Solved I'm having issues with a Rootkit

[the_third_curry]

I have the free version of Avast! installed on my computer and it keeps detecting a rootkit for the file "FlashPlayerUpdateService.exe". The rootkit name is "Win32:Agent-ARRQ [Trj]." Around the same time that Avast! started reporting this rootkit, my computer began to randomly reboot occasionally.

Also, I'm running Windows XP.

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[the_third_curry]

Here is the DDS log:

undefinedDDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
Run by HP_Administrator at 22:30:10 on 2013-09-04
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1049 [GMT -4:00]
.
AV: Malware Defense *Enabled/Outdated* {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *Disabled*
.
============== Running Processes ================
.
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ExpressFiles\ExpressFiles.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\HP_Administrator\My Documents\RCA Detective\RCADetective.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mystart.incredibar.com/mb178?a=6PQHDBKRGx&I=26
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=c045d1910000000000000018f335bc0e&tlver=1.4.19.19&ss=1&affID=17396
uURLSearchHooks: appbario8 Toolbar: {0cc09160-108c-4759-bab1-5c12c216e005} - c:\program files\appbario8\prxtbapp2.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053F9267-DC04-4294-A72C-58F732D338C0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: appbario8 Toolbar: {0cc09160-108c-4759-bab1-5c12c216e005} - c:\program files\appbario8\prxtbapp2.dll
BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - c:\program files\web assistant\Extension32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Complete Bar: {64c54209-175c-454d-9291-ac46d4d952cf} - c:\program files\completebartb\completebarDx.dll
BHO: SpecialSavings: {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - c:\program files\specialsavings\SpecialSavingsSinged.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Complitly: {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - c:\documents and settings\hp_administrator\application data\compitlyengine\ComplitlyEngine.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Updater For Complete Bar: {fe618700-e0ee-441e-8b1d-18ce226bb193} - c:\program files\completebartb\auxi\completebarAu.dll
TB: appbario8 Toolbar: {0CC09160-108C-4759-BAB1-5C12C216E005} - c:\program files\appbario8\prxtbapp2.dll
TB: Complete Bar: {64c54209-175c-454d-9291-ac46d4d952cf} - c:\program files\completebartb\completebarDx.dll
TB: appbario8 Toolbar: {0cc09160-108c-4759-bab1-5c12c216e005} - c:\program files\appbario8\prxtbapp2.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [PlayNC Launcher] <no file>
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PCDrProfiler] <no file>
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\babyli~1.lnk - c:\program files\vivamedia\babylion\BabyLion.exe
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\imvu.lnk - c:\documents and settings\hp_administrator\application data\imvuclient\IMVUQualityAgent.exe
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\rcadet~1.lnk - c:\documents and settings\hp_administrator\my documents\rca detective\RCADetective.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dfx.lnk - c:\program files\dfx\DFX.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:149
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:149
IE: &Search - <no file>
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files\specialsavings\SpecialSavingsSinged.dll
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\hp_administrator\start menu\programs\imvu\Run IMVU.lnk
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DHCPNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
TCP: Interfaces\{D704B6FF-34D0-4B5A-82AF-AC302804200C} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{D704B6FF-34D0-4B5A-82AF-AC302804200C} : DHCPNameServer = 209.18.47.61 209.18.47.62
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.66\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 173.192.170.88 drghwaweg45j4i6u3q32fg2h.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\1t2189lh.default-1374782686536\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\documents and settings\hp_administrator\application data\electronic arts\game face\npGameFacePlugin.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\hp_administrator\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin101772.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - ExtSQL: 2013-07-23 20:00; {8E9E3331-D360-4f87-8803-52DE43566502}; c:\program files\web assistant\Firefox
FF - ExtSQL: 2013-07-25 16:08; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\1t2189lh.default-1374782686536\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-8-29 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-8-29 177864]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-24 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-11 369584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-7-18 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-11 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-8-29 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-11 46808]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2012-5-30 33792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
FileExt: .bat: batfile="c:\program files\vdmsound\\VDMSRun.pif" %1 [default=runwithvdms - 'Open' doesn't exist]
FileExt: .com: comfile="c:\program files\vdmsound\\VDMSRun.pif" %1 [default=runwithvdms - 'Open' doesn't exist]
FileExt: .exe: exefile="c:\program files\vdmsound\\VDMSRun.pif" %1 [default=runwithvdms - 'Open' doesn't exist]
ShellExec: switch.exe: Convert with Switch Sound File Converter="c:\program files\nch software\switch\switch" "%L"
.
=============== Created Last 30 ================
.
2013-09-04 01:27:23 6583664 ----a-w- c:\program files\Alwil
2013-09-03 01:18:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-03 01:18:36 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-29 09:57:59 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-29 09:57:59 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-29 09:57:58 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-28 20:14:48 163328 ----a-w- c:\windows\system32\FlashPlayerUpdateService.exe
.
==================== Find3M ====================
.
2013-09-05 01:41:09 90112 ----a-w- c:\windows\DUMP6bf8.tmp
2013-09-02 23:14:31 90112 ----a-w- c:\windows\DUMPa2d7.tmp
2013-09-02 15:12:54 90112 ----a-w- c:\windows\DUMP6c85.tmp
2013-08-30 07:48:12 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:47:40 41664 ----a-w- c:\windows\avastSS.scr
2013-08-03 18:18:38 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-07-26 02:47:17 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:47:13 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-07-26 02:47:12 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-07-25 15:52:59 385024 ----a-w- c:\windows\system32\html.iec
2013-07-24 03:42:02 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-24 03:41:57 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-07-24 03:41:56 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-24 03:41:56 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-10 10:37:53 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 03:03:25 2149888 ------w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08:30 2028544 ------w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 22:31:05.84 ===============

 

[Broni]

Please observe forum rules.
All logs have to be pasted not attached.

 

[the_third_curry]

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.03.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
HP_Administrator :: CURRY [administrator]

9/4/2013 10:37:49 PM
mbam-log-2013-09-04 (22-37-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 259118
Time elapsed: 10 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[Broni]

Please read my previous reply.

 

[the_third_curry]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/5/2010 6:06:45 PM
System Uptime: 9/4/2013 10:15:15 PM (0 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NODUSM3
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket AM2 | 1803/199mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 457 GiB total, 16.441 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 0.938 GiB free.
E: is CDROM ()
F: is Removable
H: is Removable
I: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1263: 6/7/2013 3:56:02 AM - System Checkpoint
RP1264: 6/8/2013 4:02:08 AM - System Checkpoint
RP1265: 6/9/2013 4:55:20 AM - System Checkpoint
RP1266: 6/10/2013 5:53:41 AM - System Checkpoint
RP1267: 6/11/2013 5:55:26 AM - System Checkpoint
RP1268: 6/12/2013 3:00:36 AM - Software Distribution Service 3.0
RP1269: 6/13/2013 4:06:44 AM - System Checkpoint
RP1270: 6/14/2013 4:08:09 AM - System Checkpoint
RP1271: 6/15/2013 4:34:37 AM - System Checkpoint
RP1272: 6/16/2013 5:34:41 AM - System Checkpoint
RP1273: 6/17/2013 5:45:42 AM - System Checkpoint
RP1274: 6/18/2013 6:41:32 AM - System Checkpoint
RP1275: 6/19/2013 6:46:02 AM - System Checkpoint
RP1276: 6/20/2013 7:46:05 AM - System Checkpoint
RP1277: 6/21/2013 8:46:07 AM - System Checkpoint
RP1278: 6/22/2013 9:43:50 AM - System Checkpoint
RP1279: 6/23/2013 9:46:10 AM - System Checkpoint
RP1280: 6/24/2013 9:49:26 AM - System Checkpoint
RP1281: 6/25/2013 9:50:40 AM - System Checkpoint
RP1282: 6/26/2013 9:50:58 AM - System Checkpoint
RP1283: 6/27/2013 9:56:26 AM - System Checkpoint
RP1284: 6/28/2013 9:59:13 AM - System Checkpoint
RP1285: 6/29/2013 10:56:31 AM - System Checkpoint
RP1286: 6/30/2013 11:56:31 AM - System Checkpoint
RP1287: 7/1/2013 3:49:23 PM - System Checkpoint
RP1288: 7/2/2013 10:23:18 PM - System Checkpoint
RP1289: 7/4/2013 2:03:41 AM - System Checkpoint
RP1290: 7/5/2013 3:28:37 AM - System Checkpoint
RP1291: 7/6/2013 4:01:08 AM - System Checkpoint
RP1292: 7/7/2013 4:19:24 AM - System Checkpoint
RP1293: 7/8/2013 5:18:44 AM - System Checkpoint
RP1294: 7/9/2013 6:18:45 AM - System Checkpoint
RP1295: 7/9/2013 3:13:59 PM - Installed The Sims 3
RP1296: 7/10/2013 4:34:53 PM - System Checkpoint
RP1297: 7/11/2013 3:00:24 AM - Software Distribution Service 3.0
RP1298: 7/12/2013 4:04:54 AM - System Checkpoint
RP1299: 7/13/2013 4:20:08 AM - System Checkpoint
RP1300: 7/13/2013 5:15:19 PM - Installed TheSims3EP9
RP1301: 7/14/2013 3:00:23 AM - Software Distribution Service 3.0
RP1302: 7/15/2013 3:12:35 AM - System Checkpoint
RP1303: 7/16/2013 3:37:05 AM - System Checkpoint
RP1304: 7/17/2013 4:37:07 AM - System Checkpoint
RP1305: 7/18/2013 5:02:47 AM - System Checkpoint
RP1306: 7/19/2013 5:07:19 AM - System Checkpoint
RP1307: 7/20/2013 6:07:23 AM - System Checkpoint
RP1308: 7/21/2013 7:07:25 AM - System Checkpoint
RP1309: 7/22/2013 8:07:27 AM - System Checkpoint
RP1310: 7/23/2013 8:56:44 AM - System Checkpoint
RP1311: 7/23/2013 11:41:11 PM - Removed Java 7 Update 15
RP1312: 7/25/2013 12:04:55 AM - System Checkpoint
RP1313: 7/26/2013 4:17:11 AM - System Checkpoint
RP1314: 7/27/2013 4:56:52 AM - System Checkpoint
RP1315: 7/28/2013 5:44:46 AM - System Checkpoint
RP1316: 7/29/2013 5:49:14 AM - System Checkpoint
RP1317: 7/30/2013 6:49:16 AM - System Checkpoint
RP1318: 7/31/2013 12:05:09 PM - System Checkpoint
RP1319: 8/1/2013 12:23:50 PM - System Checkpoint
RP1320: 8/2/2013 12:46:27 PM - System Checkpoint
RP1321: 8/3/2013 1:08:31 PM - System Checkpoint
RP1322: 8/4/2013 1:28:43 PM - System Checkpoint
RP1323: 8/5/2013 4:04:49 PM - System Checkpoint
RP1324: 8/6/2013 10:00:02 PM - System Checkpoint
RP1325: 8/8/2013 12:51:15 AM - System Checkpoint
RP1326: 8/9/2013 2:42:49 AM - System Checkpoint
RP1327: 8/10/2013 3:20:28 AM - System Checkpoint
RP1328: 8/11/2013 3:52:50 AM - System Checkpoint
RP1329: 8/12/2013 4:10:37 AM - System Checkpoint
RP1330: 8/13/2013 4:18:52 AM - System Checkpoint
RP1331: 8/14/2013 4:56:12 AM - System Checkpoint
RP1332: 8/15/2013 3:00:41 AM - Software Distribution Service 3.0
RP1333: 8/16/2013 3:37:07 AM - System Checkpoint
RP1334: 8/17/2013 3:41:07 AM - System Checkpoint
RP1335: 8/18/2013 4:18:57 AM - System Checkpoint
RP1336: 8/19/2013 4:45:02 AM - System Checkpoint
RP1337: 8/20/2013 4:47:34 AM - System Checkpoint
RP1338: 8/21/2013 5:37:13 AM - System Checkpoint
RP1339: 8/22/2013 6:49:35 AM - System Checkpoint
RP1340: 8/23/2013 7:14:16 AM - System Checkpoint
RP1341: 8/24/2013 7:30:01 AM - System Checkpoint
RP1342: 8/25/2013 8:00:45 AM - System Checkpoint
RP1343: 8/26/2013 10:06:26 AM - System Checkpoint
RP1344: 8/27/2013 11:29:26 AM - System Checkpoint
RP1345: 8/28/2013 11:53:42 AM - System Checkpoint
RP1346: 8/28/2013 3:40:16 PM - Software Distribution Service 3.0
RP1347: 8/29/2013 4:34:03 PM - System Checkpoint
RP1348: 8/30/2013 4:43:23 PM - System Checkpoint
RP1349: 8/31/2013 5:12:43 PM - System Checkpoint
RP1350: 12/31/2005 11:40:03 PM - System Checkpoint
RP1351: 9/1/2013 8:15:04 PM - System Checkpoint
RP1352: 9/2/2013 10:31:34 PM - System Checkpoint
RP1353: 9/3/2013 11:26:20 PM - System Checkpoint
.
==== Installed Programs ======================
.
Leawo MP4 Converter version 4.1.0.1
001 Game Creator 1.010.009
32 Bit HP CIO Components Installer
Adobe Acrobat Reader 3.01
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7)
Adobe Shockwave Player 11.5
AIO_Scan
Amazon MP3 Downloader 1.0.17
Amazon MP3 Uploader
appbario8 Toolbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 2.0
AutoUpdate
avast! Free Antivirus
AviSynth 2.5
Bandisoft MPEG-1 Decoder
Bonjour
BufferChm
CCleaner
CDBurnerXP
Civil War Generals II
CloneCD
CompitlyEngine
Complete Bar
Copy
CopyTrans Suite Remove Only
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CueTour
CustomerResearchQFolder
D-Fend Reloaded 0.6.1 (deinstall)
Data Fax SoftModem with SmartCP
Destination Component
DeviceDiscovery
DFX
DivX
DivxToDVD 0.5.2b
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
Dragonsphere
EA SPORTS Game Face Browser Plugin 1.8.0.0
Enhanced Multimedia Keyboard Solution
ExpressFiles
F4100
F4100_doccd
F4100_Help
Facebook Plug-In
ffdshow [rev 2527] [2008-12-19]
Free Mp3 Wma Converter V 2.2
FullDPAppQFolder
Google Chrome
Google Earth
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Customer Participation Program 9.0
HP Deskjet All-In-One Software 9.0
HP DigitalMedia Archive
HP DVD Play 2.1
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.5
HP Smart Web Printing
HPPhotoSmartExpress
HpSdpAppCoreApp
HxD Hex Editor version 1.7.7.0
IB Updater Service
ImTOO iPhone Transfer Plus
Incredibar Toolbar on IE
InstantShareDevices
iTunes
Java 7 Update 25
Java Auto Updater
K-Lite Codec Pack 7.6.0 (Basic)
LAME v3.99.3 (for Windows)
LibreOffice 3.5
LibreOffice 3.5 Help Pack (English)
LibUSB-Win32-0.1.10.1
LightScribe System Software 1.14.19.1
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
MediaProSoft Free HD Video Converter 5.2.3
Medieval Total War
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.0 Security Update (KB2742607)
Microsoft .NET Framework 1.0 Security Update (KB2833951)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Away Mode
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft DirectX SDK (June 2010)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
MixPad Audio Mixer
MobileMe Control Panel
MotioninJoy ds3 driver version 0.6.0005
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MusicBee
muvee autoProducer 5.0
muvee autoProducer unPlugged 2.0
NCsoft Launcher
Nero 7 Essentials
neroxml
NetZero For Cosmi
NVIDIA Drivers
OpenAL
OpenXcom 0.9
OptionalContentQFolder
Origin
Paint.NET v3.5.10
Pando Media Booster
PC-Doctor 5 for Windows
PhotoFiltre
PhotoGallery
Portal
Project64 1.6
PSSWCORE
Python 2.2.3
QuickTime
RandMap
RCA Detective™ 2.0.0.99
RCA easyRip 2.2.1.0
Realtek High Definition Audio Driver
Recettear: An Item Shop's Tale - Demo
Safari
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SketchUp 8
SkinsHP1
SlideShow
SlideShowMusic
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
SpecialSavings
Status
Steam
SUPERAntiSpyware
Switch Sound File Converter
System Requirements Lab
The Sims 2 Pets
The Sims 2 University
The Sims Medieval
The Sims Medieval Pirates and Nobles
The Sims™ 2 Bon Voyage
The Sims™ 2 Double Deluxe
The Sims™ 2 Seasons
The Sims™ 3
The Sims™ 3 Master Suite Stuff
The Sims™ 3 Showtime
The Sims™ 3 Supernatural
The Sims™ 3 Town Life Stuff
The Sims™ 3 University Life
Toolbox
TrayApp
UFO:AI 2.3.1
UFO2000 Beta
Ultima 4 - Quest of the Avatar
Unity Web Player
Unload
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VDMSound 2.0.4
Videora iPhone 4 Converter 6
Videora iPod touch Converter 6
VideoToolkit01
Vivitar Experience Image Manager
WavePad Sound Editor
Web Assistant 2.0.0.603
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Winter Voices - Demo
X-COM: Apocalypse
X-COM: Terror from the Deep
X-COM: UFO Defense
YouTube Downloader App 3.00
Zip Motion Block Video codec (Remove Only)
.
==== Event Viewer Messages From Past Week ========
.
8/29/2013 5:57:30 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
8/29/2013 5:55:02 AM, error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The system cannot find the path specified.
.
==== End Of File ===========================

 

[Broni]

Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.

• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

• Unzip downloaded file.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

[the_third_curry]

RogueKiller V8.6.9 [Sep 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : HP_Administrator [Admin rights]
Mode : Remove -- Date : 09/04/2013 23:11:22
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] arservice.exe -- C:\WINDOWS\arservice.exe [-] -> KILLED [TermProc]
[SUSP PATH] arpwrmsg.exe -- C:\WINDOWS\arpwrmsg.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : atapi.sys -> HOOKED ([Address] sfsync02.sys @ 0xBA0E98B4)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
173.192.170.88 drghwaweg45j4i6u3q32fg2h.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3500418AS +++++
--- User ---
[MBR] 54af42b1eaf13fdff2f97ce536483fde
[BSP] 02be4e29c13ca98116e57d99b53da0e6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 467869 Mo
1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 958196925 | Size: 9067 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_09042013_231122.txt >>
RKreport[0]_S_09042013_231050.txt

 

[the_third_curry]

RogueKiller V8.6.9 [Sep 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : HP_Administrator [Admin rights]
Mode : Scan -- Date : 09/04/2013 23:10:50
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] arservice.exe -- C:\WINDOWS\arservice.exe [-] -> KILLED [TermProc]
[SUSP PATH] arpwrmsg.exe -- C:\WINDOWS\arpwrmsg.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : atapi.sys -> HOOKED ([Address] sfsync02.sys @ 0xBA0E98B4)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
173.192.170.88 drghwaweg45j4i6u3q32fg2h.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3500418AS +++++
--- User ---
[MBR] 54af42b1eaf13fdff2f97ce536483fde
[BSP] 02be4e29c13ca98116e57d99b53da0e6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 467869 Mo
1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 958196925 | Size: 9067 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_09042013_231050.txt >>

 

[the_third_curry]

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.004000 GHz
Memory total: 2078781440, free: 747851776

Downloaded database version: v2013.09.04.08
Downloaded database version: v2013.08.06.01
Initializing...
=======================================
------------ Kernel report ------------
09/04/2013 23:16:22
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
viaide.sys
intelide.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
sfsync02.sys
VolSnap.sys
iaStor.sys
atapi.sys
ftsata2.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
bb-run.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
sfhlp02.sys
sfdrv01.sys
Mup.sys
aswVmm.sys
aswRvrt.sys
\SystemRoot\system32\DRIVERS\AmdK8.sys
\SystemRoot\system32\DRIVERS\aracpi.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\System32\Drivers\ElbyCDFL.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\HSXHWBS2.sys
\SystemRoot\system32\DRIVERS\HSX_DP.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvnetbus.sys
\SystemRoot\system32\DRIVERS\NVNRM.SYS
\SystemRoot\system32\DRIVERS\NVSNPU.SYS
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\PS2.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\arkbcfltr.sys
\SystemRoot\system32\DRIVERS\arpolicy.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\libusb0.sys
\SystemRoot\system32\DRIVERS\NVENETFD.sys
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\Drivers\aswRdr.SYS
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\arhidfltr.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\HPZius12.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\armoucfltr.sys
\SystemRoot\system32\DRIVERS\HPZid412.sys
\SystemRoot\system32\DRIVERS\HPZipr12.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR6
Upper Device Object: 0xffffffff89282030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000088\
Lower Device Object: 0xffffffff8a72a2b8
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR5
Upper Device Object: 0xffffffff898deab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000087\
Lower Device Object: 0xffffffff8a3d7ea0
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR4
Upper Device Object: 0xffffffff898de030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000086\
Lower Device Object: 0xffffffff8a3e8ea0
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR3
Upper Device Object: 0xffffffff8929fab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000085\
Lower Device Object: 0xffffffff8a3e5550
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a785ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-5\
Lower Device Object: 0xffffffff8a6fd940
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a785ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a6dea10, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a785ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a6e0490, DeviceName: \Device\00000074\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a6fd940, DeviceName: \Device\Ide\IdeDeviceP2T0L0-5\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: CAB10BEE

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 958196862
Partition file system is NTFS
Partition is bootable

Partition 1 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 958196925 Numsec = 18571140

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff8929fab8, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89ca3750, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8929fab8, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a3e5550, DeviceName: \Device\00000085\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff898de030, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89c6b750, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff898de030, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a3e8ea0, DeviceName: \Device\00000086\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff898deab8, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89caa750, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff898deab8, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a3d7ea0, DeviceName: \Device\00000087\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff89282030, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89c38750, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff89282030, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a72a2b8, DeviceName: \Device\00000088\, DriverName: \Driver\usbstor\
------------ End ----------
Scan finished

 

[the_third_curry]

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org

Database version: v2013.09.04.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
HP_Administrator :: CURRY [administrator]

9/4/2013 11:16:34 PM
mbar-log-2013-09-04 (23-16-34).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 270040
Time elapsed: 37 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

[Broni]

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[the_third_curry]

ComboFix 13-09-04.04 - HP_Administrator 09/05/2013 20:38:35.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1239 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\Computer Programs and Antivirus\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\HP_Administrator\Application Data\CompitlyEngine\CoMPlitlyengine.dll
c:\documents and settings\HP_Administrator\Local Settings\Application Data\assembly\tmp
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Savings Sidekick
c:\documents and settings\HP_Administrator\Recent\ADP iPayStatements Login(2).url
c:\documents and settings\HP_Administrator\Recent\ADP iPayStatements Login(3).url
c:\documents and settings\HP_Administrator\WINDOWS
c:\hp\bin\cloaker.exe
C:\install.exe
c:\program files\Incredibar.com
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe
c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\SET1D.tmp
c:\windows\system32\SET1E.tmp
c:\windows\system32\SETBC.tmp
c:\windows\system32\SETC1.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MOUSEDRIVER
.
.
((((((((((((((((((((((((( Files Created from 2013-08-06 to 2013-09-06 )))))))))))))))))))))))))))))))
.
.
2013-09-05 03:16 . 2013-09-05 03:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-09-05 03:00 . 2013-09-05 03:00 -------- d-----w- c:\windows\system32\wbem\Repository
2013-09-04 01:27 . 2013-09-04 00:10 6583664 ----a-w- c:\program files\Alwil
2013-09-03 01:18 . 2013-09-03 01:18 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-03 01:18 . 2013-09-03 01:18 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-29 09:57 . 2013-08-30 07:48 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-29 09:57 . 2013-08-30 07:48 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-29 09:57 . 2013-08-30 07:48 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-28 20:14 . 2013-05-28 13:05 163328 ----a-w- c:\windows\system32\FlashPlayerUpdateService.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-05 01:41 . 2010-01-06 00:57 90112 ----a-w- c:\windows\DUMP6bf8.tmp
2013-09-02 23:14 . 2010-01-06 00:57 90112 ----a-w- c:\windows\DUMPa2d7.tmp
2013-09-02 15:12 . 2010-01-06 00:57 90112 ----a-w- c:\windows\DUMP6c85.tmp
2013-08-30 07:48 . 2010-07-12 00:20 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-08-30 07:48 . 2010-07-12 00:20 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-08-30 07:48 . 2011-02-24 14:16 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48 . 2010-07-12 00:20 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-08-30 07:48 . 2010-07-12 00:20 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:47 . 2010-07-12 00:19 41664 ----a-w- c:\windows\avastSS.scr
2013-08-30 07:47 . 2010-07-12 00:19 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-08-03 18:18 . 2006-10-19 02:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-07-26 02:47 . 2004-08-10 04:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:47 . 2004-08-10 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-07-26 02:47 . 2004-08-10 04:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-07-25 15:52 . 2004-08-10 04:00 385024 ----a-w- c:\windows\system32\html.iec
2013-07-24 03:42 . 2013-07-24 03:42 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-24 03:41 . 2013-07-24 03:42 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-07-24 03:41 . 2012-08-23 18:12 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-24 03:41 . 2010-08-26 16:14 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-10 10:37 . 2004-08-10 04:00 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 03:03 . 2004-08-10 11:00 2149888 ------w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08 . 2004-08-10 11:00 2028544 ------w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0cc09160-108c-4759-bab1-5c12c216e005}"= "c:\program files\appbario8\prxtbapp2.dll" [2013-04-14 231712]
.
[HKEY_CLASSES_ROOT\clsid\{0cc09160-108c-4759-bab1-5c12c216e005}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{0cc09160-108c-4759-bab1-5c12c216e005}]
2013-04-14 12:35 231712 ----a-w- c:\program files\appbario8\prxtbapp2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
2013-06-30 20:36 170840 ----a-w- c:\program files\Web Assistant\Extension32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{64c54209-175c-454d-9291-ac46d4d952cf}]
2011-03-23 17:33 86696 ----a-w- c:\program files\completebartb\completebarDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{fe618700-e0ee-441e-8b1d-18ce226bb193}]
2011-03-23 17:33 262312 ----a-w- c:\program files\completebartb\auxi\completebarAu.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0cc09160-108c-4759-bab1-5c12c216e005}"= "c:\program files\appbario8\prxtbapp2.dll" [2013-04-14 231712]
.
[HKEY_CLASSES_ROOT\clsid\{0cc09160-108c-4759-bab1-5c12c216e005}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{0CC09160-108C-4759-BAB1-5C12C216E005}"= "c:\program files\appbario8\prxtbapp2.dll" [2013-04-14 231712]
.
[HKEY_CLASSES_ROOT\clsid\{0cc09160-108c-4759-bab1-5c12c216e005}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 121968 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-07-30 4760816]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2013-05-04 3093624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-14 16239616]
"nwiz"="nwiz.exe" [2006-05-09 1519616]
"ftutil2"="ftutil2.dll" [2004-06-07 106496]
"Easy Dock"="c:\documents and settings\HP_Administrator\My Documents\RCA easyRip\EZDock.exe" [2009-05-08 573440]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-16 153136]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"ExpressFiles"="c:\program files\ExpressFiles\ExpressFiles.exe" [2012-03-26 455800]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-15 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
RCA Detective.lnk - c:\documents and settings\HP_Administrator\My Documents\RCA Detective\RCADetective.exe [2011-3-4 942592]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
DFX.lnk - c:\program files\DFX\DFX.exe -startup [2012-4-13 1060776]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\x-com terror from the deep\\runme.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\xcom apocalypse\\dosbox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\recettear - demo\\recettear.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\recettear - demo\\custom.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\winter voices - demo\\WinterVoices Demo.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57856:TCP"= 57856:TCPando Media Booster
"57856:UDP"= 57856:UDPando Media Booster
"58493:TCP"= 58493:TCPando Media Booster
"58493:UDP"= 58493:UDPando Media Booster
"57359:TCP"= 57359:TCPando Media Booster
"57359:UDP"= 57359:UDPando Media Booster
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [8/29/2013 5:57 AM 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [8/29/2013 5:57 AM 177864]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/24/2011 10:16 AM 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/11/2010 8:20 PM 369584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/18/2011 8:02 PM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/11/2010 8:20 PM 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [8/29/2013 5:57 AM 66336]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [5/30/2012 8:12 PM 33792]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-07-30 15:39 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-04 00:25 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-06 c:\windows\Tasks\AdobeFlashPlayerUpdate 2.job
- c:\windows\system32\FlashPlayerUpdateService.exe [2013-08-28 13:05]
.
2013-09-06 c:\windows\Tasks\AdobeFlashPlayerUpdate.job
- c:\windows\system32\FlashPlayerUpdateService.exe [2013-08-28 13:05]
.
2013-08-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2013-09-06 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-05 07:47]
.
2013-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 00:50]
.
2013-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 00:50]
.
2012-10-19 c:\windows\Tasks\mixpadShakeIcon.job
- c:\program files\NCH Software\MixPad\mixpad.exe [2012-02-13 20:16]
.
2013-08-14 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Software\Switch\switch.exe [2012-02-13 20:15]
.
2013-01-29 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2012-02-13 20:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredibar.com/mb178?a=6PQHDBKRGx&I=26
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files\SpecialSavings\SpecialSavingsSinged.dll
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{D704B6FF-34D0-4B5A-82AF-AC302804200C}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1t2189lh.default-1374782686536\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - ExtSQL: 2013-07-23 20:00; {8E9E3331-D360-4f87-8803-52DE43566502}; c:\program files\Web Assistant\Firefox
FF - ExtSQL: 2013-07-25 16:08; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1t2189lh.default-1374782686536\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-PlayNC Launcher - (no file)
HKLM-Run-PCDrProfiler - (no file)
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\BabyLion762134159.lnk - c:\program files\VivaMedia\BabyLion\BabyLion.exe
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\IMVU.lnk - c:\documents and settings\HP_Administrator\Application Data\IMVUClient\IMVUQualityAgent.exe "--startup"
c:\documents and settings\Default User\Start Menu\Programs\Startup\Pin.lnk - c:\hp\bin\CLOAKER.EXE c:\hp\bin\PinToStart.bat
c:\documents and settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk - c:\hp\bin\cloaker.exe c:\hp\bin\PinMcLnkToStart.bat
AddRemove-incredibar - c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
AddRemove-PhotoFiltre - c:\documents and settings\HP_Administrator\Desktop\PhotoFiltre\Uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-05 20:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\TEMP\_avast_\unp228968626.tmp 229912 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-457584821-1354706999-2925213881-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(268)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\libusbd-nt.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ARPWRMSG.EXE
c:\windows\RTHDCPL.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2013-09-05 20:56:12 - machine was rebooted
ComboFix-quarantined-files.txt 2013-09-06 00:55
.
Pre-Run: 17,822,044,160 bytes free
Post-Run: 23,257,726,976 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 3521A5674EA3B0075EA2F291B8D0425E
8F558EB6672622401DA993E1E865C861

 

[Broni]

Looks good.

Is Avast still complaining?

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[the_third_curry]

Yes, Avast is still complaining. Could it be some sort of false positive?

 

[Broni]

Let's wait until we're totally done.

 

[the_third_curry]

# AdwCleaner v3.002 - Report created 06/09/2013 at 11:37:31
# Updated 01/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : HP_Administrator - CURRY
# Running from : C:\Documents and Settings\HP_Administrator\Desktop\Computer Programs and Antivirus\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\FreeRIP
Folder Deleted : C:\Documents and Settings\All Users\Application Data\IBUpdaterService
Folder Deleted : C:\Documents and Settings\All Users\Application Data\pc performer manager
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Program Files\completebartb
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ExpressFiles
Folder Deleted : C:\Program Files\Free Offers from Freeze.com
Folder Deleted : C:\Program Files\FreeRIP3
Folder Deleted : C:\Program Files\SpecialSavings
Folder Deleted : C:\Program Files\Web Assistant
Folder Deleted : C:\Program Files\appbario8
Folder Deleted : C:\WINDOWS\system32\ARFC
Folder Deleted : C:\WINDOWS\system32\jmdp
Folder Deleted : C:\WINDOWS\system32\WNLT
Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\appbario8
Folder Deleted : C:\Documents and Settings\HP_Administrator\IECompatCache
Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\appbario8
Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\BabylonToolbar
Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\completebartb
Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\ExpressFiles
Folder Deleted : C:\Documents and Settings\HP_Administrator\Start Menu\Programs\SpecialSavings
[!] Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk
[!] Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
File Deleted : C:\WINDOWS\system32\ImhxxpComm.dll
File Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1t2189lh.default-1374782686536\bprotector_extensions.sqlite
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\completebartb.xml
File Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\bprotectorpreferences

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [specialsavings@superfish.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\I
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Key Deleted : HKCU\Software\86dadce03de540
Key Deleted : HKLM\SOFTWARE\86dadce03de540
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3227982
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64C54209-175C-454D-9291-AC46D4D952CF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF0118D4-63FF-4138-9327-F3028FB1A578}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE618700-E0EE-441E-8B1D-18CE226BB193}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0CC09160-108C-4759-BAB1-5C12C216E005}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{17FBAC21-3A8E-43BD-AB17-F02E52037EDB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E1EF512D-604D-4776-AF11-410704DA1911}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64C54209-175C-454D-9291-AC46D4D952CF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE618700-E0EE-441E-8B1D-18CE226BB193}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CC09160-108C-4759-BAB1-5C12C216E005}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64C54209-175C-454D-9291-AC46D4D952CF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF0118D4-63FF-4138-9327-F3028FB1A578}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE618700-E0EE-441E-8B1D-18CE226BB193}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0CC09160-108C-4759-BAB1-5C12C216E005}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{17FBAC21-3A8E-43BD-AB17-F02E52037EDB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64C54209-175C-454D-9291-AC46D4D952CF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE618700-E0EE-441E-8B1D-18CE226BB193}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0CC09160-108C-4759-BAB1-5C12C216E005}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{17FBAC21-3A8E-43BD-AB17-F02E52037EDB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D19AB942-E6B9-4B63-A62A-D196D979824F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{012CB5AB-7360-44DA-8D95-BC6C4BA7838E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4A548EDE-BC8E-4F69-93BD-228E1A8A2BFD}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0CC09160-108C-4759-BAB1-5C12C216E005}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0CC09160-108C-4759-BAB1-5C12C216E005}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0CC09160-108C-4759-BAB1-5C12C216E005}]
Key Deleted : HKCU\Software\completebartb
Key Deleted : HKCU\Software\Complitly
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\appbario8
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SpecialSavings
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\ExpressFiles
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\incredibar.com
Key Deleted : HKLM\Software\Web Assistant
Key Deleted : HKLM\Software\WNLT
Key Deleted : HKLM\Software\appbario8
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ExpressFiles
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\completebartb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpecialSavings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\appbario8 Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ExpressFiles
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\completebartb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\incredibar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Savings Sidekick
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SpecialSavings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WNLT
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\appbario8 Toolbar
Product Deleted : Google Update Helper

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1t2189lh.default-1374782686536\prefs.js ]


[ File : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\qx7h9un4.default\prefs.js ]


-\\ Google Chrome v29.0.1547.66

[ File : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [17304 octets] - [06/09/2013 11:34:47]
AdwCleaner[S0].txt - [17617 octets] - [06/09/2013 11:37:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17678 octets] ##########

 

[the_third_curry]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.8 (09.05.2013:1)
OS: Microsoft Windows XP x86
Ran by HP_Administrator on Fri 09/06/2013 at 11:51:41.78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully deleted [Registry Value] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\bProtectTabs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-457584821-1354706999-2925213881-1007\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{51FD6F31-C0A7-440B-FB7E-82A5FFE11EEA}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9CCA2E75-7B36-444D-9BA2-1DC4F27916AA}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\HP_Administrator\Application Data\red kawa"
Successfully deleted: [Folder] "C:\Program Files\red kawa"



~~~ FireFox

Successfully deleted: [File] C:\user.js





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 09/06/2013 at 11:56:50.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[the_third_curry]

OTL logfile created on: 9/6/2013 2:57:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop\Computer Programs and Antivirus
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 68.07% Memory free
3.72 Gb Paging File | 3.20 Gb Available in Paging File | 85.87% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 456.90 Gb Total Space | 25.99 Gb Free Space | 5.69% Space Free | Partition Type: NTFS
Drive D: | 8.84 Gb Total Space | 0.94 Gb Free Space | 10.61% Space Free | Partition Type: FAT32

Computer Name: CURRY | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/05 22:07:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\Computer Programs and Antivirus\OTL.exe
PRC - [2013/08/30 03:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2013/08/30 03:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2013/07/30 10:21:39 | 004,760,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2013/07/23 23:41:59 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/09/19 10:52:51 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2009/01/09 12:40:26 | 000,942,592 | ---- | M] (Audiovox Electronics Corp.) -- C:\Documents and Settings\HP_Administrator\My Documents\RCA Detective\RCADetective.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/04/13 12:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
PRC - [2005/08/03 02:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\system32\libusbd-nt.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/06 11:18:50 | 002,098,176 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\13090601\algo.dll
MOD - [2013/01/02 02:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:52 | 000,498,742 | ---- | M] () -- C:\WINDOWS\system32\dxmasf.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2005/08/03 02:19:16 | 000,050,176 | ---- | M] () -- C:\WINDOWS\armcex.dll


========== Services (SafeList) ==========

SRV - [2013/08/30 03:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/08/17 03:12:52 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/23 23:41:59 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/09/19 10:52:51 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2010/06/15 02:42:04 | 003,608,168 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2005/08/03 02:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\WINDOWS\system32\libusbd-nt.exe -- (libusbd)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2013/08/30 03:48:13 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/08/30 03:48:13 | 000,177,864 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/08/30 03:48:13 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/08/30 03:48:12 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/08/30 03:48:12 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2013/08/30 03:48:12 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/08/30 03:48:11 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/08/30 03:48:11 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2007/02/15 20:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/06/14 14:04:12 | 004,299,264 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2006/03/03 18:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 18:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/12 20:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/12/06 14:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 14:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/08/10 10:06:28 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync02.sys -- (sfsync02)
DRV - [2005/08/10 08:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2005/06/29 20:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ftsata2.sys -- (ftsata2)
DRV - [2005/05/16 09:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2005/03/09 17:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2003/11/05 10:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\bb-run.sys -- (bb-run)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\Facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\HP_Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101772.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Documents and Settings\HP_Administrator\Application Data\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013/09/03 20:12:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/20 17:10:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/18 17:24:07 | 000,000,000 | ---D | M]

[2010/04/18 15:59:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2010/04/18 15:59:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2013/08/23 22:20:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1t2189lh.default-1374782686536\extensions
[2013/07/25 16:05:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\q1tatk42.default-1365552406388\extensions
[2013/07/25 16:05:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\q1tatk42.default-1365552406388\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2013/08/23 22:20:27 | 000,824,302 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1t2189lh.default-1374782686536\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/05/22 21:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\Extensions
[2013/05/20 17:10:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/17 03:12:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.474_0\npbrowserext.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\plugins\np-mswmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\HP_Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Wallet Service = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.9_0\

O1 HOSTS File: ([2013/09/05 20:48:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [Easy Dock] C:\Documents and Settings\HP_Administrator\My Documents\RCA easyRip\EZDock.exe (Audiovox Electronics Corp.)
O4 - HKLM..\Run: [ExpressFiles] "C:\Program Files\ExpressFiles\ExpressFiles.exe" -tray File not found
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DFX.lnk = C:\Program Files\DFX\DFX.exe ()
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\RCA Detective.lnk = C:\Documents and Settings\HP_Administrator\My Documents\RCA Detective\RCADetective.exe (Audiovox Electronics Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D704B6FF-34D0-4B5A-82AF-AC302804200C}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D704B6FF-34D0-4B5A-82AF-AC302804200C}: NameServer = 8.8.8.8,8.8.4.4
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/31 19:30:27 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\Autoexec.bat -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/06 11:51:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/09/06 11:51:17 | 001,028,823 | ---- | C] (Thisisu) -- C:\Documents and Settings\HP_Administrator\Desktop\JRT_NEW.exe
[2013/09/06 11:34:41 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/05 20:33:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/09/05 20:31:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/09/05 20:31:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/09/05 20:31:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/09/05 20:31:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/09/05 20:30:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/09/05 20:30:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/09/04 23:16:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2013/09/04 23:15:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\mbar
[2013/09/04 23:08:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\RK_Quarantine
[2013/09/04 22:29:42 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\dds.com
[2013/09/03 21:27:23 | 006,583,664 | ---- | C] (AVAST Software) -- C:\Program Files\Alwil
[2013/08/29 05:57:58 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/08/22 05:58:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Jacob#803-468-6498
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/06 15:00:00 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\AdobeFlashPlayerUpdate.job
[2013/09/06 14:25:00 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/06 13:37:21 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Word 2007.lnk
[2013/09/06 13:14:23 | 000,000,096 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/09/06 13:05:58 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/09/06 13:05:50 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\AdobeFlashPlayerUpdate 2.job
[2013/09/06 13:05:25 | 000,043,569 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/09/06 13:05:20 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/06 13:05:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/06 13:05:15 | 2078,855,168 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/06 12:42:33 | 005,587,904 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\The Long Arm of Love.mp3
[2013/09/05 23:32:44 | 001,028,823 | ---- | M] (Thisisu) -- C:\Documents and Settings\HP_Administrator\Desktop\JRT_NEW.exe
[2013/09/05 20:52:49 | 000,523,280 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/09/05 20:52:49 | 000,096,870 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/09/05 20:48:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/09/05 20:33:40 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2013/09/04 22:32:25 | 000,006,765 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\attach.zip
[2013/09/04 22:29:44 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\dds.com
[2013/09/03 20:12:31 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/09/03 20:10:41 | 006,583,664 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil
[2013/09/02 19:27:47 | 000,188,416 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/01 19:28:01 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/08/30 13:12:06 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Email.lnk
[2013/08/30 03:48:13 | 000,369,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/08/30 03:48:13 | 000,177,864 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/08/30 03:48:13 | 000,056,080 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/08/30 03:48:12 | 000,770,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/08/30 03:48:12 | 000,049,760 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/08/30 03:48:12 | 000,049,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/08/30 03:48:11 | 000,066,336 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/08/30 03:48:11 | 000,029,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/08/30 03:47:40 | 000,041,664 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/08/30 03:47:32 | 000,229,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/08/29 05:58:04 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
[2013/08/29 05:58:04 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
[2013/08/29 05:58:04 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013/08/27 15:19:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/08/16 09:50:59 | 001,762,774 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Bartagame_fcm.jpg
[2013/08/15 14:33:19 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\default.pls
[2013/08/15 03:17:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/08/14 17:16:52 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\switchShakeIcon.job
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/06 12:42:32 | 005,587,904 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\The Long Arm of Love.mp3
[2013/09/05 20:31:20 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/09/05 20:31:20 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/09/05 20:31:20 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/09/05 20:31:20 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/09/05 20:31:20 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/09/04 22:32:25 | 000,006,765 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\attach.zip
[2013/08/29 05:58:04 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
[2013/08/29 05:58:04 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
[2013/08/29 05:58:04 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013/08/29 05:57:59 | 000,177,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/08/29 05:57:59 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/08/28 14:01:27 | 000,000,300 | ---- | C] () -- C:\WINDOWS\tasks\AdobeFlashPlayerUpdate 2.job
[2013/08/28 14:01:26 | 000,000,300 | ---- | C] () -- C:\WINDOWS\tasks\AdobeFlashPlayerUpdate.job
[2013/08/16 09:50:57 | 001,762,774 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Bartagame_fcm.jpg
[2013/08/14 17:16:52 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\switchShakeIcon.job
[2012/05/30 20:12:59 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys
[2012/02/27 16:26:51 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2012/02/14 19:29:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/07 16:37:55 | 000,002,799 | ---- | C] () -- C:\WINDOWS\SKLANG.INI
[2011/11/03 12:48:44 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011/06/13 09:31:55 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2010/08/07 11:29:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\.NANotifyHere
[2010/01/13 11:09:00 | 000,000,165 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\default.pls
[2010/01/05 22:06:39 | 000,188,416 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/05 19:07:27 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2005/08/30 23:58:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/08/05 22:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2013/05/21 15:36:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2010/07/11 20:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/09/11 13:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Anvisoft
[2011/06/08 17:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2012/05/03 10:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX
[2006/07/31 19:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2010/02/05 12:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2012/05/21 14:50:29 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\DSS
[2011/12/15 19:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2011/12/08 07:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/04/12 17:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ImTOO
[2011/09/18 15:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/01/06 10:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2010/08/02 16:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2013/05/19 17:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Origin
[2013/05/04 17:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2012/08/23 14:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/01/05 20:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2011/07/31 18:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tipard Studio
[2012/02/10 22:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar
[2013/04/10 22:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2011/07/26 18:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2011/07/31 18:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Xilisoft
[2010/12/10 23:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

========== Purity Check ==========



< End of report >

 

[the_third_curry]

OTL Extras logfile created on: 9/6/2013 2:57:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop\Computer Programs and Antivirus
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 68.07% Memory free
3.72 Gb Paging File | 3.20 Gb Available in Paging File | 85.87% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 456.90 Gb Total Space | 25.99 Gb Free Space | 5.69% Space Free | Partition Type: NTFS
Drive D: | 8.84 Gb Total Space | 0.94 Gb Free Space | 10.61% Space Free | Partition Type: FAT32

Computer Name: CURRY | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"57856:TCP" = 57856:TCP:*:Enabledando Media Booster
"57856:UDP" = 57856:UDP:*:Enabledando Media Booster
"58493:TCP" = 58493:TCP:*:Enabledando Media Booster
"58493:UDP" = 58493:UDP:*:Enabledando Media Booster
"57359:TCP" = 57359:TCP:*:Enabledando Media Booster
"57359:UDP" = 57359:UDP:*:Enabledando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"57856:TCP" = 57856:TCP:*:Enabledando Media Booster
"57856:UDP" = 57856:UDP:*:Enabledando Media Booster
"58493:TCP" = 58493:TCP:*:Enabledando Media Booster
"58493:UDP" = 58493:UDP:*:Enabledando Media Booster
"57359:TCP" = 57359:TCP:*:Enabledando Media Booster
"57359:UDP" = 57359:UDP:*:Enabledando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabledando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Steam\steamapps\common\x-com terror from the deep\runme.exe" = C:\Program Files\Steam\steamapps\common\x-com terror from the deep\runme.exe:*:Enabled:X-COM: Terror from the Deep -- ()
"C:\Program Files\Steam\steamapps\common\xcom apocalypse\dosbox.exe" = C:\Program Files\Steam\steamapps\common\xcom apocalypse\dosbox.exe:*:Enabled:X-COM: Apocalypse -- (DOSBox Team)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\Steam\steamapps\common\recettear - demo\recettear.exe" = C:\Program Files\Steam\steamapps\common\recettear - demo\recettear.exe:*:Enabled:Recettear: An Item Shop's Tale - Demo -- (Easygamestation)
"C:\Program Files\Steam\steamapps\common\recettear - demo\custom.exe" = C:\Program Files\Steam\steamapps\common\recettear - demo\custom.exe:*:Enabled:Recettear: An Item Shop's Tale - Demo -- ()
"C:\Program Files\Steam\steamapps\common\winter voices - demo\WinterVoices Demo.exe" = C:\Program Files\Steam\steamapps\common\winter voices - demo\WinterVoices Demo.exe:*:Enabled:Winter Voices - Demo -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabledando Media Booster -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0412CCFF-BFAC-83D8-44FB-3BE60F05FCF8}" = Amazon MP3 Uploader
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{08A25478-C5DD-4EA7-B168-3D687CA987FF}" = The Sims™ 3 Master Suite Stuff
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0CC21836-A5D6-4641-B4AE-6FA01D021E41}" = The Sims Medieval Pirates and Nobles
"{0E8E4718-0702-4D33-B007-5E95849BAB3C}" = LibreOffice 3.5
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{11E568E0-3244-4BCB-875E-F334269DFDCB}" = iTunes
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{14021E77-2FC1-4972-8C51-08808CD62838}_is1" = Leawo MP4 Converter version 4.1.0.1
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = The Sims™ 2 Double Deluxe
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0005
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = The Sims™ 3 Showtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{513148E7-B7A1-48B2-B518-668701E546F5}" = LightScribe System Software 1.14.19.1
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{53CDAAAB-6D41-4A36-BAA4-90261DE31B13}" = NetZero For Cosmi
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}" = muvee autoProducer unPlugged 2.0
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779D8CA1-03DD-4AD4-B21F-3E20BFE7BEDE}" = SketchUp 8
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = The Sims™ 3 Town Life Stuff
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = The Sims Medieval
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8ECBE643-8230-11D5-9D6B-00A024112F81}" = VDMSound 2.0.4
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90B4BD24-B33F-429B-AE16-06E325195D46}" = LibreOffice 3.5 Help Pack (English)
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{95B8C1B9-FAB2-4F2B-976A-D0CE7290B5A1}" = MusicBee
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help
"{A6C265BE-E2C1-483e-843D-6B4C1E912AE0}" = F4100
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = The Sims™ 3 Supernatural
"{B4509BCE-7BAD-4a8c-B1AE-4D0CE7467C42}" = F4100_doccd
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E11BD6A7-5046-4D25-ABCB-386A54F71033}" = Nero 7 Essentials
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}" = The Sims™ 3 University Life
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"{FB4740B3-2530-452D-A825-F7AB246CA7DF}" = muvee autoProducer 5.0
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat Reader 3.01" = Adobe Acrobat Reader 3.01
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"Audacity_is1" = Audacity 2.0
"avast" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"AwayMode160" = Microsoft Away Mode
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"CCleaner" = CCleaner
"Civil War Generals II" = Civil War Generals II
"CloneCD" = CloneCD
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"com.amazon.music.uploader" = Amazon MP3 Uploader
"CompitlyEngine_is1" = CompitlyEngine
"D-Fend Reloaded" = D-Fend Reloaded 0.6.1 (deinstall)
"DFX" = DFX
"Dragonsphere_is1" = Dragonsphere
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0
"ie8" = Windows Internet Explorer 8
"ImTOO iPhone Transfer Plus" = ImTOO iPhone Transfer Plus
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.6.0 (Basic)
"LAME_is1" = LAME v3.99.3 (for Windows)
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Map001" = 001 Game Creator 1.010.009
"MediaProSoft Free HD Video Converter_is1" = MediaProSoft Free HD Video Converter 5.2.3
"Medieval Total War" = Medieval Total War
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010)
"MixPad" = MixPad Audio Mixer
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"OpenXcom" = OpenXcom 0.9
"Origin" = Origin
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"Python 2.2.3" = Python 2.2.3
"RCA Detective™_is1" = RCA Detective™ 2.0.0.99
"RCA easyRip_is1" = RCA easyRip 2.2.1.0
"Steam App 400" = Portal
"Steam App 70410" = Recettear: An Item Shop's Tale - Demo
"Steam App 72910" = Winter Voices - Demo
"Steam App 7650" = X-COM: Terror from the Deep
"Steam App 7660" = X-COM: Apocalypse
"Steam App 7760" = X-COM: UFO Defense
"Switch" = Switch Sound File Converter
"SystemRequirementsLab" = System Requirements Lab
"UFO:Alien Invasion" = UFO:AI 2.3.1
"UFO2000 Beta" = UFO2000 Beta
"Ultima 4 - Quest of the Avatar_is1" = Ultima 4 - Quest of the Avatar
"Videora iPhone 4 Converter" = Videora iPhone 4 Converter 6
"Videora iPod touch Converter" = Videora iPod touch Converter 6
"Vivitar Experience Image Manager" = Vivitar Experience Image Manager
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2b
"WavePad" = WavePad Sound Editor
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YouTube Downloader App" = YouTube Downloader App 3.00
"ZMBV" = Zip Motion Block Video codec (Remove Only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = CopyTrans Suite Remove Only
"EA SPORTS Game Face Browser Plugin" = EA SPORTS Game Face Browser Plugin 1.8.0.0
"Facebook Plug-In" = Facebook Plug-In
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/29/2013 9:58:34 AM | Computer Name = CURRY | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 22.0.0.4917, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/29/2013 11:00:33 AM | Computer Name = CURRY | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 22.0.0.4917, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/29/2013 8:19:06 PM | Computer Name = CURRY | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 22.0.0.4917, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/30/2013 4:00:43 PM | Computer Name = CURRY | Source = Application Error | ID = 1000
Description = Faulting application softwareupdate.exe, version 2.1.3.127, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 8/3/2013 5:09:30 PM | Computer Name = CURRY | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 22.0.0.4917, faulting
module mozalloc.dll, version 22.0.0.4917, fault address 0x00001988.

Error - 8/9/2013 6:52:04 PM | Computer Name = CURRY | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 28.0.1500.95, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/9/2013 6:52:27 PM | Computer Name = CURRY | Source = Application Hang | ID = 1001
Description = Fault bucket -557131772.

Error - 8/15/2013 3:55:47 AM | Computer Name = CURRY | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 8/24/2013 1:38:16 PM | Computer Name = CURRY | Source = Application Error | ID = 1000
Description = Faulting application FlashPlayerUpdateService.exe, version 11.6.602.180,
faulting module FlashPlayerUpdateService.exe, version 11.6.602.180, fault address
0x0000383f.

Error - 8/26/2013 3:10:06 PM | Computer Name = CURRY | Source = Application Hang | ID = 1002
Description = Hanging application iTunes.exe, version 11.0.3.42, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 9/26/2010 5:58:58 PM | Computer Name = CURRY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 105
seconds with 60 seconds of active time. This session ended with a crash.

Error - 10/17/2010 8:42:05 PM | Computer Name = CURRY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 10476 seconds with 4620 seconds of active time. This session ended with
a crash.

Error - 2/6/2011 8:10:39 PM | Computer Name = CURRY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 10225 seconds with 9960 seconds of active time. This session ended with
a crash.

Error - 4/11/2011 7:24:06 PM | Computer Name = CURRY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 7505 seconds with 3720 seconds of active time. This session ended with a
crash.

Error - 6/10/2011 5:22:45 PM | Computer Name = CURRY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 1423 seconds with 1380 seconds of active time. This session ended with a
crash.

Error - 6/16/2011 7:59:37 PM | Computer Name = CURRY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 1447 seconds with 1380 seconds of active time. This session ended with a
crash.

Error - 2/14/2012 6:54:43 PM | Computer Name = CURRY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 10335 seconds with 4080 seconds of active time. This session ended with
a crash.

Error - 5/1/2012 4:55:51 PM | Computer Name = CURRY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 22
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/21/2012 9:53:06 PM | Computer Name = CURRY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 7969
seconds with 4740 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/5/2013 4:05:15 PM | Computer Name = CURRY | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the libusbd service.

Error - 9/5/2013 8:22:27 PM | Computer Name = CURRY | Source = System Error | ID = 1003
Description = Error code 1000000a, parameter1 00000023, parameter2 00000002, parameter3
00000000, parameter4 8050c743.

Error - 9/5/2013 8:48:42 PM | Computer Name = CURRY | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 9/5/2013 9:00:08 PM | Computer Name = CURRY | Source = Service Control Manager | ID = 7000
Description = The Adobe Flash Player Update Service service failed to start due
to the following error: %%3

Error - 9/5/2013 11:01:55 PM | Computer Name = CURRY | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 9/5/2013 11:01:55 PM | Computer Name = CURRY | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 9/6/2013 10:39:10 AM | Computer Name = CURRY | Source = System Error | ID = 1003
Description = Error code 1000000a, parameter1 00000023, parameter2 00000002, parameter3
00000000, parameter4 8050c743.

Error - 9/6/2013 11:00:09 AM | Computer Name = CURRY | Source = Service Control Manager | ID = 7000
Description = The Adobe Flash Player Update Service service failed to start due
to the following error: %%3

Error - 9/6/2013 11:40:54 AM | Computer Name = CURRY | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 9/6/2013 2:00:11 PM | Computer Name = CURRY | Source = Service Control Manager | ID = 7000
Description = The Adobe Flash Player Update Service service failed to start due
to the following error: %%3


< End of report >

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found


:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[the_third_curry]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56475 bytes

User: HP_Administrator
->Temp folder emptied: 8753551 bytes
->Temporary Internet Files folder emptied: 3943481 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 277401092 bytes
->Google Chrome cache emptied: 6182034 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 57437 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 360448 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 148706676 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 425.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: HP_Administrator
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: HP_Administrator
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09062013_203127

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

[Broni]

The above log is incomplete.
Please post complete log.

 

[the_third_curry]

Results of screen317's Security Check version 0.99.73
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java 7 Update 25
Adobe Flash Player 11.8.800.94
Adobe Reader 10.1.7 Adobe Reader out of Date!
Mozilla Firefox (23.0.1)
Google Chrome 29.0.1547.62
Google Chrome 29.0.1547.66
Google Chrome winmm.dll..
````````Process Check: objlist.exe by Laurent````````
HP_Administrator Desktop Computer Programs and Antivirus SecurityCheck.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 26% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````