 03:03:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/13 22:57:57 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Mary Forgione\My Documents\log3.wps
[2012/06/13 22:45:19 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Mary Forgione\Desktop\dds.scr
[2012/06/13 21:08:11 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Mary Forgione\My Documents\log2.wps
[2012/06/10 14:54:31 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/10 00:32:19 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/06/10 00:29:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/09 23:27:34 | 000,001,809 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor.lnk
[2012/06/09 23:10:25 | 000,000,486 | ---- | M] () -- C:\Documents and Settings\Mary Forgione\Desktop\Shortcut to comedy.lnk
[2012/06/09 21:19:36 | 000,673,367 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/06/09 18:02:36 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

========== Files Created - No Company Name ==========

[2012/06/26 13:38:25 | 000,000,722 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\Desktop\Shortcut to general.lnk
[2012/06/24 13:25:35 | 000,340,631 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\Desktop\FSS.exe
[2012/06/24 13:24:47 | 000,869,194 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\Desktop\SecurityCheck.exe
[2012/06/23 23:32:34 | 1062,387,712 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/22 14:08:24 | 000,000,624 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\Desktop\Shortcut to steve1.lnk
[2012/06/22 13:00:13 | 000,001,487 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\Desktop\Windows Explorer (2).lnk
[2012/06/22 12:42:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/06/21 21:28:47 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/06/21 21:28:45 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/06/21 21:25:12 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/06/21 21:25:12 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/06/21 21:25:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/06/21 21:25:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/06/21 21:25:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/06/21 17:04:49 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\My Documents\ammendment.wps
[2012/06/21 10:58:54 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\My Documents\statement.wps
[2012/06/11 09:44:58 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\My Documents\log3.wps
[2012/06/10 18:37:38 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\My Documents\log2.wps
[2012/06/10 14:54:31 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/10 00:41:58 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/06/10 00:31:58 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/09 23:27:34 | 000,001,809 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor.lnk
[2012/06/09 21:57:20 | 000,767,928 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0641.old
[2012/06/09 21:57:20 | 000,767,928 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0625.old
[2012/06/09 21:57:20 | 000,767,928 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0603.old
[2012/06/09 21:57:20 | 000,767,928 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0601.old
[2012/06/09 21:57:20 | 000,767,928 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0600.old
[2012/06/09 21:57:20 | 000,767,928 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2012/06/09 21:57:20 | 000,003,488 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2012/06/09 21:57:20 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2012/06/09 21:57:20 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2012/06/09 21:57:20 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2012/06/09 21:19:03 | 000,673,367 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/06/09 17:53:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/23 21:23:58 | 000,017,407 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\dt.dat
[2012/05/14 17:00:27 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/03/27 21:29:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/24 15:46:05 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/05/12 14:06:54 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/09/09 14:53:58 | 000,129,830 | ---- | C] () -- C:\WINDOWS\HPHins13.dat
[2010/09/09 14:53:58 | 000,002,977 | ---- | C] () -- C:\WINDOWS\hphmdl13.dat
[2009/08/15 16:17:16 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\fusioncache.dat
[2009/08/12 07:54:03 | 000,002,896 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\Application Data\wklnhst.dat
[2009/05/03 12:12:35 | 000,008,004 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\DModem_Trace.trc
[2007/11/30 19:41:31 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Mary Forgione\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2007/12/15 13:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2012/05/25 10:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/06/19 20:43:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/03/27 16:44:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/07/18 14:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2012/04/25 20:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2012/04/25 20:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Premium
[2007/11/25 18:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SingleClick Systems
[2012/06/10 02:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
[2007/11/25 18:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2007/11/29 20:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/12/15 13:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Forgione\Application Data\AT&T
[2012/03/28 08:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Forgione\Application Data\AVG
[2012/03/27 16:48:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Forgione\Application Data\AVG2012
[2012/06/09 23:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Forgione\Application Data\DriverCure
[2010/04/29 20:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Forgione\Application Data\FCSB000062035
[2010/04/29 20:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Forgione\Application Data\FinalMediaPlayer
[2010/09/02 13:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Forgione\Application Data\Image Zone Express
[2012/04/25 12:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Forgione\Application Data\Media Finder
[2012/06/09 23:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Forgione\Application Data\SpeedMaxPc
[2012/04/10 20:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Forgione\Application Data\Template
[2012/06/09 21:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Forgione\Application Data\TestApp
[2012/06/30 21:25:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Forgione\Application Data\uTorrent
[2010/04/29 20:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Forgione\Application Data\WeatherBug
[2012/06/30 21:25:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2012/06/30 18:18:52 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{659CB606-EEE8-4E82-B48C-89DCB3FB84F7}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84

< End of report >

Run the fix listed below from Safe Mode.

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  Code:

  ---

  :OTL
PRC - [2012/05/11 11:13:38 | 002,670,520 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe
PRC - [2012/05/11 11:13:38 | 001,118,648 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
PRC - [2012/05/11 10:07:20 | 000,402,336 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
PRC - [2012/05/08 18:21:30 | 000,575,416 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
MOD - [2012/05/11 11:13:32 | 000,157,624 | ---- | M] () -- C:\Program Files\PC Tools\PC Tools Security\NetworkLayer\PCTCFHook.dll
MOD - [2012/05/11 11:13:12 | 000,091,576 | ---- | M] () -- C:\Program Files\PC Tools\PC Tools Security\avengine\sdkBSCtrl.dll
MOD - [2012/05/08 18:21:30 | 000,108,472 | ---- | M] () -- C:\Program Files\PC Tools\PC Tools Security\BDT\BSPatch.dll
SRV - [2012/05/11 11:13:38 | 001,118,648 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012/05/11 10:07:20 | 000,402,336 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012/05/08 18:21:30 | 000,575,416 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
DRV - [2012/05/11 11:14:20 | 000,203,088 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2012/05/08 18:21:46 | 000,070,736 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PCTBD.sys -- (PCTBD)
DRV - [2012/04/23 12:36:50 | 000,383,368 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2012/02/28 11:43:00 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2012/06/09 23:28:28 | 000,000,000 | ---D | M]
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe (PC Tools)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
[2012/06/09 23:27:37 | 000,254,912 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2012/06/09 23:27:33 | 000,017,848 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctBTFix.sys
[2012/06/09 23:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
[2012/06/09 23:27:28 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2012/06/09 23:25:29 | 000,909,728 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2012/06/09 23:25:29 | 000,342,168 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2012/06/09 23:25:25 | 000,383,368 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2012/06/09 23:25:25 | 000,162,584 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2012/06/09 21:57:21 | 000,070,736 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTBD.sys
[2012/06/09 21:57:20 | 000,149,432 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll0641.old
[2012/06/09 21:57:20 | 000,149,432 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll0625.old
[2012/06/09 21:57:20 | 000,149,432 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll0603.old
[2012/06/09 21:57:20 | 000,149,432 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll0601.old
[2012/06/09 21:57:20 | 000,149,432 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll0600.old
[2012/06/09 21:57:20 | 000,149,432 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2012/06/09 21:56:07 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/06/09 21:18:56 | 000,203,088 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2012/06/09 21:18:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/06/09 21:18:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/06/09 23:27:34 | 000,001,809 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor.lnk
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84

:Services

:Reg

:Files
C:\Program Files\PC Tools

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

  ---

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

I ran the fix you posted and I got ablue screen that says

A problem has been detected and windows has been shut down to prevent damage to your computer.

If this is the first time you havee seen this stop error screen restart if this appears again do the following

check for viruses remove newly installed drives or hard drive check hard drive to make sure it is properly configured and terminated.Run chkdsk /f to check for hard drive corruption and then restart

technical information

e**stop: 0x0000007B (0XF7A4E528,0XC0000034,0X00000000,0X00000000)

please advise

Did you run the fix from safe mode?

yes I ran it from safe mode

Try to run the fix one more time.

I cannot access safe mode, I cannot get past the blue screen with the error message, Can you help me get unstuck.