[RESOLVED] WIN XP "Issues"

Printable View

Show 40 post(s) from this thread on one page

April 30th, 2013, 09:17 PM
Ron Rockwell

========== Files - Modified Within 30 Days ==========

[2013/04/30 19:55:18 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/30 19:44:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim Salvo\Desktop\OTL.exe
[2013/04/30 19:34:46 | 000,545,926 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\Jim Salvo\Desktop\JRT.exe
[2013/04/30 19:29:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2013/04/30 19:28:43 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2325322264-3557780802-3272613735-1006.job
[2013/04/30 19:28:26 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2325322264-3557780802-3272613735-1006.job
[2013/04/30 19:28:21 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2325322264-3557780802-3272613735-1006.job
[2013/04/30 19:28:09 | 000,068,287 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2013/04/30 19:26:46 | 000,017,112 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/04/30 19:26:43 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/30 19:26:41 | 000,000,620 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/04/30 19:26:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2013/04/30 19:03:27 | 000,628,743 | ---- | M] () -- C:\Documents and Settings\Jim Salvo\Desktop\adwcleaner.exe
[2013/04/30 12:12:01 | 000,000,820 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013/04/30 09:38:51 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B45D121E-91AE-4EF7-8FE9-57B91409F47D}.job
[2013/04/30 08:14:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2013/04/30 07:41:50 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
[2013/04/30 07:22:32 | 005,061,928 | R--- | M] (Swearware) -- C:\Documents and Settings\Jim Salvo\Desktop\ComboFix.exe
[2013/04/29 21:13:27 | 000,816,128 | ---- | M] () -- C:\Documents and Settings\Jim Salvo\Desktop\RogueKiller.exe
[2013/04/29 16:07:03 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Jim Salvo\Desktop\dds.com
[2013/04/29 15:54:11 | 000,002,455 | ---- | M] () -- C:\Documents and Settings\Jim Salvo\Desktop\HiJackThis.lnk
[2013/04/29 11:03:06 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/04/29 11:03:06 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/04/29 11:02:26 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2013/04/29 10:38:25 | 000,068,287 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2013/04/27 22:57:15 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Jim Salvo\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/04/27 22:57:15 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/04/18 13:20:30 | 000,096,168 | ---- | M] () -- C:\Documents and Settings\Jim Salvo\My Documents\pay check 04 -19 - 2013 pdf.pdf
[2013/04/13 21:14:20 | 000,021,258 | ---- | M] () -- C:\Documents and Settings\Jim Salvo\My Documents\mid States Bank April personal 2013.pdf
[2013/04/13 09:15:06 | 000,225,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/11 20:49:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/04/10 10:26:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/04/04 19:20:22 | 000,096,647 | ---- | M] () -- C:\Documents and Settings\Jim Salvo\My Documents\pay check 04 -05 - 2013 pdf.pdf
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/30 19:01:44 | 000,628,743 | ---- | C] () -- C:\Documents and Settings\Jim Salvo\Desktop\adwcleaner.exe
[2013/04/30 07:41:50 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/04/30 07:41:44 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/04/30 07:39:05 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/04/30 07:39:05 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/04/30 07:39:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/04/30 07:39:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/04/30 07:39:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/04/29 21:12:34 | 000,816,128 | ---- | C] () -- C:\Documents and Settings\Jim Salvo\Desktop\RogueKiller.exe
[2013/04/29 15:41:27 | 000,002,455 | ---- | C] () -- C:\Documents and Settings\Jim Salvo\Desktop\HiJackThis.lnk
[2013/04/29 11:03:05 | 000,000,446 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/04/29 11:03:04 | 000,000,616 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/04/29 11:03:03 | 000,000,620 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/04/29 11:02:26 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/04/29 11:02:26 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2013/04/18 13:20:30 | 000,096,168 | ---- | C] () -- C:\Documents and Settings\Jim Salvo\My Documents\pay check 04 -19 - 2013 pdf.pdf
[2013/04/13 21:14:20 | 000,021,258 | ---- | C] () -- C:\Documents and Settings\Jim Salvo\My Documents\mid States Bank April personal 2013.pdf
[2013/04/04 19:20:22 | 000,096,647 | ---- | C] () -- C:\Documents and Settings\Jim Salvo\My Documents\pay check 04 -05 - 2013 pdf.pdf
[2012/09/28 11:51:46 | 000,166,758 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2325322264-3557780802-3272613735-1006-0.dat
[2012/09/11 07:34:39 | 000,166,758 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/16 10:58:58 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/07/13 16:49:26 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/01/28 23:07:58 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Jim Salvo\Application Data\PFP120JPR.{PB
[2007/01/28 23:07:58 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Jim Salvo\Application Data\PFP120JCM.{PB
[2006/02/20 17:47:26 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/02/06 11:53:30 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Jim Salvo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/01/22 17:12:11 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Jim Salvo\Local Settings\Application Data\fusioncache.dat
[2005/01/16 15:10:42 | 000,000,207 | ---- | C] () -- C:\Program Files\Shortcut (3) to CD Drive.lnk
[2005/01/16 15:09:32 | 000,000,207 | ---- | C] () -- C:\Program Files\Shortcut (2) to CD Drive.lnk
[2005/01/16 15:09:18 | 000,000,207 | ---- | C] () -- C:\Program Files\Shortcut to CD Drive.lnk
[2005/01/13 15:49:42 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Jim Salvo\Application Data\QSPMShare

========== ZeroAccess Check ==========

[2004/08/10 14:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/10/29 13:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Temp
[2013/02/27 15:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2010/04/16 15:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2012/08/12 12:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/05/01 11:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2012/08/12 12:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/01/08 16:29:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2011/04/19 19:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2012/10/29 13:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrintProjects
[2011/04/19 20:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2012/10/29 13:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2012/09/10 21:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2012/10/29 13:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Temp
[2006/10/23 21:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Salvo\Application Data\acccore
[2005/02/06 19:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Salvo\Application Data\DIMAGE
[2008/12/19 12:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Salvo\Application Data\EPSON
[2013/01/09 09:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Salvo\Application Data\GARMIN
[2012/08/12 12:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Salvo\Application Data\IObit
[2005/01/22 16:29:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Salvo\Application Data\Leadertech
[2006/10/23 21:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Salvo\Application Data\MSNInstaller
[2011/04/19 20:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Salvo\Application Data\ntr
[2010/09/10 16:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Salvo\Application Data\PandoraRecovery
[2012/09/26 14:50:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim Salvo\Application Data\Temp
[2012/09/28 08:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Temp

========== Purity Check ==========

< End of report >
April 30th, 2013, 09:17 PM
Ron Rockwell

OTL Extras logfile created on: 4/30/2013 7:53:21 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Jim Salvo\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.23 Mb Total Physical Memory | 150.86 Mb Available Physical Memory | 19.66% Memory free
1.45 Gb Paging File | 0.67 Gb Available in Paging File | 46.24% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.63 Gb Total Space | 28.16 Gb Free Space | 39.32% Space Free | Partition Type: NTFS
Drive E: | 502.88 Mb Total Space | 502.88 Mb Free Space | 100.00% Space Free | Partition Type: FAT

Computer Name: LAPTOP | User Name: Jim Salvo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2325322264-3557780802-3272613735-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Paint Shop Pro Studio] -- "C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\\Paint Shop Pro Studio.exe" "/Browse" "%L" (Jasc Software, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"9323:TCP" = 9323:TCP:*:Enabled:EKDiscovery
"5353:UDP" = 5353:UDP:*:Enabled:Bonjour Port 5353
"9322:TCP" = 9322:TCP:*:Enabled:EKDiscovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Intuit\QuickBooks 2011\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2011\QBDBMgrN.exe:*:Enabled:QuickBooks 2011 Data Manager -- (Intuit, Inc.)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" = C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe:*:Enabled:Kodak.AiO.HomeCenter -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe" = C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe:*:Enabled:Kodak.AiO.Statistics -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe" = C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe:*:Enabled:Kodak.AiO.SetupUtility -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe" = C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe:*:Enabled:Kodak.AiO.FwUpdater -- (Eastman Kodak Company)
"C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe" = C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe:*:Enabled:Kodak.AiO.Installer -- (Eastman Kodak Company)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00020409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Standard
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{11E0AC7D-6822-4F67-865F-EE1C13D28C38}" = QuickBooks Pro 2011
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D70AABC-CB59-4700-A708-EA56D1CA07B0}" = QuickBooks
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3A7BF905-F37D-4DFB-8308-EC3AA4617B36}" = Garmin Communicator Plugin
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E9C9EE1-1964-4519-BF80-652E7F415ECF}" = WD Drive Utilities
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}" = Google Photos Screensaver
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{55584E16-4D70-44EE-93DD-F144E8B7D4B7}" = QuickBooks Product Listing Service
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6C5D7191-140A-11D6-B5A0-0050DA208A93}" = ArcSoft PhotoImpression
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E545666-F422-45FD-B3DF-C0B99A1A579F}" = QuickBooks Pro 2007
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Advanced Control Suite
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{976EA7B1-7562-483D-88DA-4323D263B7CD}" = DiMAGE Viewer
"{99E67091-D392-4031-AD2A-E9547F3615F8}" = KONICA_MINOLTA DiMAGE remote camera driver
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.1
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3AD9933-EF84-4226-B906-0E0578B14248}" = WD SmartWare
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CDE4CC8B-134B-421E-943C-90799E56F664}" = Dell Media Experience Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DBCA9AEA-7E95-46B7-B809-F605FE21AD26}" = QuickBooks Customer Manager Version 2
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}" = Consumer Complete Care Services Agreement
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{EFC0BA9B-F472-4559-B655-9C47281F9483}" = WD Security
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Aerial Apparatus Driver Operator Study Guide_is1" = Aerial Apparatus Driver Operator Study Guide 1.3
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.9x Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Essentials of Fire Fighting Study Guide_is1" = Essentials of Fire Fighting Study Guide 1.7
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Advanced Control Suite
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Monopoly" = Monopoly
"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PandoraRecovery" = PandoraRecovery (Remove Only)
"PrintProjects" = PrintProjects
"ProInst" = Intel(R) PROSet/Wireless Software
"Pumping Apparatus Driver Operator Study Guide_is1" = Pumping Apparatus Driver Operator Study Guide 1.5
"RealPlayer 16.0" = RealPlayer
"Search Protection" = Search Protection
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2325322264-3557780802-3272613735-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/29/2013 5:17:48 PM | Computer Name = LAPTOP | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.1.112:5353 16 112.1.168.192.in-addr.arpa.
PTR laptop-2.local.

Error - 4/29/2013 5:17:48 PM | Computer Name = LAPTOP | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 14 112.1.168.192.in-addr.arpa.
PTR laptop.local.

Error - 4/30/2013 4:01:07 AM | Computer Name = LAPTOP | Source = NativeWrapper | ID = 5000
Description =

Error - 4/30/2013 7:25:34 AM | Computer Name = LAPTOP | Source = NativeWrapper | ID = 5000
Description =

Error - 4/30/2013 8:20:29 AM | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module wzcdlg.dll, version 5.1.2600.5512, fault address 0x00031787.

Error - 4/30/2013 8:33:33 AM | Computer Name = LAPTOP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.2.223.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.

Error - 4/30/2013 6:07:56 PM | Computer Name = LAPTOP | Source = NativeWrapper | ID = 5000
Description =

Error - 4/30/2013 7:47:17 PM | Computer Name = LAPTOP | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.2.122:5353 16 122.2.168.192.in-addr.arpa.
PTR laptop-2.local.

Error - 4/30/2013 7:47:17 PM | Computer Name = LAPTOP | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 14 122.2.168.192.in-addr.arpa.
PTR laptop.local.

Error - 4/30/2013 8:37:40 PM | Computer Name = LAPTOP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.2.223.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.

[ System Events ]
Error - 4/30/2013 8:07:17 AM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Security Center Service service failed to start due
to the following error: %%1053

Error - 4/30/2013 6:07:59 PM | Computer Name = LAPTOP | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597).

Error - 4/30/2013 7:48:36 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security
Center Service service to connect.

Error - 4/30/2013 7:48:36 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Security Center Service service failed to start due
to the following error: %%1053

Error - 4/30/2013 7:48:36 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Updating
Service service to connect.

Error - 4/30/2013 7:48:36 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Updating Service service failed to start due to the
following error: %%1053

Error - 4/30/2013 8:28:01 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Scanner
Service service to connect.

Error - 4/30/2013 8:28:01 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Scanner Service service failed to start due to the
following error: %%1053

Error - 4/30/2013 8:28:01 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security
Center Service service to connect.

Error - 4/30/2013 8:28:01 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Security Center Service service failed to start due
to the following error: %%1053

< End of report >
April 30th, 2013, 09:32 PM
Broni
http://dev.discussions.virtualdr.forums.relay.cool/ Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:

:OTL SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService) SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService) SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService) SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\JIMSAL~1\LOCALS~1\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci) IE - HKU\.DEFAULT\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - No CLSID value found IE - HKU\S-1-5-18\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - No CLSID value found IE - HKU\S-1-5-21-2325322264-3557780802-3272613735-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found O2 - BHO: (Search Protection Class) - {DEE1F01A-E6A8-4740-B420-3C521F234F74} - C:\Program Files\Common Files\Search Protection\sp.dll File not found O2 - BHO: (no name) - {FB9FFB4B-9680-4256-8178-5ECDB2C19B23} - No CLSID value found. O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : Manage Search Protection... - {B1C5B118-8240-47a6-AE84-103B05FB5AEF} - C:\Program Files\Common Files\Search Protection\spControl.exe File not found O15 - HKU\S-1-5-21-2325322264-3557780802-3272613735-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/sh...1/mcinsctl.cab (Reg Error: Key error.) O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab (Reg Error: Key error.) O16 - DPF: Garmin Communicator Plug-In https://my.garmin.com/static/m/cab/2...nAxControl.CAB (Reg Error: Key error.) :Commands [purity] [emptytemp] [emptyjava] [emptyflash] [Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- You will get a log that shows the results of the fix. Please post it.
NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

Last scans...

http://dev.discussions.virtualdr.forums.relay.cool/ Download Security Check from here or here and save it to your Desktop.
- Double-click SecurityCheck.exe
- Follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

http://dev.discussions.virtualdr.forums.relay.cool/ Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
- Make sure the following options are checked:
  - Internet Services
  - Windows Firewall
  - System Restore
  - Security Center
  - Windows Update
  - Windows Defender
  - Other Services
- Press "Scan".
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please copy and paste the log to your reply.
http://dev.discussions.virtualdr.forums.relay.cool/ Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
- Double click on TFC.exe to run the program.
- Click on Start button to begin cleaning process.
- TFC will close all running programs, and it may ask you to restart computer.
http://dev.discussions.virtualdr.forums.relay.cool/ Please run a free online scan with the ESET Online Scanner
- Disable your antivirus program
- Tick the box next to YES, I accept the Terms of Use
- Click Start
- Accept any security warnings from your browser.
- Check Scan archives
- Click Start
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, click on List of found threats
- Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
- NOTE. If Eset won't find any threats, it won't produce any log.
May 1st, 2013, 01:00 PM
Ron Rockwell

OK here are the logs,

All processes killed
========== OTL ==========
Service SDWSCService stopped successfully!
Service SDWSCService deleted successfully!
File C:\Program Files\Spybot not found.
Service SDUpdateService stopped successfully!
Service SDUpdateService deleted successfully!
File C:\Program Files\Spybot not found.
Service SDScannerService stopped successfully!
Service SDScannerService deleted successfully!
File C:\Program Files\Spybot not found.
Service HidServ stopped successfully!
Service HidServ deleted successfully!
File %SystemRoot%\System32\hidserv.dll not found.
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
File %SystemRoot%\System32\appmgmts.dll not found.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\JIMSAL~1\LOCALS~1\Temp\catchme.sys not found.
Service bvrp_pci stopped successfully!
Service bvrp_pci deleted successfully!
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\ not found.
HKU\S-1-5-21-2325322264-3557780802-3272613735-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DEE1F01A-E6A8-4740-B420-3C521F234F74}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DEE1F01A-E6A8-4740-B420-3C521F234F74}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB9FFB4B-9680-4256-8178-5ECDB2C19B23}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB9FFB4B-9680-4256-8178-5ECDB2C19B23}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B1C5B118-8240-47a6-AE84-103B05FB5AEF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1C5B118-8240-47a6-AE84-103B05FB5AEF}\ not found.
Registry key HKEY_USERS\S-1-5-21-2325322264-3557780802-3272613735-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ deleted successfully.
Starting removal of ActiveX control {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
C:\WINDOWS\Downloaded Program Files\mcinsctl.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Starting removal of ActiveX control {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}
C:\WINDOWS\Downloaded Program Files\McGDMgr.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
Starting removal of ActiveX control Garmin Communicator Plug-In
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 53632 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 53673 bytes

User: Jim Salvo
->Temp folder emptied: 2411349 bytes
->Temporary Internet Files folder emptied: 674135 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 232633507 bytes
->Google Chrome cache emptied: 8213144 bytes
->Flash cache emptied: 4346 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 193746 bytes

User: NetworkService
->Temp folder emptied: 13260 bytes
->Temporary Internet Files folder emptied: 131206 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 34797350 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 266.00 mb

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: Jim Salvo
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Jim Salvo
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 04302013_204543

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
May 1st, 2013, 01:04 PM
Ron Rockwell

Results of screen317's Security Check version 0.99.63
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java 2 Runtime Environment, SE v1.4.2_03
Java version out of Date!
Adobe Flash Player 11.6.602.180
Adobe Reader 8 Adobe Reader out of Date!
Adobe Reader 10.1.6 Adobe Reader out of Date!
Mozilla Firefox (for.)
Google Chrome 26.0.1410.43
Google Chrome 26.0.1410.64
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Spybot Teatimer.exe is disabled!
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 8%
````````````````````End of Log``````````````````````
May 1st, 2013, 01:05 PM
Ron Rockwell

Farbar Service Scanner Version: 14-04-2013
Ran by Jim Salvo (administrator) on 30-04-2013 at 21:07:09
Running from "C:\Documents and Settings\Jim Salvo\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(11) Gpc(6) IPSec(4) IWCA(12) NetBT(5) PSched(7) s24trans(8) Tcpip(3)
0x0C0000000400000001000000020000000300000005000000060000000700000008000000090000000A0000000B0000000C000000
IpSec Tag value is correct.

**** End of log ****
May 1st, 2013, 01:08 PM
Ron Rockwell

C:\Documents and Settings\Jim Salvo\My Documents\Downloads\Setup.exe a variant of Win32/Adware.iBryte.G application cleaned by deleting - quarantined
Farbar Service Scanner Version: 14-04-2013
Ran by Jim Salvo (administrator) on 30-04-2013 at 21:07:09
Running from "C:\Documents and Settings\Jim Salvo\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(11) Gpc(6) IPSec(4) IWCA(12) NetBT(5) PSched(7) s24trans(8) Tcpip(3)
0x0C0000000400000001000000020000000300000005000000060000000700000008000000090000000A0000000B0000000C000000
IpSec Tag value is correct.

**** End of log ****
May 1st, 2013, 01:17 PM
Ron Rockwell

The computer seems better. Will wait for more instruction.
May 1st, 2013, 07:48 PM
Broni

Eset?
May 1st, 2013, 07:55 PM
Ron Rockwell

Oops, sorry,

C:\Documents and Settings\Jim Salvo\My Documents\Downloads\Setup.exe a variant of Win32/Adware.iBryte.G application cleaned by deleting - quarantined
May 1st, 2013, 07:57 PM
Broni
http://dev.discussions.virtualdr.forums.relay.cool/ Update Adobe Flash Player: http://get.adobe.com/flashplayer/
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

http://dev.discussions.virtualdr.forums.relay.cool/ Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

http://dev.discussions.virtualdr.forums.relay.cool/ 1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
- Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
- Accept any prompts.
- Do NOT post JavaRa log.
======================================

http://dev.discussions.virtualdr.forums.relay.cool/ Your computer is clean http://dev.discussions.virtualdr.forums.relay.cool/

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:

:OTL :Commands [purity] [emptytemp] [EMPTYFLASH] [emptyjava] [CLEARALLRESTOREPOINTS] [Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Post resulting log.
2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:
- Double-click OTL.exe to start the program.
- Close all other programs apart from OTL as this step will require a reboot
- On the OTL main screen, press the CLEANUP button
- Say Yes to the prompt and then allow the program to reboot your computer.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tuto...r-safe-online/

14. Please, let me know, how your computer is doing.
May 1st, 2013, 09:30 PM
Ron Rockwell

The system seems to be fine now. Thank you for all of the help. This has taken quite a bit of your time and I do appreciate the help.

Here is the log,

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jim Salvo
->Temp folder emptied: 2289309 bytes
->Temporary Internet Files folder emptied: 1828118 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 98202452 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1184 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 19410 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 64209512 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 159.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Jim Salvo
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: Jim Salvo
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 05012013_200434

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
May 1st, 2013, 09:43 PM
Broni

Way to go!! http://dev.discussions.virtualdr.forums.relay.cool/
Good luck and stay safe :)
May 2nd, 2013, 12:10 AM
Ron Rockwell

Thank You Broni.

Saved by the Virtual Dr once again.

Cheers
May 2nd, 2013, 12:34 AM
Broni

https://discussions.virtualdr.com/

Show 40 post(s) from this thread on one page