TechSpot

I'm having issues with a Rootkit

Solved
By the_third_curry
Sep 4, 2013
  1. I have the free version of Avast! installed on my computer and it keeps detecting a rootkit for the file "FlashPlayerUpdateService.exe". The rootkit name is "Win32:Agent-ARRQ [Trj]." Around the same time that Avast! started reporting this rootkit, my computer began to randomly reboot occasionally.

    Also, I'm running Windows XP.
     
  2. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. the_third_curry

    the_third_curry TS Rookie Topic Starter Posts: 22

    Here is the DDS log:

    undefinedDDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
    Run by HP_Administrator at 22:30:10 on 2013-09-04
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1049 [GMT -4:00]
    .
    AV: Malware Defense *Enabled/Outdated* {28e00e3b-806e-4533-925c-f4c3d79514b9}
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: Norton Internet Worm Protection *Disabled*
    .
    ============== Running Processes ================
    .
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\WINDOWS\arservice.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\WINDOWS\system32\libusbd-nt.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    C:\WINDOWS\ARPWRMSG.EXE
    C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\ExpressFiles\ExpressFiles.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Pando Networks\Media Booster\PMB.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Documents and Settings\HP_Administrator\My Documents\RCA Detective\RCADetective.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://mystart.incredibar.com/mb178?a=6PQHDBKRGx&I=26
    uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    uInternet Connection Wizard,ShellNext = iexplore
    mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=c045d1910000000000000018f335bc0e&tlver=1.4.19.19&ss=1&affID=17396
    uURLSearchHooks: appbario8 Toolbar: {0cc09160-108c-4759-bab1-5c12c216e005} - c:\program files\appbario8\prxtbapp2.dll
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
    BHO: HP Print Clips: {053F9267-DC04-4294-A72C-58F732D338C0} - c:\program files\hp\smart web printing\hpswp_framework.dll
    BHO: appbario8 Toolbar: {0cc09160-108c-4759-bab1-5c12c216e005} - c:\program files\appbario8\prxtbapp2.dll
    BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - c:\program files\web assistant\Extension32.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: Complete Bar: {64c54209-175c-454d-9291-ac46d4d952cf} - c:\program files\completebartb\completebarDx.dll
    BHO: SpecialSavings: {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - c:\program files\specialsavings\SpecialSavingsSinged.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Complitly: {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - c:\documents and settings\hp_administrator\application data\compitlyengine\ComplitlyEngine.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    BHO: Updater For Complete Bar: {fe618700-e0ee-441e-8b1d-18ce226bb193} - c:\program files\completebartb\auxi\completebarAu.dll
    TB: appbario8 Toolbar: {0CC09160-108C-4759-BAB1-5C12C216E005} - c:\program files\appbario8\prxtbapp2.dll
    TB: Complete Bar: {64c54209-175c-454d-9291-ac46d4d952cf} - c:\program files\completebartb\completebarDx.dll
    TB: appbario8 Toolbar: {0cc09160-108c-4759-bab1-5c12c216e005} - c:\program files\appbario8\prxtbapp2.dll
    TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [PlayNC Launcher] <no file>
    mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
    mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
    mRun: [PCDrProfiler] <no file>
    StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\babyli~1.lnk - c:\program files\vivamedia\babylion\BabyLion.exe
    StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\imvu.lnk - c:\documents and settings\hp_administrator\application data\imvuclient\IMVUQualityAgent.exe
    StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\rcadet~1.lnk - c:\documents and settings\hp_administrator\my documents\rca detective\RCADetective.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dfx.lnk - c:\program files\dfx\DFX.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:149
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:149
    IE: &Search - <no file>
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
    IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files\specialsavings\SpecialSavingsSinged.dll
    IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\hp_administrator\start menu\programs\imvu\Run IMVU.lnk
    IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DHCPNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
    TCP: Interfaces\{D704B6FF-34D0-4B5A-82AF-AC302804200C} : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{D704B6FF-34D0-4B5A-82AF-AC302804200C} : DHCPNameServer = 209.18.47.61 209.18.47.62
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.66\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    Hosts: 173.192.170.88 drghwaweg45j4i6u3q32fg2h.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\1t2189lh.default-1374782686536\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - plugin: c:\documents and settings\hp_administrator\application data\electronic arts\game face\npGameFacePlugin.dll
    FF - plugin: c:\documents and settings\hp_administrator\application data\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\plugins\np-mswmp.dll
    FF - plugin: c:\documents and settings\hp_administrator\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin101772.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    FF - plugin: c:\windows\system32\npwmsdrm.dll
    FF - ExtSQL: 2013-07-23 20:00; {8E9E3331-D360-4f87-8803-52DE43566502}; c:\program files\web assistant\Firefox
    FF - ExtSQL: 2013-07-25 16:08; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\1t2189lh.default-1374782686536\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-8-29 49376]
    R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-8-29 177864]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-24 770344]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-11 369584]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-7-18 116608]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-11 29816]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-8-29 66336]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-11 46808]
    R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2012-5-30 33792]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== File Associations ===============
    .
    FileExt: .bat: batfile="c:\program files\vdmsound\\VDMSRun.pif" %1 [default=runwithvdms - 'Open' doesn't exist]
    FileExt: .com: comfile="c:\program files\vdmsound\\VDMSRun.pif" %1 [default=runwithvdms - 'Open' doesn't exist]
    FileExt: .exe: exefile="c:\program files\vdmsound\\VDMSRun.pif" %1 [default=runwithvdms - 'Open' doesn't exist]
    ShellExec: switch.exe: Convert with Switch Sound File Converter="c:\program files\nch software\switch\switch" "%L"
    .
    =============== Created Last 30 ================
    .
    2013-09-04 01:27:23 6583664 ----a-w- c:\program files\Alwil
    2013-09-03 01:18:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-09-03 01:18:36 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-08-29 09:57:59 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2013-08-29 09:57:59 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2013-08-29 09:57:58 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2013-08-28 20:14:48 163328 ----a-w- c:\windows\system32\FlashPlayerUpdateService.exe
    .
    ==================== Find3M ====================
    .
    2013-09-05 01:41:09 90112 ----a-w- c:\windows\DUMP6bf8.tmp
    2013-09-02 23:14:31 90112 ----a-w- c:\windows\DUMPa2d7.tmp
    2013-09-02 15:12:54 90112 ----a-w- c:\windows\DUMP6c85.tmp
    2013-08-30 07:48:12 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2013-08-30 07:47:40 41664 ----a-w- c:\windows\avastSS.scr
    2013-08-03 18:18:38 1543680 ------w- c:\windows\system32\wmvdecod.dll
    2013-07-26 02:47:17 920064 ----a-w- c:\windows\system32\wininet.dll
    2013-07-26 02:47:13 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2013-07-26 02:47:12 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2013-07-25 15:52:59 385024 ----a-w- c:\windows\system32\html.iec
    2013-07-24 03:42:02 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-07-24 03:41:57 144896 ----a-w- c:\windows\system32\javacpl.cpl
    2013-07-24 03:41:56 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
    2013-07-24 03:41:56 789416 ----a-w- c:\windows\system32\deployJava1.dll
    2013-07-10 10:37:53 406016 ----a-w- c:\windows\system32\usp10.dll
    2013-07-04 03:03:25 2149888 ------w- c:\windows\system32\ntoskrnl.exe
    2013-07-04 02:08:30 2028544 ------w- c:\windows\system32\ntkrnlpa.exe
    .
    ============= FINISH: 22:31:05.84 ===============
     

    Attached Files:

  4. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    Please observe forum rules.
    All logs have to be pasted not attached.
     
  5. the_third_curry

    the_third_curry TS Rookie Topic Starter Posts: 22

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.09.03.08

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    HP_Administrator :: CURRY [administrator]

    9/4/2013 10:37:49 PM
    mbam-log-2013-09-04 (22-37-49).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 259118
    Time elapsed: 10 minute(s), 6 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  6. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    Please read my previous reply.
     
  7. the_third_curry

    the_third_curry TS Rookie Topic Starter Posts: 22

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/5/2010 6:06:45 PM
    System Uptime: 9/4/2013 10:15:15 PM (0 hours ago)
    .
    Motherboard: ASUSTek Computer INC. | | NODUSM3
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket AM2 | 1803/199mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 457 GiB total, 16.441 GiB free.
    D: is FIXED (FAT32) - 9 GiB total, 0.938 GiB free.
    E: is CDROM ()
    F: is Removable
    H: is Removable
    I: is Removable
    K: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1263: 6/7/2013 3:56:02 AM - System Checkpoint
    RP1264: 6/8/2013 4:02:08 AM - System Checkpoint
    RP1265: 6/9/2013 4:55:20 AM - System Checkpoint
    RP1266: 6/10/2013 5:53:41 AM - System Checkpoint
    RP1267: 6/11/2013 5:55:26 AM - System Checkpoint
    RP1268: 6/12/2013 3:00:36 AM - Software Distribution Service 3.0
    RP1269: 6/13/2013 4:06:44 AM - System Checkpoint
    RP1270: 6/14/2013 4:08:09 AM - System Checkpoint
    RP1271: 6/15/2013 4:34:37 AM - System Checkpoint
    RP1272: 6/16/2013 5:34:41 AM - System Checkpoint
    RP1273: 6/17/2013 5:45:42 AM - System Checkpoint
    RP1274: 6/18/2013 6:41:32 AM - System Checkpoint
    RP1275: 6/19/2013 6:46:02 AM - System Checkpoint
    RP1276: 6/20/2013 7:46:05 AM - System Checkpoint
    RP1277: 6/21/2013 8:46:07 AM - System Checkpoint
    RP1278: 6/22/2013 9:43:50 AM - System Checkpoint
    RP1279: 6/23/2013 9:46:10 AM - System Checkpoint
    RP1280: 6/24/2013 9:49:26 AM - System Checkpoint
    RP1281: 6/25/2013 9:50:40 AM - System Checkpoint
    RP1282: 6/26/2013 9:50:58 AM - System Checkpoint
    RP1283: 6/27/2013 9:56:26 AM - System Checkpoint
    RP1284: 6/28/2013 9:59:13 AM - System Checkpoint
    RP1285: 6/29/2013 10:56:31 AM - System Checkpoint
    RP1286: 6/30/2013 11:56:31 AM - System Checkpoint
    RP1287: 7/1/2013 3:49:23 PM - System Checkpoint
    RP1288: 7/2/2013 10:23:18 PM - System Checkpoint
    RP1289: 7/4/2013 2:03:41 AM - System Checkpoint
    RP1290: 7/5/2013 3:28:37 AM - System Checkpoint
    RP1291: 7/6/2013 4:01:08 AM - System Checkpoint
    RP1292: 7/7/2013 4:19:24 AM - System Checkpoint
    RP1293: 7/8/2013 5:18:44 AM - System Checkpoint
    RP1294: 7/9/2013 6:18:45 AM - System Checkpoint
    RP1295: 7/9/2013 3:13:59 PM - Installed The Sims 3
    RP1296: 7/10/2013 4:34:53 PM - System Checkpoint
    RP1297: 7/11/2013 3:00:24 AM - Software Distribution Service 3.0
    RP1298: 7/12/2013 4:04:54 AM - System Checkpoint
    RP1299: 7/13/2013 4:20:08 AM - System Checkpoint
    RP1300: 7/13/2013 5:15:19 PM - Installed TheSims3EP9
    RP1301: 7/14/2013 3:00:23 AM - Software Distribution Service 3.0
    RP1302: 7/15/2013 3:12:35 AM - System Checkpoint
    RP1303: 7/16/2013 3:37:05 AM - System Checkpoint
    RP1304: 7/17/2013 4:37:07 AM - System Checkpoint
    RP1305: 7/18/2013 5:02:47 AM - System Checkpoint
    RP1306: 7/19/2013 5:07:19 AM - System Checkpoint
    RP1307: 7/20/2013 6:07:23 AM - System Checkpoint
    RP1308: 7/21/2013 7:07:25 AM - System Checkpoint
    RP1309: 7/22/2013 8:07:27 AM - System Checkpoint
    RP1310: 7/23/2013 8:56:44 AM - System Checkpoint
    RP1311: 7/23/2013 11:41:11 PM - Removed Java 7 Update 15
    RP1312: 7/25/2013 12:04:55 AM - System Checkpoint
    RP1313: 7/26/2013 4:17:11 AM - System Checkpoint
    RP1314: 7/27/2013 4:56:52 AM - System Checkpoint
    RP1315: 7/28/2013 5:44:46 AM - System Checkpoint
    RP1316: 7/29/2013 5:49:14 AM - System Checkpoint
    RP1317: 7/30/2013 6:49:16 AM - System Checkpoint
    RP1318: 7/31/2013 12:05:09 PM - System Checkpoint
    RP1319: 8/1/2013 12:23:50 PM - System Checkpoint
    RP1320: 8/2/2013 12:46:27 PM - System Checkpoint
    RP1321: 8/3/2013 1:08:31 PM - System Checkpoint
    RP1322: 8/4/2013 1:28:43 PM - System Checkpoint
    RP1323: 8/5/2013 4:04:49 PM - System Checkpoint
    RP1324: 8/6/2013 10:00:02 PM - System Checkpoint
    RP1325: 8/8/2013 12:51:15 AM - System Checkpoint
    RP1326: 8/9/2013 2:42:49 AM - System Checkpoint
    RP1327: 8/10/2013 3:20:28 AM - System Checkpoint
    RP1328: 8/11/2013 3:52:50 AM - System Checkpoint
    RP1329: 8/12/2013 4:10:37 AM - System Checkpoint
    RP1330: 8/13/2013 4:18:52 AM - System Checkpoint
    RP1331: 8/14/2013 4:56:12 AM - System Checkpoint
    RP1332: 8/15/2013 3:00:41 AM - Software Distribution Service 3.0
    RP1333: 8/16/2013 3:37:07 AM - System Checkpoint
    RP1334: 8/17/2013 3:41:07 AM - System Checkpoint
    RP1335: 8/18/2013 4:18:57 AM - System Checkpoint
    RP1336: 8/19/2013 4:45:02 AM - System Checkpoint
    RP1337: 8/20/2013 4:47:34 AM - System Checkpoint
    RP1338: 8/21/2013 5:37:13 AM - System Checkpoint
    RP1339: 8/22/2013 6:49:35 AM - System Checkpoint
    RP1340: 8/23/2013 7:14:16 AM - System Checkpoint
    RP1341: 8/24/2013 7:30:01 AM - System Checkpoint
    RP1342: 8/25/2013 8:00:45 AM - System Checkpoint
    RP1343: 8/26/2013 10:06:26 AM - System Checkpoint
    RP1344: 8/27/2013 11:29:26 AM - System Checkpoint
    RP1345: 8/28/2013 11:53:42 AM - System Checkpoint
    RP1346: 8/28/2013 3:40:16 PM - Software Distribution Service 3.0
    RP1347: 8/29/2013 4:34:03 PM - System Checkpoint
    RP1348: 8/30/2013 4:43:23 PM - System Checkpoint
    RP1349: 8/31/2013 5:12:43 PM - System Checkpoint
    RP1350: 12/31/2005 11:40:03 PM - System Checkpoint
    RP1351: 9/1/2013 8:15:04 PM - System Checkpoint
    RP1352: 9/2/2013 10:31:34 PM - System Checkpoint
    RP1353: 9/3/2013 11:26:20 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    Leawo MP4 Converter version 4.1.0.1
    001 Game Creator 1.010.009
    32 Bit HP CIO Components Installer
    Adobe Acrobat Reader 3.01
    Adobe AIR
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.7)
    Adobe Shockwave Player 11.5
    AIO_Scan
    Amazon MP3 Downloader 1.0.17
    Amazon MP3 Uploader
    appbario8 Toolbar
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Audacity 2.0
    AutoUpdate
    avast! Free Antivirus
    AviSynth 2.5
    Bandisoft MPEG-1 Decoder
    Bonjour
    BufferChm
    CCleaner
    CDBurnerXP
    Civil War Generals II
    CloneCD
    CompitlyEngine
    Complete Bar
    Copy
    CopyTrans Suite Remove Only
    CP_AtenaShokunin1Config
    CP_CalendarTemplates1
    cp_LightScribeConfig
    cp_OnlineProjectsConfig
    CP_Package_Basic1
    CP_Package_Variety1
    CP_Package_Variety2
    CP_Package_Variety3
    CP_Panorama1Config
    cp_PosterPrintConfig
    cp_UpdateProjectsConfig
    CueTour
    CustomerResearchQFolder
    D-Fend Reloaded 0.6.1 (deinstall)
    Data Fax SoftModem with SmartCP
    Destination Component
    DeviceDiscovery
    DFX
    DivX
    DivxToDVD 0.5.2b
    DJ_AIO_ProductContext
    DJ_AIO_Software
    DJ_AIO_Software_min
    Dragonsphere
    EA SPORTS Game Face Browser Plugin 1.8.0.0
    Enhanced Multimedia Keyboard Solution
    ExpressFiles
    F4100
    F4100_doccd
    F4100_Help
    Facebook Plug-In
    ffdshow [rev 2527] [2008-12-19]
    Free Mp3 Wma Converter V 2.2
    FullDPAppQFolder
    Google Chrome
    Google Earth
    Google Update Helper
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 10 (KB910393)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB2779562)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Boot Optimizer
    HP Customer Participation Program 9.0
    HP Deskjet All-In-One Software 9.0
    HP DigitalMedia Archive
    HP DVD Play 2.1
    HP Imaging Device Functions 9.0
    HP Photosmart Essential 2.01
    HP Photosmart Essential2.01
    HP Photosmart for Media Center PC
    HP Photosmart Premier Software 6.5
    HP Smart Web Printing
    HPPhotoSmartExpress
    HpSdpAppCoreApp
    HxD Hex Editor version 1.7.7.0
    IB Updater Service
    ImTOO iPhone Transfer Plus
    Incredibar Toolbar on IE
    InstantShareDevices
    iTunes
    Java 7 Update 25
    Java Auto Updater
    K-Lite Codec Pack 7.6.0 (Basic)
    LAME v3.99.3 (for Windows)
    LibreOffice 3.5
    LibreOffice 3.5 Help Pack (English)
    LibUSB-Win32-0.1.10.1
    LightScribe System Software 1.14.19.1
    Malwarebytes Anti-Malware version 1.75.0.1300
    MarketResearch
    MediaProSoft Free HD Video Converter 5.2.3
    Medieval Total War
    Microsoft .NET Framework 1.0 Hotfix (KB2572066)
    Microsoft .NET Framework 1.0 Hotfix (KB2604042)
    Microsoft .NET Framework 1.0 Hotfix (KB2656378)
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.0 Security Update (KB2698035)
    Microsoft .NET Framework 1.0 Security Update (KB2742607)
    Microsoft .NET Framework 1.0 Security Update (KB2833951)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2698023)
    Microsoft .NET Framework 1.1 Security Update (KB2833941)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Away Mode
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft DirectX SDK (June 2010)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft WSE 3.0 Runtime
    MixPad Audio Mixer
    MobileMe Control Panel
    MotioninJoy ds3 driver version 0.6.0005
    Mozilla Firefox 23.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MusicBee
    muvee autoProducer 5.0
    muvee autoProducer unPlugged 2.0
    NCsoft Launcher
    Nero 7 Essentials
    neroxml
    NetZero For Cosmi
    NVIDIA Drivers
    OpenAL
    OpenXcom 0.9
    OptionalContentQFolder
    Origin
    Paint.NET v3.5.10
    Pando Media Booster
    PC-Doctor 5 for Windows
    PhotoFiltre
    PhotoGallery
    Portal
    Project64 1.6
    PSSWCORE
    Python 2.2.3
    QuickTime
    RandMap
    RCA Detective™ 2.0.0.99
    RCA easyRip 2.2.1.0
    Realtek High Definition Audio Driver
    Recettear: An Item Shop's Tale - Demo
    Safari
    Scan
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB2761465)
    Security Update for Windows Internet Explorer 8 (KB2792100)
    Security Update for Windows Internet Explorer 8 (KB2797052)
    Security Update for Windows Internet Explorer 8 (KB2799329)
    Security Update for Windows Internet Explorer 8 (KB2809289)
    Security Update for Windows Internet Explorer 8 (KB2817183)
    Security Update for Windows Internet Explorer 8 (KB2829530)
    Security Update for Windows Internet Explorer 8 (KB2838727)
    Security Update for Windows Internet Explorer 8 (KB2846071)
    Security Update for Windows Internet Explorer 8 (KB2847204)
    Security Update for Windows Internet Explorer 8 (KB2862772)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB2834904-v2)
    Security Update for Windows Media Player (KB2834904)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB2753842-v2)
    Security Update for Windows XP (KB2753842)
    Security Update for Windows XP (KB2757638)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2761226)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2778344)
    Security Update for Windows XP (KB2779030)
    Security Update for Windows XP (KB2780091)
    Security Update for Windows XP (KB2799494)
    Security Update for Windows XP (KB2802968)
    Security Update for Windows XP (KB2807986)
    Security Update for Windows XP (KB2808735)
    Security Update for Windows XP (KB2813170)
    Security Update for Windows XP (KB2813345)
    Security Update for Windows XP (KB2820197)
    Security Update for Windows XP (KB2820917)
    Security Update for Windows XP (KB2829361)
    Security Update for Windows XP (KB2834886)
    Security Update for Windows XP (KB2839229)
    Security Update for Windows XP (KB2845187)
    Security Update for Windows XP (KB2849470)
    Security Update for Windows XP (KB2850851)
    Security Update for Windows XP (KB2850869)
    Security Update for Windows XP (KB2859537)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    SketchUp 8
    SkinsHP1
    SlideShow
    SlideShowMusic
    Sonic Express Labeler
    Sonic MyDVD Plus
    Sonic RecordNow Audio
    Sonic RecordNow Copy
    Sonic RecordNow Data
    Sonic Update Manager
    Sonic_PrimoSDK
    SpecialSavings
    Status
    Steam
    SUPERAntiSpyware
    Switch Sound File Converter
    System Requirements Lab
    The Sims 2 Pets
    The Sims 2 University
    The Sims Medieval
    The Sims Medieval Pirates and Nobles
    The Sims™ 2 Bon Voyage
    The Sims™ 2 Double Deluxe
    The Sims™ 2 Seasons
    The Sims™ 3
    The Sims™ 3 Master Suite Stuff
    The Sims™ 3 Showtime
    The Sims™ 3 Supernatural
    The Sims™ 3 Town Life Stuff
    The Sims™ 3 University Life
    Toolbox
    TrayApp
    UFO:AI 2.3.1
    UFO2000 Beta
    Ultima 4 - Quest of the Avatar
    Unity Web Player
    Unload
    UnloadSupport
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB2863058)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB953356)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    VDMSound 2.0.4
    Videora iPhone 4 Converter 6
    Videora iPod touch Converter 6
    VideoToolkit01
    Vivitar Experience Image Manager
    WavePad Sound Editor
    Web Assistant 2.0.0.603
    WebFldrs XP
    WebReg
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Media Center Edition 2005 KB2502898
    Windows XP Media Center Edition 2005 KB2619340
    Windows XP Media Center Edition 2005 KB2628259
    Windows XP Media Center Edition 2005 KB908246
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    Winter Voices - Demo
    X-COM: Apocalypse
    X-COM: Terror from the Deep
    X-COM: UFO Defense
    YouTube Downloader App 3.00
    Zip Motion Block Video codec (Remove Only)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/29/2013 5:57:30 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    8/29/2013 5:55:02 AM, error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The system cannot find the path specified.
    .
    ==== End Of File ===========================
     
  8. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  9. the_third_curry

    the_third_curry TS Rookie Topic Starter Posts: 22

    RogueKiller V8.6.9 [Sep 3 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : HP_Administrator [Admin rights]
    Mode : Remove -- Date : 09/04/2013 23:11:22
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 2 ¤¤¤
    [SUSP PATH] arservice.exe -- C:\WINDOWS\arservice.exe [-] -> KILLED [TermProc]
    [SUSP PATH] arpwrmsg.exe -- C:\WINDOWS\arpwrmsg.exe [-] -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 1 ¤¤¤
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤
    [Address] IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : atapi.sys -> HOOKED ([Address] sfsync02.sys @ 0xBA0E98B4)

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost
    173.192.170.88 drghwaweg45j4i6u3q32fg2h.com


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST3500418AS +++++
    --- User ---
    [MBR] 54af42b1eaf13fdff2f97ce536483fde
    [BSP] 02be4e29c13ca98116e57d99b53da0e6 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 467869 Mo
    1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 958196925 | Size: 9067 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_D_09042013_231122.txt >>
    RKreport[0]_S_09042013_231050.txt
     
  10. the_third_curry

    the_third_curry TS Rookie Topic Starter Posts: 22

    RogueKiller V8.6.9 [Sep 3 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : HP_Administrator [Admin rights]
    Mode : Scan -- Date : 09/04/2013 23:10:50
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 2 ¤¤¤
    [SUSP PATH] arservice.exe -- C:\WINDOWS\arservice.exe [-] -> KILLED [TermProc]
    [SUSP PATH] arpwrmsg.exe -- C:\WINDOWS\arpwrmsg.exe [-] -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 1 ¤¤¤
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤
    [Address] IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : atapi.sys -> HOOKED ([Address] sfsync02.sys @ 0xBA0E98B4)

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost
    173.192.170.88 drghwaweg45j4i6u3q32fg2h.com


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST3500418AS +++++
    --- User ---
    [MBR] 54af42b1eaf13fdff2f97ce536483fde
    [BSP] 02be4e29c13ca98116e57d99b53da0e6 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 467869 Mo
    1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 958196925 | Size: 9067 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_S_09042013_231050.txt >>
     
  11. the_third_curry

    the_third_curry TS Rookie Topic Starter Posts: 22

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1005

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 2.004000 GHz
    Memory total: 2078781440, free: 747851776

    Downloaded database version: v2013.09.04.08
    Downloaded database version: v2013.08.06.01
    Initializing...
    =======================================
    ------------ Kernel report ------------
    09/04/2013 23:16:22
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntkrnlpa.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    ACPI.sys
    \WINDOWS\system32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    ohci1394.sys
    \WINDOWS\system32\DRIVERS\1394BUS.SYS
    pciide.sys
    \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    viaide.sys
    intelide.sys
    MountMgr.sys
    ftdisk.sys
    dmload.sys
    dmio.sys
    PartMgr.sys
    sfsync02.sys
    VolSnap.sys
    iaStor.sys
    atapi.sys
    ftsata2.sys
    \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
    disk.sys
    \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    fltmgr.sys
    sr.sys
    bb-run.sys
    PxHelp20.sys
    KSecDD.sys
    Ntfs.sys
    NDIS.sys
    sfhlp02.sys
    sfdrv01.sys
    Mup.sys
    aswVmm.sys
    aswRvrt.sys
    \SystemRoot\system32\DRIVERS\AmdK8.sys
    \SystemRoot\system32\DRIVERS\aracpi.sys
    \SystemRoot\system32\DRIVERS\nv4_mini.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\system32\DRIVERS\usbohci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\imapi.sys
    \SystemRoot\System32\Drivers\ElbyCDFL.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\redbook.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\nic1394.sys
    \SystemRoot\system32\DRIVERS\HSXHWBS2.sys
    \SystemRoot\system32\DRIVERS\HSX_DP.sys
    \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
    \SystemRoot\System32\Drivers\Modem.SYS
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\nvnetbus.sys
    \SystemRoot\system32\DRIVERS\NVNRM.SYS
    \SystemRoot\system32\DRIVERS\NVSNPU.SYS
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\PS2.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\arkbcfltr.sys
    \SystemRoot\system32\DRIVERS\arpolicy.sys
    \SystemRoot\system32\DRIVERS\audstub.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\psched.sys
    \SystemRoot\system32\DRIVERS\msgpc.sys
    \SystemRoot\system32\DRIVERS\ptilink.sys
    \SystemRoot\system32\DRIVERS\raspti.sys
    \SystemRoot\system32\DRIVERS\rdpdr.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\update.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\drivers\libusb0.sys
    \SystemRoot\system32\DRIVERS\NVENETFD.sys
    \SystemRoot\system32\drivers\RtkHDAud.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \SystemRoot\system32\DRIVERS\tcpip.sys
    \SystemRoot\System32\Drivers\aswTdi.SYS
    \SystemRoot\system32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\System32\Drivers\aswRdr.SYS
    \SystemRoot\system32\DRIVERS\arp1394.sys
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\System32\Drivers\Fips.SYS
    \SystemRoot\System32\Drivers\ElbyCDIO.sys
    \SystemRoot\System32\Drivers\aswSP.SYS
    \SystemRoot\System32\Drivers\aswSnx.SYS
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\Drivers\Fastfat.SYS
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\arhidfltr.sys
    \SystemRoot\system32\DRIVERS\usbscan.sys
    \SystemRoot\system32\DRIVERS\usbprint.sys
    \SystemRoot\system32\DRIVERS\HPZius12.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\armoucfltr.sys
    \SystemRoot\system32\DRIVERS\HPZid412.sys
    \SystemRoot\system32\DRIVERS\HPZipr12.sys
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\nv4_disp.dll
    \SystemRoot\System32\ATMFD.DLL
    \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys
    \SystemRoot\System32\Drivers\aswFsBlk.SYS
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\system32\DRIVERS\mrxdav.sys
    \SystemRoot\System32\Drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    \SystemRoot\System32\Drivers\Cdfs.SYS
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
    \WINDOWS\system32\ntdll.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk4\DR6
    Upper Device Object: 0xffffffff89282030
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000088\
    Lower Device Object: 0xffffffff8a72a2b8
    Lower Device Driver Name: \Driver\usbstor\
    <<<1>>>
    Upper Device Name: \Device\Harddisk3\DR5
    Upper Device Object: 0xffffffff898deab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000087\
    Lower Device Object: 0xffffffff8a3d7ea0
    Lower Device Driver Name: \Driver\usbstor\
    <<<1>>>
    Upper Device Name: \Device\Harddisk2\DR4
    Upper Device Object: 0xffffffff898de030
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000086\
    Lower Device Object: 0xffffffff8a3e8ea0
    Lower Device Driver Name: \Driver\usbstor\
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR3
    Upper Device Object: 0xffffffff8929fab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000085\
    Lower Device Object: 0xffffffff8a3e5550
    Lower Device Driver Name: \Driver\usbstor\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff8a785ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-5\
    Lower Device Object: 0xffffffff8a6fd940
    Lower Device Driver Name: \Driver\atapi\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff8a785ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8a6dea10, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8a785ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8a6e0490, DeviceName: \Device\00000074\, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff8a6fd940, DeviceName: \Device\Ide\IdeDeviceP2T0L0-5\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: CAB10BEE

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 958196862
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 958196925 Numsec = 18571140

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...
    Done!
    Physical Sector Size: 0
    Drive: 1, DevicePointer: 0xffffffff8929fab8, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff89ca3750, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8929fab8, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8a3e5550, DeviceName: \Device\00000085\, DriverName: \Driver\usbstor\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 2, DevicePointer: 0xffffffff898de030, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff89c6b750, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff898de030, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8a3e8ea0, DeviceName: \Device\00000086\, DriverName: \Driver\usbstor\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 3, DevicePointer: 0xffffffff898deab8, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff89caa750, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff898deab8, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8a3d7ea0, DeviceName: \Device\00000087\, DriverName: \Driver\usbstor\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 4, DevicePointer: 0xffffffff89282030, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff89c38750, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff89282030, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8a72a2b8, DeviceName: \Device\00000088\, DriverName: \Driver\usbstor\
    ------------ End ----------
    Scan finished
     
     
  12. the_third_curry

    the_third_curry TS Rookie Topic Starter Posts: 22

    Malwarebytes Anti-Rootkit BETA 1.07.0.1005
    www.malwarebytes.org

    Database version: v2013.09.04.08

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    HP_Administrator :: CURRY [administrator]

    9/4/2013 11:16:34 PM
    mbar-log-2013-09-04 (23-16-34).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 270040
    Time elapsed: 37 minute(s), 19 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)
     
  13. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    [​IMG] Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    [​IMG] Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  14. the_third_curry

    the_third_curry TS Rookie Topic Starter Posts: 22

    ComboFix 13-09-04.04 - HP_Administrator 09/05/2013 20:38:35.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1239 [GMT -4:00]
    Running from: c:\documents and settings\HP_Administrator\Desktop\Computer Programs and Antivirus\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
    .
    ADS - WINDOWS: deleted 24 bytes in 1 streams.
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator\WINDOWS
    c:\documents and settings\Default User\WINDOWS
    c:\documents and settings\HP_Administrator\Application Data\CompitlyEngine\CoMPlitlyengine.dll
    c:\documents and settings\HP_Administrator\Local Settings\Application Data\assembly\tmp
    c:\documents and settings\HP_Administrator\Local Settings\Application Data\Savings Sidekick
    c:\documents and settings\HP_Administrator\Recent\ADP iPayStatements Login(2).url
    c:\documents and settings\HP_Administrator\Recent\ADP iPayStatements Login(3).url
    c:\documents and settings\HP_Administrator\WINDOWS
    c:\hp\bin\cloaker.exe
    C:\install.exe
    c:\program files\Incredibar.com
    c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll
    c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll
    c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe
    c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
    c:\program files\Search Toolbar
    c:\program files\Search Toolbar\icon.ico
    c:\program files\Search Toolbar\SearchToolbarUninstall.exe
    c:\program files\Search Toolbar\SearchToolbarUpdater.exe
    c:\windows\system32\config\systemprofile\WINDOWS
    c:\windows\system32\SET1D.tmp
    c:\windows\system32\SET1E.tmp
    c:\windows\system32\SETBC.tmp
    c:\windows\system32\SETC1.tmp
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_MOUSEDRIVER
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-08-06 to 2013-09-06 )))))))))))))))))))))))))))))))
    .
    .
    2013-09-05 03:16 . 2013-09-05 03:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
    2013-09-05 03:00 . 2013-09-05 03:00 -------- d-----w- c:\windows\system32\wbem\Repository
    2013-09-04 01:27 . 2013-09-04 00:10 6583664 ----a-w- c:\program files\Alwil
    2013-09-03 01:18 . 2013-09-03 01:18 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-09-03 01:18 . 2013-09-03 01:18 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-08-29 09:57 . 2013-08-30 07:48 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2013-08-29 09:57 . 2013-08-30 07:48 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2013-08-29 09:57 . 2013-08-30 07:48 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2013-08-28 20:14 . 2013-05-28 13:05 163328 ----a-w- c:\windows\system32\FlashPlayerUpdateService.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-09-05 01:41 . 2010-01-06 00:57 90112 ----a-w- c:\windows\DUMP6bf8.tmp
    2013-09-02 23:14 . 2010-01-06 00:57 90112 ----a-w- c:\windows\DUMPa2d7.tmp
    2013-09-02 15:12 . 2010-01-06 00:57 90112 ----a-w- c:\windows\DUMP6c85.tmp
    2013-08-30 07:48 . 2010-07-12 00:20 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2013-08-30 07:48 . 2010-07-12 00:20 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2013-08-30 07:48 . 2011-02-24 14:16 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2013-08-30 07:48 . 2010-07-12 00:20 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2013-08-30 07:48 . 2010-07-12 00:20 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2013-08-30 07:47 . 2010-07-12 00:19 41664 ----a-w- c:\windows\avastSS.scr
    2013-08-30 07:47 . 2010-07-12 00:19 229648 ----a-w- c:\windows\system32\aswBoot.exe
    2013-08-03 18:18 . 2006-10-19 02:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
    2013-07-26 02:47 . 2004-08-10 04:00 920064 ----a-w- c:\windows\system32\wininet.dll
    2013-07-26 02:47 . 2004-08-10 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2013-07-26 02:47 . 2004-08-10 04:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2013-07-25 15:52 . 2004-08-10 04:00 385024 ----a-w- c:\windows\system32\html.iec
    2013-07-24 03:42 . 2013-07-24 03:42 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-07-24 03:41 . 2013-07-24 03:42 144896 ----a-w- c:\windows\system32\javacpl.cpl
    2013-07-24 03:41 . 2012-08-23 18:12 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
    2013-07-24 03:41 . 2010-08-26 16:14 789416 ----a-w- c:\windows\system32\deployJava1.dll
    2013-07-10 10:37 . 2004-08-10 04:00 406016 ----a-w- c:\windows\system32\usp10.dll
    2013-07-04 03:03 . 2004-08-10 11:00 2149888 ------w- c:\windows\system32\ntoskrnl.exe
    2013-07-04 02:08 . 2004-08-10 11:00 2028544 ------w- c:\windows\system32\ntkrnlpa.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{0cc09160-108c-4759-bab1-5c12c216e005}"= "c:\program files\appbario8\prxtbapp2.dll" [2013-04-14 231712]
    .
    [HKEY_CLASSES_ROOT\clsid\{0cc09160-108c-4759-bab1-5c12c216e005}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{0cc09160-108c-4759-bab1-5c12c216e005}]
    2013-04-14 12:35 231712 ----a-w- c:\program files\appbario8\prxtbapp2.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
    2013-06-30 20:36 170840 ----a-w- c:\program files\Web Assistant\Extension32.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{64c54209-175c-454d-9291-ac46d4d952cf}]
    2011-03-23 17:33 86696 ----a-w- c:\program files\completebartb\completebarDx.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{fe618700-e0ee-441e-8b1d-18ce226bb193}]
    2011-03-23 17:33 262312 ----a-w- c:\program files\completebartb\auxi\completebarAu.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{0cc09160-108c-4759-bab1-5c12c216e005}"= "c:\program files\appbario8\prxtbapp2.dll" [2013-04-14 231712]
    .
    [HKEY_CLASSES_ROOT\clsid\{0cc09160-108c-4759-bab1-5c12c216e005}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{0CC09160-108C-4759-BAB1-5C12C216E005}"= "c:\program files\appbario8\prxtbapp2.dll" [2013-04-14 231712]
    .
    [HKEY_CLASSES_ROOT\clsid\{0cc09160-108c-4759-bab1-5c12c216e005}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2013-08-30 07:47 121968 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-07-30 4760816]
    "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2013-05-04 3093624]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
    "DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
    "RTHDCPL"="RTHDCPL.EXE" [2006-06-14 16239616]
    "nwiz"="nwiz.exe" [2006-05-09 1519616]
    "ftutil2"="ftutil2.dll" [2004-06-07 106496]
    "Easy Dock"="c:\documents and settings\HP_Administrator\My Documents\RCA easyRip\EZDock.exe" [2009-05-08 573440]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-16 153136]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
    "CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
    "ExpressFiles"="c:\program files\ExpressFiles\ExpressFiles.exe" [2012-03-26 455800]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-15 152392]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
    .
    c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
    RCA Detective.lnk - c:\documents and settings\HP_Administrator\My Documents\RCA Detective\RCADetective.exe [2011-3-4 942592]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    DFX.lnk - c:\program files\DFX\DFX.exe -startup [2012-4-13 1060776]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\x-com terror from the deep\\runme.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\xcom apocalypse\\dosbox.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\recettear - demo\\recettear.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\recettear - demo\\custom.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\winter voices - demo\\WinterVoices Demo.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "57856:TCP"= 57856:TCP:pando Media Booster
    "57856:UDP"= 57856:UDP:pando Media Booster
    "58493:TCP"= 58493:TCP:pando Media Booster
    "58493:UDP"= 58493:UDP:pando Media Booster
    "57359:TCP"= 57359:TCP:pando Media Booster
    "57359:UDP"= 57359:UDP:pando Media Booster
    .
    R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [8/29/2013 5:57 AM 49376]
    R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [8/29/2013 5:57 AM 177864]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/24/2011 10:16 AM 770344]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/11/2010 8:20 PM 369584]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/18/2011 8:02 PM 116608]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/11/2010 8:20 PM 29816]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [8/29/2013 5:57 AM 66336]
    R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [5/30/2012 8:12 PM 33792]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-07-30 15:39 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-09-04 00:25 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-09-06 c:\windows\Tasks\AdobeFlashPlayerUpdate 2.job
    - c:\windows\system32\FlashPlayerUpdateService.exe [2013-08-28 13:05]
    .
    2013-09-06 c:\windows\Tasks\AdobeFlashPlayerUpdate.job
    - c:\windows\system32\FlashPlayerUpdateService.exe [2013-08-28 13:05]
    .
    2013-08-27 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
    .
    2013-09-06 c:\windows\Tasks\avast! Emergency Update.job
    - c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-05 07:47]
    .
    2013-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 00:50]
    .
    2013-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 00:50]
    .
    2012-10-19 c:\windows\Tasks\mixpadShakeIcon.job
    - c:\program files\NCH Software\MixPad\mixpad.exe [2012-02-13 20:16]
    .
    2013-08-14 c:\windows\Tasks\switchShakeIcon.job
    - c:\program files\NCH Software\Switch\switch.exe [2012-02-13 20:15]
    .
    2013-01-29 c:\windows\Tasks\wavepadShakeIcon.job
    - c:\program files\NCH Software\WavePad\wavepad.exe [2012-02-13 20:16]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://mystart.incredibar.com/mb178?a=6PQHDBKRGx&I=26
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
    IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files\SpecialSavings\SpecialSavingsSinged.dll
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{D704B6FF-34D0-4B5A-82AF-AC302804200C}: NameServer = 8.8.8.8,8.8.4.4
    FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1t2189lh.default-1374782686536\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - ExtSQL: 2013-07-23 20:00; {8E9E3331-D360-4f87-8803-52DE43566502}; c:\program files\Web Assistant\Firefox
    FF - ExtSQL: 2013-07-25 16:08; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1t2189lh.default-1374782686536\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-PlayNC Launcher - (no file)
    HKLM-Run-PCDrProfiler - (no file)
    c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\BabyLion762134159.lnk - c:\program files\VivaMedia\BabyLion\BabyLion.exe
    c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\IMVU.lnk - c:\documents and settings\HP_Administrator\Application Data\IMVUClient\IMVUQualityAgent.exe "--startup"
    c:\documents and settings\Default User\Start Menu\Programs\Startup\Pin.lnk - c:\hp\bin\CLOAKER.EXE c:\hp\bin\PinToStart.bat
    c:\documents and settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk - c:\hp\bin\cloaker.exe c:\hp\bin\PinMcLnkToStart.bat
    AddRemove-incredibar - c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
    AddRemove-PhotoFiltre - c:\documents and settings\HP_Administrator\Desktop\PhotoFiltre\Uninst.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-09-05 20:49
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    .
    c:\windows\TEMP\_avast_\unp228968626.tmp 229912 bytes
    .
    scan completed successfully
    hidden files: 1
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-457584821-1354706999-2925213881-1007\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(268)
    c:\windows\system32\WININET.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\arservice.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\Java\jre7\bin\jqs.exe
    c:\windows\system32\libusbd-nt.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\windows\system32\dllhost.exe
    c:\windows\ARPWRMSG.EXE
    c:\windows\RTHDCPL.EXE
    c:\windows\eHome\ehmsas.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    .
    **************************************************************************
    .
    Completion time: 2013-09-05 20:56:12 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-09-06 00:55
    .
    Pre-Run: 17,822,044,160 bytes free
    Post-Run: 23,257,726,976 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - 3521A5674EA3B0075EA2F291B8D0425E
    8F558EB6672622401DA993E1E865C861
     
  15. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    Looks good.

    Is Avast still complaining?

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  16. the_third_curry

    the_third_curry TS Rookie Topic Starter Posts: 22

    Yes, Avast is still complaining. Could it be some sort of false positive?
     
  17. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    Let's wait until we're totally done.
     
  18. the_third_curry

    the_third_curry TS Rookie Topic Starter Posts: 22

    # AdwCleaner v3.002 - Report created 06/09/2013 at 11:37:31
    # Updated 01/09/2013 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : HP_Administrator - CURRY
    # Running from : C:\Documents and Settings\HP_Administrator\Desktop\Computer Programs and Antivirus\adwcleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Documents and Settings\All Users\Application Data\FreeRIP
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\IBUpdaterService
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\pc performer manager
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
    Folder Deleted : C:\Program Files\completebartb
    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\Program Files\ExpressFiles
    Folder Deleted : C:\Program Files\Free Offers from Freeze.com
    Folder Deleted : C:\Program Files\FreeRIP3
    Folder Deleted : C:\Program Files\SpecialSavings
    Folder Deleted : C:\Program Files\Web Assistant
    Folder Deleted : C:\Program Files\appbario8
    Folder Deleted : C:\WINDOWS\system32\ARFC
    Folder Deleted : C:\WINDOWS\system32\jmdp
    Folder Deleted : C:\WINDOWS\system32\WNLT
    Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\appbario8
    Folder Deleted : C:\Documents and Settings\HP_Administrator\IECompatCache
    Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Conduit
    Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\PackageAware
    Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\appbario8
    Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\BabylonToolbar
    Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\completebartb
    Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\ExpressFiles
    Folder Deleted : C:\Documents and Settings\HP_Administrator\Start Menu\Programs\SpecialSavings
    [!] Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk
    [!] Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    File Deleted : C:\WINDOWS\system32\ImhxxpComm.dll
    File Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1t2189lh.default-1374782686536\bprotector_extensions.sqlite
    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\completebartb.xml
    File Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\bProtector Web Data
    File Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\bprotectorpreferences

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]
    Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [specialsavings@superfish.com]
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
    Key Deleted : HKCU\Toolbar
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
    Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
    Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
    Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
    Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
    Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
    Key Deleted : HKLM\SOFTWARE\Classes\I
    Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
    Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
    Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
    Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
    Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
    Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
    Key Deleted : HKCU\Software\86dadce03de540
    Key Deleted : HKLM\SOFTWARE\86dadce03de540
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3227982
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64C54209-175C-454D-9291-AC46D4D952CF}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF0118D4-63FF-4138-9327-F3028FB1A578}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE618700-E0EE-441E-8B1D-18CE226BB193}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0CC09160-108C-4759-BAB1-5C12C216E005}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{17FBAC21-3A8E-43BD-AB17-F02E52037EDB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E1EF512D-604D-4776-AF11-410704DA1911}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64C54209-175C-454D-9291-AC46D4D952CF}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE618700-E0EE-441E-8B1D-18CE226BB193}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CC09160-108C-4759-BAB1-5C12C216E005}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64C54209-175C-454D-9291-AC46D4D952CF}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF0118D4-63FF-4138-9327-F3028FB1A578}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE618700-E0EE-441E-8B1D-18CE226BB193}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0CC09160-108C-4759-BAB1-5C12C216E005}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{17FBAC21-3A8E-43BD-AB17-F02E52037EDB}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64C54209-175C-454D-9291-AC46D4D952CF}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE618700-E0EE-441E-8B1D-18CE226BB193}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0CC09160-108C-4759-BAB1-5C12C216E005}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{17FBAC21-3A8E-43BD-AB17-F02E52037EDB}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D19AB942-E6B9-4B63-A62A-D196D979824F}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{012CB5AB-7360-44DA-8D95-BC6C4BA7838E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4A548EDE-BC8E-4F69-93BD-228E1A8A2BFD}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0CC09160-108C-4759-BAB1-5C12C216E005}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0CC09160-108C-4759-BAB1-5C12C216E005}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0CC09160-108C-4759-BAB1-5C12C216E005}]
    Key Deleted : HKCU\Software\completebartb
    Key Deleted : HKCU\Software\Complitly
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\ExpressFiles
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\ImInstaller
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\WNLT
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKCU\Software\appbario8
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\SpecialSavings
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\ExpressFiles
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\Software\incredibar.com
    Key Deleted : HKLM\Software\Web Assistant
    Key Deleted : HKLM\Software\WNLT
    Key Deleted : HKLM\Software\appbario8
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ExpressFiles
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\completebartb
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpecialSavings
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\appbario8 Toolbar
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ExpressFiles
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\completebartb
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\incredibar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Savings Sidekick
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SpecialSavings
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WNLT
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\appbario8 Toolbar
    Product Deleted : Google Update Helper

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702

    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

    -\\ Mozilla Firefox v23.0.1 (en-US)

    [ File : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1t2189lh.default-1374782686536\prefs.js ]


    [ File : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\qx7h9un4.default\prefs.js ]


    -\\ Google Chrome v29.0.1547.66

    [ File : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [17304 octets] - [06/09/2013 11:34:47]
    AdwCleaner[S0].txt - [17617 octets] - [06/09/2013 11:37:31]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17678 octets] ##########
     
  19. the_third_curry

    the_third_curry TS Rookie Topic Starter Posts: 22

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 5.5.8 (09.05.2013:1)
    OS: Microsoft Windows XP x86
    Ran by HP_Administrator on Fri 09/06/2013 at 11:51:41.78
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully deleted [Registry Value] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\bProtectTabs



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-457584821-1354706999-2925213881-1007\Software\SweetIM
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{51FD6F31-C0A7-440B-FB7E-82A5FFE11EEA}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9CCA2E75-7B36-444D-9BA2-1DC4F27916AA}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Documents and Settings\HP_Administrator\Application Data\red kawa"
    Successfully deleted: [Folder] "C:\Program Files\red kawa"



    ~~~ FireFox

    Successfully deleted: [File] C:\user.js





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Fri 09/06/2013 at 11:56:50.20
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  20. the_third_curry

    the_third_curry TS Rookie Topic Starter Posts: 22

    OTL logfile created on: 9/6/2013 2:57:49 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop\Computer Programs and Antivirus
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.94 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 68.07% Memory free
    3.72 Gb Paging File | 3.20 Gb Available in Paging File | 85.87% Paging File free
    Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 456.90 Gb Total Space | 25.99 Gb Free Space | 5.69% Space Free | Partition Type: NTFS
    Drive D: | 8.84 Gb Total Space | 0.94 Gb Free Space | 10.61% Space Free | Partition Type: FAT32

    Computer Name: CURRY | User Name: HP_Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/09/05 22:07:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\Computer Programs and Antivirus\OTL.exe
    PRC - [2013/08/30 03:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2013/08/30 03:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2013/07/30 10:21:39 | 004,760,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    PRC - [2013/07/23 23:41:59 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2012/09/19 10:52:51 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    PRC - [2009/01/09 12:40:26 | 000,942,592 | ---- | M] (Audiovox Electronics Corp.) -- C:\Documents and Settings\HP_Administrator\My Documents\RCA Detective\RCADetective.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/04/13 12:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
    PRC - [2005/08/03 02:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
    PRC - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\system32\libusbd-nt.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/09/06 11:18:50 | 002,098,176 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\13090601\algo.dll
    MOD - [2013/01/02 02:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
    MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2008/04/13 20:11:52 | 000,498,742 | ---- | M] () -- C:\WINDOWS\system32\dxmasf.dll
    MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
    MOD - [2005/08/03 02:19:16 | 000,050,176 | ---- | M] () -- C:\WINDOWS\armcex.dll


    ========== Services (SafeList) ==========

    SRV - [2013/08/30 03:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2013/08/17 03:12:52 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/07/23 23:41:59 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2012/09/19 10:52:51 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
    SRV - [2010/06/15 02:42:04 | 003,608,168 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
    SRV - [2005/08/03 02:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
    SRV - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\WINDOWS\system32\libusbd-nt.exe -- (libusbd)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2013/08/30 03:48:13 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2013/08/30 03:48:13 | 000,177,864 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
    DRV - [2013/08/30 03:48:13 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2013/08/30 03:48:12 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2013/08/30 03:48:12 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2013/08/30 03:48:12 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
    DRV - [2013/08/30 03:48:11 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2013/08/30 03:48:11 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2007/02/15 20:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
    DRV - [2006/06/14 14:04:12 | 004,299,264 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
    DRV - [2006/03/03 18:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2006/03/03 18:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2005/12/12 20:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
    DRV - [2005/12/06 14:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
    DRV - [2005/12/06 14:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
    DRV - [2005/08/10 10:06:28 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync02.sys -- (sfsync02)
    DRV - [2005/08/10 08:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01)
    DRV - [2005/06/29 20:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ftsata2.sys -- (ftsata2)
    DRV - [2005/05/16 09:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02)
    DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
    DRV - [2005/03/09 17:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
    DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
    DRV - [2003/11/05 10:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\bb-run.sys -- (bb-run)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.com"
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\Facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\HP_Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101772.dll (Amazon.com, Inc.)
    FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Documents and Settings\HP_Administrator\Application Data\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013/09/03 20:12:29 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/20 17:10:50 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/18 17:24:07 | 000,000,000 | ---D | M]

    [2010/04/18 15:59:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
    [2010/04/18 15:59:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
    [2013/08/23 22:20:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1t2189lh.default-1374782686536\extensions
    [2013/07/25 16:05:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\q1tatk42.default-1365552406388\extensions
    [2013/07/25 16:05:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\q1tatk42.default-1365552406388\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2013/08/23 22:20:27 | 000,824,302 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1t2189lh.default-1374782686536\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2013/05/22 21:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\Extensions
    [2013/05/20 17:10:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2013/08/17 03:12:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll
    CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.474_0\npbrowserext.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\plugins\np-mswmp.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\HP_Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll
    CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
    CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: Google Wallet Service = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.9_0\

    O1 HOSTS File: ([2013/09/05 20:48:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
    O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
    O4 - HKLM..\Run: [Easy Dock] C:\Documents and Settings\HP_Administrator\My Documents\RCA easyRip\EZDock.exe (Audiovox Electronics Corp.)
    O4 - HKLM..\Run: [ExpressFiles] "C:\Program Files\ExpressFiles\ExpressFiles.exe" -tray File not found
    O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
    O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
    O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
    O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DFX.lnk = C:\Program Files\DFX\DFX.exe ()
    O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\RCA Detective.lnk = C:\Documents and Settings\HP_Administrator\My Documents\RCA Detective\RCADetective.exe (Audiovox Electronics Corp.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
    O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
    O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
    O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
    O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D704B6FF-34D0-4B5A-82AF-AC302804200C}: DhcpNameServer = 209.18.47.61 209.18.47.62
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D704B6FF-34D0-4B5A-82AF-AC302804200C}: NameServer = 8.8.8.8,8.8.4.4
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/07/31 19:30:27 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\Autoexec.bat -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/09/06 11:51:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
    [2013/09/06 11:51:17 | 001,028,823 | ---- | C] (Thisisu) -- C:\Documents and Settings\HP_Administrator\Desktop\JRT_NEW.exe
    [2013/09/06 11:34:41 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2013/09/05 20:33:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2013/09/05 20:31:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2013/09/05 20:31:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2013/09/05 20:31:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2013/09/05 20:31:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2013/09/05 20:30:58 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/09/05 20:30:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
    [2013/09/04 23:16:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
    [2013/09/04 23:15:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\mbar
    [2013/09/04 23:08:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\RK_Quarantine
    [2013/09/04 22:29:42 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\dds.com
    [2013/09/03 21:27:23 | 006,583,664 | ---- | C] (AVAST Software) -- C:\Program Files\Alwil
    [2013/08/29 05:57:58 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
    [2013/08/22 05:58:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Jacob#803-468-6498
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/09/06 15:00:00 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\AdobeFlashPlayerUpdate.job
    [2013/09/06 14:25:00 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/09/06 13:37:21 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Word 2007.lnk
    [2013/09/06 13:14:23 | 000,000,096 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2013/09/06 13:05:58 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2013/09/06 13:05:50 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\AdobeFlashPlayerUpdate 2.job
    [2013/09/06 13:05:25 | 000,043,569 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2013/09/06 13:05:20 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/09/06 13:05:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/09/06 13:05:15 | 2078,855,168 | -HS- | M] () -- C:\hiberfil.sys
    [2013/09/06 12:42:33 | 005,587,904 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\The Long Arm of Love.mp3
    [2013/09/05 23:32:44 | 001,028,823 | ---- | M] (Thisisu) -- C:\Documents and Settings\HP_Administrator\Desktop\JRT_NEW.exe
    [2013/09/05 20:52:49 | 000,523,280 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/09/05 20:52:49 | 000,096,870 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/09/05 20:48:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2013/09/05 20:33:40 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2013/09/04 22:32:25 | 000,006,765 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\attach.zip
    [2013/09/04 22:29:44 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\dds.com
    [2013/09/03 20:12:31 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2013/09/03 20:10:41 | 006,583,664 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil
    [2013/09/02 19:27:47 | 000,188,416 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/09/01 19:28:01 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/08/30 13:12:06 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Email.lnk
    [2013/08/30 03:48:13 | 000,369,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2013/08/30 03:48:13 | 000,177,864 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
    [2013/08/30 03:48:13 | 000,056,080 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2013/08/30 03:48:12 | 000,770,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2013/08/30 03:48:12 | 000,049,760 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2013/08/30 03:48:12 | 000,049,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
    [2013/08/30 03:48:11 | 000,066,336 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
    [2013/08/30 03:48:11 | 000,029,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2013/08/30 03:47:40 | 000,041,664 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2013/08/30 03:47:32 | 000,229,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2013/08/29 05:58:04 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
    [2013/08/29 05:58:04 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
    [2013/08/29 05:58:04 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
    [2013/08/27 15:19:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2013/08/16 09:50:59 | 001,762,774 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Bartagame_fcm.jpg
    [2013/08/15 14:33:19 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\default.pls
    [2013/08/15 03:17:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2013/08/14 17:16:52 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\switchShakeIcon.job
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/09/06 12:42:32 | 005,587,904 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\The Long Arm of Love.mp3
    [2013/09/05 20:31:20 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2013/09/05 20:31:20 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2013/09/05 20:31:20 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2013/09/05 20:31:20 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2013/09/05 20:31:20 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2013/09/04 22:32:25 | 000,006,765 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\attach.zip
    [2013/08/29 05:58:04 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
    [2013/08/29 05:58:04 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
    [2013/08/29 05:58:04 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
    [2013/08/29 05:57:59 | 000,177,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
    [2013/08/29 05:57:59 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
    [2013/08/28 14:01:27 | 000,000,300 | ---- | C] () -- C:\WINDOWS\tasks\AdobeFlashPlayerUpdate 2.job
    [2013/08/28 14:01:26 | 000,000,300 | ---- | C] () -- C:\WINDOWS\tasks\AdobeFlashPlayerUpdate.job
    [2013/08/16 09:50:57 | 001,762,774 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Bartagame_fcm.jpg
    [2013/08/14 17:16:52 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\switchShakeIcon.job
    [2012/05/30 20:12:59 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys
    [2012/02/27 16:26:51 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
    [2012/02/14 19:29:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/11/07 16:37:55 | 000,002,799 | ---- | C] () -- C:\WINDOWS\SKLANG.INI
    [2011/11/03 12:48:44 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
    [2011/06/13 09:31:55 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
    [2010/08/07 11:29:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\.NANotifyHere
    [2010/01/13 11:09:00 | 000,000,165 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\default.pls
    [2010/01/05 22:06:39 | 000,188,416 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/01/05 19:07:27 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat

    ========== ZeroAccess Check ==========

    [2005/08/30 23:58:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2011/08/05 22:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
    [2013/05/21 15:36:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
    [2010/07/11 20:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2012/09/11 13:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Anvisoft
    [2011/06/08 17:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
    [2012/05/03 10:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX
    [2006/07/31 19:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
    [2010/02/05 12:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
    [2012/05/21 14:50:29 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\DSS
    [2011/12/15 19:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
    [2011/12/08 07:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
    [2011/04/12 17:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ImTOO
    [2011/09/18 15:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
    [2010/01/06 10:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
    [2010/08/02 16:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    [2013/05/19 17:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Origin
    [2013/05/04 17:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
    [2012/08/23 14:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
    [2010/01/05 20:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
    [2011/07/31 18:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tipard Studio
    [2012/02/10 22:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar
    [2013/04/10 22:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
    [2011/07/26 18:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
    [2011/07/31 18:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Xilisoft
    [2010/12/10 23:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

    ========== Purity Check ==========



    < End of report >
     
  21. the_third_curry

    the_third_curry TS Rookie Topic Starter Posts: 22

    OTL Extras logfile created on: 9/6/2013 2:57:49 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop\Computer Programs and Antivirus
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.94 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 68.07% Memory free
    3.72 Gb Paging File | 3.20 Gb Available in Paging File | 85.87% Paging File free
    Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 456.90 Gb Total Space | 25.99 Gb Free Space | 5.69% Space Free | Partition Type: NTFS
    Drive D: | 8.84 Gb Total Space | 0.94 Gb Free Space | 10.61% Space Free | Partition Type: FAT32

    Computer Name: CURRY | User Name: HP_Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = Opera.HTML] -- Reg Error: Key error. File not found
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- Reg Error: Key error. File not found
    .com [@ = ComFile] -- Reg Error: Key error. File not found
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "57856:TCP" = 57856:TCP:*:Enabled:pando Media Booster
    "57856:UDP" = 57856:UDP:*:Enabled:pando Media Booster
    "58493:TCP" = 58493:TCP:*:Enabled:pando Media Booster
    "58493:UDP" = 58493:UDP:*:Enabled:pando Media Booster
    "57359:TCP" = 57359:TCP:*:Enabled:pando Media Booster
    "57359:UDP" = 57359:UDP:*:Enabled:pando Media Booster

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "57856:TCP" = 57856:TCP:*:Enabled:pando Media Booster
    "57856:UDP" = 57856:UDP:*:Enabled:pando Media Booster
    "58493:TCP" = 58493:TCP:*:Enabled:pando Media Booster
    "58493:UDP" = 58493:UDP:*:Enabled:pando Media Booster
    "57359:TCP" = 57359:TCP:*:Enabled:pando Media Booster
    "57359:UDP" = 57359:UDP:*:Enabled:pando Media Booster

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
    "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:pando Media Booster -- ()

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
    "C:\Program Files\Steam\steamapps\common\x-com terror from the deep\runme.exe" = C:\Program Files\Steam\steamapps\common\x-com terror from the deep\runme.exe:*:Enabled:X-COM: Terror from the Deep -- ()
    "C:\Program Files\Steam\steamapps\common\xcom apocalypse\dosbox.exe" = C:\Program Files\Steam\steamapps\common\xcom apocalypse\dosbox.exe:*:Enabled:X-COM: Apocalypse -- (DOSBox Team)
    "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
    "C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
    "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
    "C:\Program Files\Steam\steamapps\common\recettear - demo\recettear.exe" = C:\Program Files\Steam\steamapps\common\recettear - demo\recettear.exe:*:Enabled:Recettear: An Item Shop's Tale - Demo -- (Easygamestation)
    "C:\Program Files\Steam\steamapps\common\recettear - demo\custom.exe" = C:\Program Files\Steam\steamapps\common\recettear - demo\custom.exe:*:Enabled:Recettear: An Item Shop's Tale - Demo -- ()
    "C:\Program Files\Steam\steamapps\common\winter voices - demo\WinterVoices Demo.exe" = C:\Program Files\Steam\steamapps\common\winter voices - demo\WinterVoices Demo.exe:*:Enabled:Winter Voices - Demo -- ()
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:pando Media Booster -- ()


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0412CCFF-BFAC-83D8-44FB-3BE60F05FCF8}" = Amazon MP3 Uploader
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
    "{08A25478-C5DD-4EA7-B168-3D687CA987FF}" = The Sims™ 3 Master Suite Stuff
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
    "{0CC21836-A5D6-4641-B4AE-6FA01D021E41}" = The Sims Medieval Pirates and Nobles
    "{0E8E4718-0702-4D33-B007-5E95849BAB3C}" = LibreOffice 3.5
    "{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
    "{11E568E0-3244-4BCB-875E-F334269DFDCB}" = iTunes
    "{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
    "{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
    "{14021E77-2FC1-4972-8C51-08808CD62838}_is1" = Leawo MP4 Converter version 4.1.0.1
    "{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
    "{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
    "{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
    "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
    "{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
    "{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = The Sims™ 2 Double Deluxe
    "{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
    "{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0005
    "{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
    "{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = The Sims™ 3 Showtime
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
    "{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{513148E7-B7A1-48B2-B518-668701E546F5}" = LightScribe System Software 1.14.19.1
    "{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
    "{53CDAAAB-6D41-4A36-BAA4-90261DE31B13}" = NetZero For Cosmi
    "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
    "{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
    "{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
    "{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}" = muvee autoProducer unPlugged 2.0
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
    "{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{779D8CA1-03DD-4AD4-B21F-3E20BFE7BEDE}" = SketchUp 8
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = The Sims™ 3 Town Life Stuff
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
    "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
    "{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
    "{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
    "{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
    "{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
    "{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
    "{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = The Sims Medieval
    "{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
    "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
    "{8ECBE643-8230-11D5-9D6B-00A024112F81}" = VDMSound 2.0.4
    "{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90B4BD24-B33F-429B-AE16-06E325195D46}" = LibreOffice 3.5 Help Pack (English)
    "{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
    "{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
    "{95B8C1B9-FAB2-4F2B-976A-D0CE7290B5A1}" = MusicBee
    "{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help
    "{A6C265BE-E2C1-483e-843D-6B4C1E912AE0}" = F4100
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
    "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
    "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
    "{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
    "{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = The Sims™ 3 Supernatural
    "{B4509BCE-7BAD-4a8c-B1AE-4D0CE7467C42}" = F4100_doccd
    "{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
    "{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
    "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
    "{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
    "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
    "{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
    "{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
    "{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
    "{E11BD6A7-5046-4D25-ABCB-386A54F71033}" = Nero 7 Essentials
    "{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
    "{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
    "{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
    "{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
    "{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}" = The Sims™ 3 University Life
    "{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
    "{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
    "{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
    "{FB4740B3-2530-452D-A825-F7AB246CA7DF}" = muvee autoProducer 5.0
    "{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe Acrobat Reader 3.01" = Adobe Acrobat Reader 3.01
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
    "Audacity_is1" = Audacity 2.0
    "avast" = avast! Free Antivirus
    "AviSynth" = AviSynth 2.5
    "AwayMode160" = Microsoft Away Mode
    "BandiMPEG1" = Bandisoft MPEG-1 Decoder
    "CCleaner" = CCleaner
    "Civil War Generals II" = Civil War Generals II
    "CloneCD" = CloneCD
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
    "com.amazon.music.uploader" = Amazon MP3 Uploader
    "CompitlyEngine_is1" = CompitlyEngine
    "D-Fend Reloaded" = D-Fend Reloaded 0.6.1 (deinstall)
    "DFX" = DFX
    "Dragonsphere_is1" = Dragonsphere
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
    "Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2
    "Google Chrome" = Google Chrome
    "HP Imaging Device Functions" = HP Imaging Device Functions 9.0
    "HP Photo & Imaging" = HP Photosmart Premier Software 6.5
    "HP Photosmart Essential" = HP Photosmart Essential 2.01
    "HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
    "HPExtendedCapabilities" = HP Customer Participation Program 9.0
    "HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0
    "ie8" = Windows Internet Explorer 8
    "ImTOO iPhone Transfer Plus" = ImTOO iPhone Transfer Plus
    "KLiteCodecPack_is1" = K-Lite Codec Pack 7.6.0 (Basic)
    "LAME_is1" = LAME v3.99.3 (for Windows)
    "LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Map001" = 001 Game Creator 1.010.009
    "MediaProSoft Free HD Video Converter_is1" = MediaProSoft Free HD Video Converter 5.2.3
    "Medieval Total War" = Medieval Total War
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010)
    "MixPad" = MixPad Audio Mixer
    "Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NVIDIA Drivers" = NVIDIA Drivers
    "OpenAL" = OpenAL
    "OpenXcom" = OpenXcom 0.9
    "Origin" = Origin
    "PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
    "Python 2.2.3" = Python 2.2.3
    "RCA Detective™_is1" = RCA Detective™ 2.0.0.99
    "RCA easyRip_is1" = RCA easyRip 2.2.1.0
    "Steam App 400" = Portal
    "Steam App 70410" = Recettear: An Item Shop's Tale - Demo
    "Steam App 72910" = Winter Voices - Demo
    "Steam App 7650" = X-COM: Terror from the Deep
    "Steam App 7660" = X-COM: Apocalypse
    "Steam App 7760" = X-COM: UFO Defense
    "Switch" = Switch Sound File Converter
    "SystemRequirementsLab" = System Requirements Lab
    "UFO:Alien Invasion" = UFO:AI 2.3.1
    "UFO2000 Beta" = UFO2000 Beta
    "Ultima 4 - Quest of the Avatar_is1" = Ultima 4 - Quest of the Avatar
    "Videora iPhone 4 Converter" = Videora iPhone 4 Converter 6
    "Videora iPod touch Converter" = Videora iPod touch Converter 6
    "Vivitar Experience Image Manager" = Vivitar Experience Image Manager
    "VSO DivxToDVD_is1" = DivxToDVD 0.5.2b
    "WavePad" = WavePad Sound Editor
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "YouTube Downloader App" = YouTube Downloader App 3.00
    "ZMBV" = Zip Motion Block Video codec (Remove Only)

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "CopyTrans Suite" = CopyTrans Suite Remove Only
    "EA SPORTS Game Face Browser Plugin" = EA SPORTS Game Face Browser Plugin 1.8.0.0
    "Facebook Plug-In" = Facebook Plug-In
    "UnityWebPlayer" = Unity Web Player

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 7/29/2013 9:58:34 AM | Computer Name = CURRY | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 22.0.0.4917, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 7/29/2013 11:00:33 AM | Computer Name = CURRY | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 22.0.0.4917, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 7/29/2013 8:19:06 PM | Computer Name = CURRY | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 22.0.0.4917, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 7/30/2013 4:00:43 PM | Computer Name = CURRY | Source = Application Error | ID = 1000
    Description = Faulting application softwareupdate.exe, version 2.1.3.127, faulting
    module , version 0.0.0.0, fault address 0x00000000.

    Error - 8/3/2013 5:09:30 PM | Computer Name = CURRY | Source = Application Error | ID = 1000
    Description = Faulting application plugin-container.exe, version 22.0.0.4917, faulting
    module mozalloc.dll, version 22.0.0.4917, fault address 0x00001988.

    Error - 8/9/2013 6:52:04 PM | Computer Name = CURRY | Source = Application Hang | ID = 1002
    Description = Hanging application chrome.exe, version 28.0.1500.95, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 8/9/2013 6:52:27 PM | Computer Name = CURRY | Source = Application Hang | ID = 1001
    Description = Fault bucket -557131772.

    Error - 8/15/2013 3:55:47 AM | Computer Name = CURRY | Source = .NET Runtime Optimization Service | ID = 1103
    Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
    - Tried to start a service that wasn't the latest version of CLR Optimization service.
    Will shutdown

    Error - 8/24/2013 1:38:16 PM | Computer Name = CURRY | Source = Application Error | ID = 1000
    Description = Faulting application FlashPlayerUpdateService.exe, version 11.6.602.180,
    faulting module FlashPlayerUpdateService.exe, version 11.6.602.180, fault address
    0x0000383f.

    Error - 8/26/2013 3:10:06 PM | Computer Name = CURRY | Source = Application Hang | ID = 1002
    Description = Hanging application iTunes.exe, version 11.0.3.42, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    [ OSession Events ]
    Error - 9/26/2010 5:58:58 PM | Computer Name = CURRY | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 105
    seconds with 60 seconds of active time. This session ended with a crash.

    Error - 10/17/2010 8:42:05 PM | Computer Name = CURRY | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
    Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
    lasted 10476 seconds with 4620 seconds of active time. This session ended with
    a crash.

    Error - 2/6/2011 8:10:39 PM | Computer Name = CURRY | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
    Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
    lasted 10225 seconds with 9960 seconds of active time. This session ended with
    a crash.

    Error - 4/11/2011 7:24:06 PM | Computer Name = CURRY | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
    Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
    lasted 7505 seconds with 3720 seconds of active time. This session ended with a
    crash.

    Error - 6/10/2011 5:22:45 PM | Computer Name = CURRY | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
    Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
    lasted 1423 seconds with 1380 seconds of active time. This session ended with a
    crash.

    Error - 6/16/2011 7:59:37 PM | Computer Name = CURRY | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
    Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
    lasted 1447 seconds with 1380 seconds of active time. This session ended with a
    crash.

    Error - 2/14/2012 6:54:43 PM | Computer Name = CURRY | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
    Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session
    lasted 10335 seconds with 4080 seconds of active time. This session ended with
    a crash.

    Error - 5/1/2012 4:55:51 PM | Computer Name = CURRY | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 22
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 10/21/2012 9:53:06 PM | Computer Name = CURRY | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 7969
    seconds with 4740 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 9/5/2013 4:05:15 PM | Computer Name = CURRY | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the libusbd service.

    Error - 9/5/2013 8:22:27 PM | Computer Name = CURRY | Source = System Error | ID = 1003
    Description = Error code 1000000a, parameter1 00000023, parameter2 00000002, parameter3
    00000000, parameter4 8050c743.

    Error - 9/5/2013 8:48:42 PM | Computer Name = CURRY | Source = Service Control Manager | ID = 7034
    Description = The NVIDIA Display Driver Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 9/5/2013 9:00:08 PM | Computer Name = CURRY | Source = Service Control Manager | ID = 7000
    Description = The Adobe Flash Player Update Service service failed to start due
    to the following error: %%3

    Error - 9/5/2013 11:01:55 PM | Computer Name = CURRY | Source = W32Time | ID = 39452689
    Description = Time Provider NtpClient: An error occurred during DNS lookup of the
    manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
    again in 15 minutes. The error was: A socket operation was attempted to an unreachable
    host. (0x80072751)

    Error - 9/5/2013 11:01:55 PM | Computer Name = CURRY | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
    or more time sources, however none of the sources are currently accessible. No attempt
    to contact a source will be made for 14 minutes. NtpClient has no source of accurate
    time.

    Error - 9/6/2013 10:39:10 AM | Computer Name = CURRY | Source = System Error | ID = 1003
    Description = Error code 1000000a, parameter1 00000023, parameter2 00000002, parameter3
    00000000, parameter4 8050c743.

    Error - 9/6/2013 11:00:09 AM | Computer Name = CURRY | Source = Service Control Manager | ID = 7000
    Description = The Adobe Flash Player Update Service service failed to start due
    to the following error: %%3

    Error - 9/6/2013 11:40:54 AM | Computer Name = CURRY | Source = Service Control Manager | ID = 7034
    Description = The NVIDIA Display Driver Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 9/6/2013 2:00:11 PM | Computer Name = CURRY | Source = Service Control Manager | ID = 7000
    Description = The Adobe Flash Player Update Service service failed to start due
    to the following error: %%3


    < End of report >
     
  22. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    [​IMG] Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Code:
    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    FF - user.js - File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
    O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
    
    
    :Services
    
    :Reg
    
    :Files
    C:\FRST
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
    
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  23. the_third_curry

    the_third_curry TS Rookie Topic Starter Posts: 22

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 56475 bytes

    User: HP_Administrator
    ->Temp folder emptied: 8753551 bytes
    ->Temporary Internet Files folder emptied: 3943481 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 277401092 bytes
    ->Google Chrome cache emptied: 6182034 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 57437 bytes

    User: LocalService
    ->Temp folder emptied: 65748 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 49286 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 360448 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 148706676 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 425.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Default User

    User: HP_Administrator
    ->Java cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: HP_Administrator
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 09062013_203127

    Files\Folders moved on Reboot...
    File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  24. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    The above log is incomplete.
    Please post complete log.
     
  25. the_third_curry

    the_third_curry TS Rookie Topic Starter Posts: 22

    Results of screen317's Security Check version 0.99.73
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    SUPERAntiSpyware
    Malwarebytes Anti-Malware version 1.75.0.1300
    CCleaner
    Java 7 Update 25
    Adobe Flash Player 11.8.800.94
    Adobe Reader 10.1.7 Adobe Reader out of Date!
    Mozilla Firefox (23.0.1)
    Google Chrome 29.0.1547.62
    Google Chrome 29.0.1547.66
    Google Chrome winmm.dll..
    ````````Process Check: objlist.exe by Laurent````````
    HP_Administrator Desktop Computer Programs and Antivirus SecurityCheck.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 26% Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.