Broadband Tech → Security → Security Cleanup > [Virus] Could you check these results?

Just helped my neighbor on an old laptop they haven't used in a while because of infection. A young family member (in the past) abused their trust or something and got the system infected. Here are the cleanup txt files:

MBAM:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.25.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
shaners :: SHANERS-PC [administrator]

6/25/2013 3:14:41 PM
mbam-log-2013-06-25 (15-14-41).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 300319
Time elapsed: 1 hour(s), 15 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\shaners\AppData\Local\edrzxylwet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\shaners\AppData\Local\Temp\fest0r_ot.exe (Spyware.Zbot.DG) -> Quarantined and deleted successfully.
C:\Users\shaners\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Quarantined and deleted successfully.

(end)

~~~

ADW

(I thought I'd saved it, I'll go back there tomorrow and post it then, I'm at home now)

~~~

OTL:

OTL logfile created on: 6/25/2013 4:43:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\shaners\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.71 Gb Available Physical Memory | 35.54% Memory free
4.21 Gb Paging File | 2.69 Gb Available in Paging File | 63.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 229.84 Gb Free Space | 77.10% Space Free | Partition Type: NTFS

Computer Name: SHANERS-PC | User Name: shaners | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013/06/25 16:40:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\shaners\Downloads\OTL.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:56 | 000,493,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcfgex.exe
PRC - [2011/08/05 13:29:56 | 000,159,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/10/18 09:37:35 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
PRC - [2009/04/11 02:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/02/15 21:25:34 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\stacsv.exe
PRC - [2008/02/15 21:23:20 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
PRC - [2007/09/20 18:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\AEstSrv.exe
PRC - [2007/05/09 17:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/06/13 03:42:28 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012/05/11 03:29:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/11 03:24:23 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/11 03:24:04 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007/12/08 17:34:10 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/08/05 13:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011/08/05 13:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011/08/05 13:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/01 12:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2008/02/15 21:25:34 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\stacsv.exe -- (STacSV)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/20 18:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\AEstSrv.exe -- (AESTFilters)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandmodem.sys -- (ANDModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandgps.sys -- (AndGps)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lganddiag.sys -- (AndDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandbus.sys -- (Andbus)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/02/15 21:27:02 | 000,330,752 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/10/10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/06/07 02:21:32 | 000,111,616 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2007/03/22 01:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/05 10:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/02/24 17:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 19:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 C0 4C A6 42 8B CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{5F9000B1-0E34-445F-B530-7E38F051D20C}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=8498181C-CCE5-45ED-8C3D-F3419B28EA08&apn_sauid=DD048628-2AFB-4DCD-86BA-508ABB07FC17&
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/06/11 16:17:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/27 19:41:55 | 000,000,000 | ---D | M]

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6C0DBCC-9C5C-45A9-B072-EF2F0F0AB8EC}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\shaners\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\shaners\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{70cd6340-f6b6-11e0-b319-a0cb0fb0c07c}\Shell\AutoRun\command - "" = E:\AboutYourMINI.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013/06/25 15:13:20 | 000,000,000 | ---D | C] -- C:\Users\shaners\AppData\Roaming\Malwarebytes
[2013/06/25 15:13:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/25 15:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/06/25 15:13:01 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/06/25 15:13:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013/06/25 16:44:14 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/06/25 16:44:14 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/06/25 16:38:10 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/25 16:38:10 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/25 16:38:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/25 16:36:50 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/06/25 15:13:05 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/25 14:13:43 | 076,670,440 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013/06/25 15:13:05 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/13 12:47:24 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad
[2011/12/16 09:34:19 | 000,016,384 | ---- | C] () -- C:\Users\shaners\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/09 19:10:41 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2011/11/09 19:10:41 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2011/10/20 16:42:15 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/10/20 16:42:14 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/10/14 23:15:11 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/10/14 19:59:05 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2011/10/14 19:59:05 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2011/10/14 19:59:05 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2011/10/14 19:59:05 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2011/10/14 19:59:05 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2011/10/14 19:55:25 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2011/10/14 19:24:31 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2011/10/14 19:24:28 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2011/09/06 22:23:10 | 000,000,680 | ---- | C] () -- C:\Users\shaners\AppData\Local\d3d9caps.dat
[2011/09/06 22:20:49 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== LOP Check ==========[/color]

[2012/05/27 19:45:12 | 000,000,000 | ---D | M] -- C:\Users\shaners\AppData\Roaming\AVG2012
[2011/11/09 19:58:30 | 000,000,000 | ---D | M] -- C:\Users\shaners\AppData\Roaming\Azureus
[2011/10/14 19:21:53 | 000,000,000 | ---D | M] -- C:\Users\shaners\AppData\Roaming\TMP

[color=#E56717]========== Purity Check ==========[/color]

~~~

Extras:

OTL Extras logfile created on: 6/25/2013 4:43:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\shaners\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.71 Gb Available Physical Memory | 35.54% Memory free
4.21 Gb Paging File | 2.69 Gb Available in Paging File | 63.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 229.84 Gb Free Space | 77.10% Space Free | Partition Type: NTFS

Computer Name: SHANERS-PC | User Name: shaners | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F018043-ADF1-4BDE-A7FE-666FEA0A94B7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{11D13E43-7D36-4388-93E1-8BECACD9171E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{19E4803B-3321-441E-ADA1-B8F85C768239}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{1AB1A761-51C4-4DEF-A1EA-7FA77F383E1B}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{28D593D5-38B6-49C1-8C61-2E9487C3EA67}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{2D3FCCF5-05CC-4612-9FD5-5BE2EDA0AB5A}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{370D21E0-5AD9-4127-A000-6CA415DA5373}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{3C1F00A6-ACB7-4FBB-9511-04A5F8DF5371}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{444B37BF-712C-4A19-91AD-AA9DDC19C3D5}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{479AFFC3-6297-4AC4-98F4-3AAC20489012}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{560F991F-C2CA-4AA7-A1CC-833BE7622772}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{60BA16C9-70E8-43AA-8B20-3F475CD7BB10}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{74EDBD01-358F-4454-A5D7-94FFD797EB8B}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{7FED8F8F-FCA3-415A-A34C-F5B44099C603}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{81410657-61C2-4F65-A276-64E5DE825724}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{83EFE56C-EB43-407E-860C-7CEFE330D74C}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{97942DDC-7477-4C9B-941C-8824A6494E18}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{BEA8E145-B69F-478E-BD9F-D0BEB8EE6117}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{C340BD73-693D-4F28-8EFE-3154CB59F25A}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{F70E0DFD-3EB0-441A-9528-CEFC7ACEE9BF}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5BCB96FE-1329-4395-9392-525CF6CDC7B3}" = AVG 2012
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6A09671-93A6-4548-9FAE-3BF21EB9C921}" = AVG 2012
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AVG" = AVG 2012
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PokerStars.net" = PokerStars.net
"Zune" = Zune

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 7/13/2012 12:44:48 PM | Computer Name = shaners-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/13/2012 12:51:45 PM | Computer Name = shaners-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/16/2012 3:17:20 PM | Computer Name = shaners-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16447, time stamp
0x4fc9cd53, faulting module USER32.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5,
exception code 0xc0000142, fault offset 0x00009f5d, process id 0x1088, application
start time 0x01cd63879e1f2b30.

Error - 7/16/2012 3:17:20 PM | Computer Name = shaners-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/25/2013 2:09:45 PM | Computer Name = shaners-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/25/2013 2:10:04 PM | Computer Name = shaners-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16447, time stamp
0x4fc9cd53, faulting module USER32.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5,
exception code 0xc0000142, fault offset 0x00009f5d, process id 0x16ac, application
start time 0x01ce71cf341d8761.

Error - 6/25/2013 2:10:51 PM | Computer Name = shaners-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16447, time stamp
0x4fc9cd53, faulting module USER32.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5,
exception code 0xc0000142, fault offset 0x00009f5d, process id 0x13fc, application
start time 0x01ce71cf53406870.

Error - 6/25/2013 3:09:39 PM | Computer Name = shaners-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/25/2013 4:33:11 PM | Computer Name = shaners-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/25/2013 4:38:36 PM | Computer Name = shaners-PC | Source = WinMgmt | ID = 10
Description =

[ Broadcom Wireless LAN Events ]
Error - 12/7/2011 10:08:12 AM | Computer Name = shaners-PC | Source = WLAN-Tray | ID = 0
Description = 09:08:12, Wed, Dec 07, 11 Error - Unable to decrypt string

Error - 3/14/2012 1:26:14 PM | Computer Name = shaners-PC | Source = WLAN-Tray | ID = 0
Description = 13:26:13, Wed, Mar 14, 12 Error - Unable to gain access to user store

[ Media Center Events ]
Error - 10/17/2011 1:32:36 PM | Computer Name = shaners-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 12/18/2011 1:34:35 AM | Computer Name = shaners-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

[ System Events ]
Error - 12/6/2011 8:33:14 AM | Computer Name = shaners-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/6/2011 8:33:15 AM | Computer Name = shaners-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/6/2011 10:55:34 AM | Computer Name = shaners-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/6/2011 10:55:35 AM | Computer Name = shaners-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/6/2011 10:55:36 AM | Computer Name = shaners-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/6/2011 10:55:36 AM | Computer Name = shaners-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/6/2011 10:55:37 AM | Computer Name = shaners-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/6/2011 10:55:39 AM | Computer Name = shaners-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/6/2011 10:55:39 AM | Computer Name = shaners-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/6/2011 10:55:40 AM | Computer Name = shaners-PC | Source = Service Control Manager | ID = 7000
Description =

~~~

Checkup:

Results of screen317's Security Check version 0.99.68
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
[u]``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date! (On Access scanning disabled!)
[u]`````````Anti-malware/Other Utilities Check:`````````[/u]
Malwarebytes Anti-Malware version 1.75.0.1300
Java(TM) 6 Update 29
[color=red]Java version out of Date![/color]
Adobe Reader 10.1.1 [color=red]Adobe Reader out of Date![/color]
[u]````````Process Check: objlist.exe by Laurent````````[/u]
AVG avgwdsvc.exe
AVG avgtray.exe
ESET ESET Online Scanner OnlineCmdLineScanner.exe
[u]`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 3 % [color=red]Defragment your hard drive soon! (Do NOT defrag if SSD!)[/color]
[u]````````````````````End of Log``````````````````````[/u]

~~~

ESET:

C:\Users\shaners\AppData\Local\Google\Chrome\User Data\Default\Default\aadcddgdgddedcgbdcdcdidbdedjdcdi\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\shaners\AppData\Local\Google\Chrome\User Data\Default\Default\aadcddgdgddedcgbdcdcdidbdedjdcdi\ContentScript.js Win32/BHO.OEI trojan cleaned by deleting - quarantined

My apologies for messing up and not properly saving the one file to my thumb drive, I'll get it tomorrow if I can. Thanks so much for your help!!!
--
Join Teams Helix and Discovery. Rest in Peace, Leonard David Smith, my best friend, you are missed badly! Rest in peace, Pop, glad our last years were good. Please pray for Colin, he has ependymoma, a brain cancer, donate to a children's Hospital.

Darn it! Yeah, that file didn't copy to my flash driver properly. I am back at his house trying to get it now, but windows was set (didn't know this) to auto update, and I am stuck waiting on 45 updates, blast it! I have an appointment in a few minutes, if I don't get this done in time, I'll check back later, bear with me.

Ok, here it is:

# AdwCleaner v2.303 - Logfile created 06/25/2013 at 16:35:34
# Updated 08/06/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : shaners - SHANERS-PC
# Boot Mode : Normal
# Running from : C:\Users\shaners\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

Stopped & Deleted : vToolbarUpdater11.2.0

***** [Files / Folders] *****

Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Users\shaners\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\shaners\AppData\LocalLow\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16447

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\shaners\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [5634 octets] - [25/06/2013 16:35:34]

########## EOF - C:\AdwCleaner[S1].txt - [5694 octets] ##########

--
Join Teams Helix and Discovery. Rest in Peace, Leonard David Smith, my best friend, you are missed badly! Rest in peace, Pop, glad our last years were good. Please pray for Colin, he has ependymoma, a brain cancer, donate to a children's Hospital.