Lolipop etc

Solved
By dmcneil35
Jan 2, 2014
  1. Hi,

    Happy new year.

    I had the lolipop thingy on my computer. It was removed (I think) with bitdefender. I'd like to make sure no other viruses etc are on my machine. My computer works. But is slow.

    2 dds and logs follow. The other log in the next post

    thanks

    David


    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.45.2
    Run by HP_Administrator at 19:48:49 on 2014-01-02
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.1015.88 [GMT -5:00]
    .
    AV: Bitdefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    FW: Bitdefender Firewall *Enabled*
    .
    ============== Running Processes ================
    .
    C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
    C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
    C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe
    C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4.5\Transfer Utility\CameraMonitor.exe
    C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
    C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe
    c:\program files\Mozilla Firefox\firefox.exe
    c:\program files\Mozilla Firefox\plugin-container.exe
    c:\program files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    mStart Page = about:blank
    uProxyServer = 205.213.195.70:8080
    uProxyOverride = <local>
    BHO: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - c:\program files\bitdefender\bitdefender\pmbxie.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
    uRun: [Bitdefender Wallet Agent] "c:\program files\bitdefender\bitdefender\pmbxag.exe"
    uRun: [Bitdefender Wallet] "c:\program files\bitdefender\bitdefender\pwdmanui.exe" --hidden --nowizard
    uRun: [Bitdefender Wallet Application Agent] "c:\program files\bitdefender\bitdefender\bdapppassmgr.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [UpdatePRCShortCut] "c:\windows\sminst\muitransfer\muistartmenu.exe" "c:\windows\sminst" updatewithcreateonce "software\cyberlink\PowerRecover"
    mRun: [Reminder] c:\windows\sminst\Reminder.exe
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Bdagent] "c:\program files\bitdefender\bitdefender\bdagent.exe"
    dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    dRun: [Bitdefender Wallet Agent] "c:\program files\bitdefender\bitdefender\pmbxag.exe"
    dRun: [Bitdefender Wallet] "c:\program files\bitdefender\bitdefender\pwdmanui.exe" --hidden --nowizard
    dRun: [Bitdefender Wallet Application Agent] "c:\program files\bitdefender\bitdefender\bdapppassmgr.exe"
    StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\hp_administrator\application data\dropbox\bin\Dropbox.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imagem~1.lnk - c:\program files\pixela\imagemixer 3 se ver.4.5\transfer utility\CameraMonitor.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\photof~1.lnk - c:\program files\panasonic\photofunstudio -viewer-\PhAutoRun.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1294355956989
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{58760A3C-BCCF-45D9-A72D-281595A5B161} : DHCPNameServer = 192.168.0.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\zh89uc04.default\
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
    FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\zh89uc04.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\plugins\np-mswmp.dll
    FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\bitdefender\bitdefender\npcomm.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\lightspark 0.5.3-git\nplightsparkplugin.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll
    FF - ExtSQL: 2013-11-28 16:42; ffpwdman@bitdefender.com; c:\program files\bitdefender\bitdefender\ffpwdman
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    .
    .
    .
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2013-12-17 640560]
    R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [2013-12-17 165744]
    R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2013-12-17 72704]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2014-1-2 418376]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2014-1-2 701512]
    R2 SafeBox;SafeBox;c:\program files\bitdefender\bitdefender safebox\safeboxservice.exe [2013-12-17 81704]
    R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
    R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\bitdefender\bitdefender\updatesrv.exe [2013-12-17 54424]
    R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2013-12-17 242504]
    R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2013-12-17 490144]
    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf.sys [2013-12-17 116560]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-1-2 22856]
    R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2009-3-27 588032]
    S1 iSafeNetFilter;iSafeNetFilter;\??\c:\program files\isafe\isafenetfilter.sys --> c:\program files\isafe\iSafeNetFilter.sys [?]
    S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-7-25 162672]
    S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2013-12-17 66832]
    S3 NAVENG;NAVENG;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\naveng.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\NAVENG.SYS [?]
    S3 NAVEX15;NAVEX15;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\navex15.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\NAVEX15.SYS [?]
    S4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\bitdefender\bitdefender\bdparentalservice.exe [2013-12-17 69880]
    .
    =============== Created Last 30 ================
    .
    2014-01-02 22:49:38 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2014-01-02 22:35:05 -------- d-----w- c:\documents and settings\hp_administrator\application data\Malwarebytes
    2014-01-02 22:34:46 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2014-01-02 22:34:28 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-01-02 22:34:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-12-18 14:26:08 -------- d-----w- C:\b173431b9b34f36d5d70
    2013-12-17 17:07:10 1942232 ----a-w- c:\documents and settings\all users\application data\1387297222.bdinstall.bin
    2013-12-17 17:00:45 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
    2013-12-17 17:00:17 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
    2013-12-17 16:59:58 -------- d-----w- c:\documents and settings\all users\application data\BDLogging
    2013-12-17 16:59:26 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
    2013-12-17 16:59:05 74512 ----a-w- c:\windows\system32\bdsandboxuiskin.dll
    2013-12-17 16:59:05 66832 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
    2013-12-17 16:59:05 511328 ----a-w- c:\windows\capicom.dll
    2013-12-17 16:59:05 27168 ----a-w- c:\windows\system32\bdsandboxuh.dll
    2013-12-17 16:59:05 116560 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
    2013-12-17 16:58:44 640560 ----a-w- c:\windows\system32\drivers\avc3.sys
    2013-12-17 16:58:44 490144 ----a-w- c:\windows\system32\drivers\avckf.sys
    2013-12-17 16:58:44 242504 ----a-w- c:\windows\system32\drivers\avchv.sys
    2013-12-17 16:30:34 -------- d-----w- c:\documents and settings\hp_administrator\application data\Bitdefender
    2013-12-17 16:28:08 -------- d-----w- c:\documents and settings\hp_administrator\application data\QuickScan
    2013-12-17 16:20:45 -------- d-----w- c:\documents and settings\all users\application data\Bitdefender
    2013-12-17 16:20:43 165744 ----a-w- c:\windows\system32\drivers\gzflt.sys
    2013-12-17 16:20:33 360376 ----a-w- c:\windows\system32\drivers\trufos.sys
    2013-12-17 16:20:33 -------- d-----w- c:\program files\Bitdefender
    2013-12-17 16:13:45 -------- d-----w- c:\program files\common files\Bitdefender
    2013-12-10 04:02:40 -------- d-----w- c:\documents and settings\hp_administrator\application data\eCyber
    2013-12-09 23:18:52 -------- d-----w- c:\program files\Lightspark 0.5.3-git
    2013-12-09 23:17:29 -------- d-----w- c:\documents and settings\hp_administrator\.android
    2013-12-09 23:17:27 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\cache
    2013-12-09 23:17:15 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\genienext
    2013-12-09 23:17:13 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\Mobogenie
    2013-12-09 23:17:12 -------- d-----w- c:\program files\AmiExt
    2013-12-09 23:15:59 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\RegistryDR
    2013-12-09 23:15:52 -------- d-----w- c:\program files\Mobogenie
    2013-12-09 23:15:45 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
    2013-12-09 23:15:32 -------- d-----w- c:\program files\Registry Dr
    2013-12-09 23:14:57 -------- d-----w- c:\documents and settings\hp_administrator\application data\iSafe
    2013-12-09 23:14:14 -------- d-----w- c:\program files\MyPC Backup
    2013-12-09 23:11:53 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\Lollipop
    2013-12-06 01:19:33 145408 ----a-w- c:\windows\system32\javacpl.cpl
    2013-12-06 01:19:19 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    .
    ==================== Find3M ====================
    .
    2013-11-13 02:59:42 150528 ------w- c:\windows\system32\imagehlp.dll
    2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
    2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll
    2013-10-30 02:26:17 1879040 ------w- c:\windows\system32\win32k.sys
    2013-10-29 07:57:34 920064 ----a-w- c:\windows\system32\wininet.dll
    2013-10-29 07:57:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2013-10-29 07:57:33 18944 ----a-w- c:\windows\system32\corpol.dll
    2013-10-29 07:57:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-10-29 00:45:02 385024 ----a-w- c:\windows\system32\html.iec
    2013-10-23 23:45:49 172032 ----a-w- c:\windows\system32\scrrun.dll
    2013-10-15 21:26:22 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
    2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll
    2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll
    2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll
    .
    ============= FINISH: 19:51:26,01 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2011-01-06 19:36:05
    System Uptime: 2014-01-02 19:12:56 (0 hours ago)
    .
    Motherboard: FOXCONN | | CALI
    Processor: Intel(R) Atom(TM) CPU 230 @ 1.60GHz | CPU 1 | 1596/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 139 GiB total, 78,713 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 0,423 GiB free.
    E: is CDROM ()
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description:
    Device ID: ROOT\LEGACY_SASKUTIL\0000
    Manufacturer:
    Name:
    PNP Device ID: ROOT\LEGACY_SASKUTIL\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP894: 2013-10-05 01:29:51 - System Checkpoint
    RP895: 2013-10-06 02:29:57 - System Checkpoint
    RP896: 2013-10-07 03:21:05 - System Checkpoint
    RP897: 2013-10-08 11:34:00 - System Checkpoint
    RP898: 2013-10-09 12:08:38 - System Checkpoint
    RP899: 2013-10-10 13:18:11 - System Checkpoint
    RP900: 2013-10-11 14:13:55 - System Checkpoint
    RP901: 2013-10-12 14:15:00 - System Checkpoint
    RP902: 2013-10-13 15:13:55 - System Checkpoint
    RP903: 2013-10-14 15:26:25 - System Checkpoint
    RP904: 2013-10-15 16:13:29 - System Checkpoint
    RP905: 2013-10-15 16:40:41 - Installed GTA San Andreas
    RP906: 2013-10-15 16:59:27 - Installed GTA San Andreas
    RP907: 2013-10-15 17:27:18 - Installed GTA San Andreas
    RP908: 2013-10-15 18:01:05 - Installed GTA San Andreas
    RP909: 2013-10-16 18:13:55 - System Checkpoint
    RP910: 2013-10-17 19:13:57 - System Checkpoint
    RP911: 2013-10-22 22:01:34 - System Checkpoint
    RP912: 2013-10-23 23:36:31 - System Checkpoint
    RP913: 2013-10-24 23:45:43 - System Checkpoint
    RP914: 2013-10-26 00:45:45 - System Checkpoint
    RP915: 2013-10-27 02:19:34 - System Checkpoint
    RP916: 2013-10-28 02:45:45 - System Checkpoint
    RP917: 2013-10-29 03:28:10 - System Checkpoint
    RP918: 2013-10-30 22:29:54 - System Checkpoint
    RP919: 2013-11-01 05:03:30 - System Checkpoint
    RP920: 2013-11-03 15:52:24 - System Checkpoint
    RP921: 2013-11-04 16:40:47 - System Checkpoint
    RP922: 2013-11-05 16:59:52 - System Checkpoint
    RP923: 2013-11-07 01:36:55 - System Checkpoint
    RP924: 2013-11-08 01:37:05 - System Checkpoint
    RP925: 2013-11-11 17:21:52 - System Checkpoint
    RP926: 2009-03-27 02:45:02 - System Checkpoint
    RP927: 2009-03-27 01:53:28 - System Checkpoint
    RP928: 2013-11-13 17:25:55 - System Checkpoint
    RP929: 2013-11-14 01:30:42 - Software Distribution Service 3.0
    RP930: 2013-11-15 01:38:50 - Software Distribution Service 3.0
    RP931: 2013-11-16 13:34:14 - Software Distribution Service 3.0
    RP932: 2013-11-17 03:00:59 - Software Distribution Service 3.0
    RP933: 2013-11-18 01:12:16 - Software Distribution Service 3.0
    RP934: 2013-11-19 02:21:55 - System Checkpoint
    RP935: 2013-11-20 03:13:51 - System Checkpoint
    RP936: 2013-11-21 11:10:38 - System Checkpoint
    RP937: 2013-11-22 11:26:45 - System Checkpoint
    RP938: 2013-11-23 15:28:49 - System Checkpoint
    RP939: 2013-11-24 16:34:18 - System Checkpoint
    RP940: 2013-11-25 20:16:08 - System Checkpoint
    RP941: 2013-11-26 21:11:58 - System Checkpoint
    RP942: 2013-11-27 22:00:25 - System Checkpoint
    RP943: 2013-11-29 19:40:02 - System Checkpoint
    RP944: 2013-11-30 22:44:34 - System Checkpoint
    RP945: 2013-12-01 23:29:09 - System Checkpoint
    RP946: 2013-12-03 00:45:27 - System Checkpoint
    RP947: 2013-12-04 03:12:29 - System Checkpoint
    RP948: 2013-12-05 03:44:47 - System Checkpoint
    RP949: 2013-12-05 20:13:48 - Installed Java 7 Update 45
    RP950: 2013-12-06 23:31:28 - System Checkpoint
    RP951: 2013-12-08 00:31:12 - System Checkpoint
    RP952: 2013-12-09 01:30:43 - System Checkpoint
    RP953: 2013-12-10 17:52:01 - System Checkpoint
    RP954: 2013-12-10 21:28:49 - Removed Ask Toolbar.
    RP955: 2013-12-10 21:30:41 - Removed Ask Toolbar.
    RP956: 2013-12-10 22:47:52 - Supprimé Bonjour
    RP957: 2013-12-10 23:31:31 - Removed Registry Dr
    RP958: 2013-12-10 23:37:47 - Supprimé QuickTime
    RP959: 2013-12-12 00:11:03 - System Checkpoint
    RP960: 2013-12-12 03:01:21 - Software Distribution Service 3.0
    RP961: 2013-12-13 03:34:19 - System Checkpoint
    RP962: 2013-12-14 03:00:21 - Software Distribution Service 3.0
    RP963: 2013-12-15 03:37:31 - System Checkpoint
    RP964: 2013-12-16 03:57:39 - System Checkpoint
    RP965: 2013-12-17 12:00:45 - Installed Windows XP Wdf01009.
    RP966: 2013-12-18 09:26:03 - Software Distribution Service 3.0
    RP967: 2013-12-19 10:45:47 - System Checkpoint
    RP968: 2013-12-20 12:41:31 - System Checkpoint
    RP969: 2013-12-21 14:01:10 - System Checkpoint
    RP970: 2013-12-22 14:43:19 - System Checkpoint
    RP971: 2013-12-23 17:00:11 - System Checkpoint
    RP972: 2013-12-28 21:51:04 - System Checkpoint
    RP973: 2013-12-29 22:18:56 - System Checkpoint
    RP974: 2013-12-31 13:40:44 - System Checkpoint
    RP975: 2014-01-01 13:56:26 - System Checkpoint
    RP976: 2014-01-02 15:57:38 - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader XI (11.0.05)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Software Suite
    Bitdefender Total Security
    DivX Setup
    Dropbox
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    HP Photo and Imaging 2.0 - All-in-One
    HP Photo and Imaging 2.0 - All-in-One Drivers
    HP Photo and Imaging 2.0 - hp psc 2170 series
    hp psc 2170 series
    ImageMixer 3 SE Ver.4.5 Transfer Utility
    ImageMixer 3 SE Ver.4.5 Video Tools
    Intel(R) Graphics Media Accelerator Driver
    iTunes
    Java 7 Update 45
    Java Auto Updater
    Lightspark 0.5.3-git
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mozilla Firefox 26.0 (x86 en-US)
    Mozilla Maintenance Service
    Music Transfer Utility Ver.1.5
    PowerRecover
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2888505)
    Security Update for Windows Internet Explorer 8 (KB2898785)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB2803821-v2)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219-v2)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135-v2)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2757638)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2780091)
    Security Update for Windows XP (KB2802968)
    Security Update for Windows XP (KB2807986)
    Security Update for Windows XP (KB2813345)
    Security Update for Windows XP (KB2820917)
    Security Update for Windows XP (KB2834886)
    Security Update for Windows XP (KB2845187)
    Security Update for Windows XP (KB2847311)
    Security Update for Windows XP (KB2849470)
    Security Update for Windows XP (KB2850869)
    Security Update for Windows XP (KB2859537)
    Security Update for Windows XP (KB2862152)
    Security Update for Windows XP (KB2862330)
    Security Update for Windows XP (KB2862335)
    Security Update for Windows XP (KB2864063)
    Security Update for Windows XP (KB2868038)
    Security Update for Windows XP (KB2868626)
    Security Update for Windows XP (KB2876217)
    Security Update for Windows XP (KB2876331)
    Security Update for Windows XP (KB2883150)
    Security Update for Windows XP (KB2892075)
    Security Update for Windows XP (KB2893294)
    Security Update for Windows XP (KB2893984)
    Security Update for Windows XP (KB2898715)
    Security Update for Windows XP (KB2900986)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982665)
    SILKYPIX Developer Studio 3.0 SE
    Skype Click to Call
    Skype™ 6.7
    StudioTax 2012
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB2863058)
    Update for Windows XP (KB2904266)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB973815)
    WebFldrs XP
    Windows Internet Explorer 8
    XML Paper Specification Shared Components Pack 1.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2013-12-29 00:24:29, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
    2013-12-28 21:07:45, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iSafeNetFilter SRTSP SRTSPX
    2013-12-28 21:07:45, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ACDaemon service.
    2013-12-28 21:07:45, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the service.
    2013-12-28 21:07:45, error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: The system cannot find the path specified.
    .
    ==== End Of File ===========================
    .
  2. dmcneil35

    dmcneil35 Newcomer, in training Topic Starter Posts: 63

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2011-01-06 19:36:05
    System Uptime: 2014-01-02 19:12:56 (0 hours ago)
    .
    Motherboard: FOXCONN | | CALI
    Processor: Intel(R) Atom(TM) CPU 230 @ 1.60GHz | CPU 1 | 1596/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 139 GiB total, 78,713 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 0,423 GiB free.
    E: is CDROM ()
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description:
    Device ID: ROOT\LEGACY_SASKUTIL\0000
    Manufacturer:
    Name:
    PNP Device ID: ROOT\LEGACY_SASKUTIL\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP894: 2013-10-05 01:29:51 - System Checkpoint
    RP895: 2013-10-06 02:29:57 - System Checkpoint
    RP896: 2013-10-07 03:21:05 - System Checkpoint
    RP897: 2013-10-08 11:34:00 - System Checkpoint
    RP898: 2013-10-09 12:08:38 - System Checkpoint
    RP899: 2013-10-10 13:18:11 - System Checkpoint
    RP900: 2013-10-11 14:13:55 - System Checkpoint
    RP901: 2013-10-12 14:15:00 - System Checkpoint
    RP902: 2013-10-13 15:13:55 - System Checkpoint
    RP903: 2013-10-14 15:26:25 - System Checkpoint
    RP904: 2013-10-15 16:13:29 - System Checkpoint
    RP905: 2013-10-15 16:40:41 - Installed GTA San Andreas
    RP906: 2013-10-15 16:59:27 - Installed GTA San Andreas
    RP907: 2013-10-15 17:27:18 - Installed GTA San Andreas
    RP908: 2013-10-15 18:01:05 - Installed GTA San Andreas
    RP909: 2013-10-16 18:13:55 - System Checkpoint
    RP910: 2013-10-17 19:13:57 - System Checkpoint
    RP911: 2013-10-22 22:01:34 - System Checkpoint
    RP912: 2013-10-23 23:36:31 - System Checkpoint
    RP913: 2013-10-24 23:45:43 - System Checkpoint
    RP914: 2013-10-26 00:45:45 - System Checkpoint
    RP915: 2013-10-27 02:19:34 - System Checkpoint
    RP916: 2013-10-28 02:45:45 - System Checkpoint
    RP917: 2013-10-29 03:28:10 - System Checkpoint
    RP918: 2013-10-30 22:29:54 - System Checkpoint
    RP919: 2013-11-01 05:03:30 - System Checkpoint
    RP920: 2013-11-03 15:52:24 - System Checkpoint
    RP921: 2013-11-04 16:40:47 - System Checkpoint
    RP922: 2013-11-05 16:59:52 - System Checkpoint
    RP923: 2013-11-07 01:36:55 - System Checkpoint
    RP924: 2013-11-08 01:37:05 - System Checkpoint
    RP925: 2013-11-11 17:21:52 - System Checkpoint
    RP926: 2009-03-27 02:45:02 - System Checkpoint
    RP927: 2009-03-27 01:53:28 - System Checkpoint
    RP928: 2013-11-13 17:25:55 - System Checkpoint
    RP929: 2013-11-14 01:30:42 - Software Distribution Service 3.0
    RP930: 2013-11-15 01:38:50 - Software Distribution Service 3.0
    RP931: 2013-11-16 13:34:14 - Software Distribution Service 3.0
    RP932: 2013-11-17 03:00:59 - Software Distribution Service 3.0
    RP933: 2013-11-18 01:12:16 - Software Distribution Service 3.0
    RP934: 2013-11-19 02:21:55 - System Checkpoint
    RP935: 2013-11-20 03:13:51 - System Checkpoint
    RP936: 2013-11-21 11:10:38 - System Checkpoint
    RP937: 2013-11-22 11:26:45 - System Checkpoint
    RP938: 2013-11-23 15:28:49 - System Checkpoint
    RP939: 2013-11-24 16:34:18 - System Checkpoint
    RP940: 2013-11-25 20:16:08 - System Checkpoint
    RP941: 2013-11-26 21:11:58 - System Checkpoint
    RP942: 2013-11-27 22:00:25 - System Checkpoint
    RP943: 2013-11-29 19:40:02 - System Checkpoint
    RP944: 2013-11-30 22:44:34 - System Checkpoint
    RP945: 2013-12-01 23:29:09 - System Checkpoint
    RP946: 2013-12-03 00:45:27 - System Checkpoint
    RP947: 2013-12-04 03:12:29 - System Checkpoint
    RP948: 2013-12-05 03:44:47 - System Checkpoint
    RP949: 2013-12-05 20:13:48 - Installed Java 7 Update 45
    RP950: 2013-12-06 23:31:28 - System Checkpoint
    RP951: 2013-12-08 00:31:12 - System Checkpoint
    RP952: 2013-12-09 01:30:43 - System Checkpoint
    RP953: 2013-12-10 17:52:01 - System Checkpoint
    RP954: 2013-12-10 21:28:49 - Removed Ask Toolbar.
    RP955: 2013-12-10 21:30:41 - Removed Ask Toolbar.
    RP956: 2013-12-10 22:47:52 - Supprimé Bonjour
    RP957: 2013-12-10 23:31:31 - Removed Registry Dr
    RP958: 2013-12-10 23:37:47 - Supprimé QuickTime
    RP959: 2013-12-12 00:11:03 - System Checkpoint
    RP960: 2013-12-12 03:01:21 - Software Distribution Service 3.0
    RP961: 2013-12-13 03:34:19 - System Checkpoint
    RP962: 2013-12-14 03:00:21 - Software Distribution Service 3.0
    RP963: 2013-12-15 03:37:31 - System Checkpoint
    RP964: 2013-12-16 03:57:39 - System Checkpoint
    RP965: 2013-12-17 12:00:45 - Installed Windows XP Wdf01009.
    RP966: 2013-12-18 09:26:03 - Software Distribution Service 3.0
    RP967: 2013-12-19 10:45:47 - System Checkpoint
    RP968: 2013-12-20 12:41:31 - System Checkpoint
    RP969: 2013-12-21 14:01:10 - System Checkpoint
    RP970: 2013-12-22 14:43:19 - System Checkpoint
    RP971: 2013-12-23 17:00:11 - System Checkpoint
    RP972: 2013-12-28 21:51:04 - System Checkpoint
    RP973: 2013-12-29 22:18:56 - System Checkpoint
    RP974: 2013-12-31 13:40:44 - System Checkpoint
    RP975: 2014-01-01 13:56:26 - System Checkpoint
    RP976: 2014-01-02 15:57:38 - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader XI (11.0.05)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Software Suite
    Bitdefender Total Security
    DivX Setup
    Dropbox
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    HP Photo and Imaging 2.0 - All-in-One
    HP Photo and Imaging 2.0 - All-in-One Drivers
    HP Photo and Imaging 2.0 - hp psc 2170 series
    hp psc 2170 series
    ImageMixer 3 SE Ver.4.5 Transfer Utility
    ImageMixer 3 SE Ver.4.5 Video Tools
    Intel(R) Graphics Media Accelerator Driver
    iTunes
    Java 7 Update 45
    Java Auto Updater
    Lightspark 0.5.3-git
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mozilla Firefox 26.0 (x86 en-US)
    Mozilla Maintenance Service
    Music Transfer Utility Ver.1.5
    PowerRecover
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2888505)
    Security Update for Windows Internet Explorer 8 (KB2898785)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB2803821-v2)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219-v2)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135-v2)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2757638)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2780091)
    Security Update for Windows XP (KB2802968)
    Security Update for Windows XP (KB2807986)
    Security Update for Windows XP (KB2813345)
    Security Update for Windows XP (KB2820917)
    Security Update for Windows XP (KB2834886)
    Security Update for Windows XP (KB2845187)
    Security Update for Windows XP (KB2847311)
    Security Update for Windows XP (KB2849470)
    Security Update for Windows XP (KB2850869)
    Security Update for Windows XP (KB2859537)
    Security Update for Windows XP (KB2862152)
    Security Update for Windows XP (KB2862330)
    Security Update for Windows XP (KB2862335)
    Security Update for Windows XP (KB2864063)
    Security Update for Windows XP (KB2868038)
    Security Update for Windows XP (KB2868626)
    Security Update for Windows XP (KB2876217)
    Security Update for Windows XP (KB2876331)
    Security Update for Windows XP (KB2883150)
    Security Update for Windows XP (KB2892075)
    Security Update for Windows XP (KB2893294)
    Security Update for Windows XP (KB2893984)
    Security Update for Windows XP (KB2898715)
    Security Update for Windows XP (KB2900986)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982665)
    SILKYPIX Developer Studio 3.0 SE
    Skype Click to Call
    Skype™ 6.7
    StudioTax 2012
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB2863058)
    Update for Windows XP (KB2904266)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB973815)
    WebFldrs XP
    Windows Internet Explorer 8
    XML Paper Specification Shared Components Pack 1.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2013-12-29 00:24:29, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
    2013-12-28 21:07:45, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iSafeNetFilter SRTSP SRTSPX
    2013-12-28 21:07:45, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ACDaemon service.
    2013-12-28 21:07:45, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the service.
    2013-12-28 21:07:45, error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: The system cannot find the path specified.
    .
    ==== End Of File ===========================
  3. Broni

    Broni Malware Annihilator Posts: 46,123   +251

    Somehow I missed this topic.

    Let me know if you still need help.

    If so I still need MBAM log.
  4. dmcneil35

    dmcneil35 Newcomer, in training Topic Starter Posts: 63

    Yes still need help thanks. will post the log tomorrow
  5. dmcneil35

    dmcneil35 Newcomer, in training Topic Starter Posts: 63

    Computer is really slow. lots of "processes" running in the backgroup. CPU at 100% sometimes (not that I have any idea what that means).

    An automatic update is installing "windows malicious software removal tool" as I write

    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2014.01.02.04

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    HP_Administrator :: YOUR-06CE742A84 [administrator]

    Protection: Enabled

    2014-01-02 18:23:35
    mbam-log-2014-01-02 (18-23-35).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 209551
    Time elapsed: 34 minute(s), 27 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 6
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE60E6ED-49DD-4099-8B5E-386A4908D5D5} (PUP.Optional.GreyGray.A) -> Quarantined and deleted successfully.
    HKCU\Software\ConduitSearchScopes (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    HKCU\Software\PriceGong (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    HKCU\Software\AmiExt\IE plugin (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 5
    C:\Documents and Settings\HP_Administrator\Application Data\SwvUpdater (PUP.Software.Updater) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Application Data\PriceGong (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Application Data\newnext.me (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Application Data\newnext.me\cache (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.

    Files Detected: 41
    C:\Documents and Settings\HP_Administrator\My Documents\Downloads\PublicTransportSetup(2).exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\My Documents\Downloads\PublicTransportSetup.exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\My Documents\Downloads\FlashPlayersetup__3873_i184360526_il7.exe (PUP.Optional.InstallMonetizer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\My Documents\Downloads\VLC_32.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Local Settings\Temp\fEBundle28-11-2013.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pricepeep_270015_0101.exe (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Local Settings\Temp\GreyGraySetup.exe (PUP.Optional.Greygray.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Local Settings\Temp\flashEnhancer1\Install\flashEnhancerInstaller.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Application Data\SwvUpdater\Updater.xml (PUP.Software.Updater) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Application Data\SwvUpdater\status.cfg (PUP.Software.Updater) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\1.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\a.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\b.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\c.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\d.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\e.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\f.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\g.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\h.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\I.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\j.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\k.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\l.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\m.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\n.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\o.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\p.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\q.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\r.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\s.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\t.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\u.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\v.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\w.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\wlu.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\x.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\y.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\z.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Application Data\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Application Data\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrator\Application Data\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.

    (end)
  6. Broni

    Broni Malware Annihilator Posts: 46,123   +251

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
  7. dmcneil35

    dmcneil35 Newcomer, in training Topic Starter Posts: 63

    RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : HP_Administrator [Admin rights]
    Mode : Remove -- Date : 01/09/2014 00:22:26
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 0 ¤¤¤

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Browser Addons : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3160318AS +++++
    --- User ---
    [MBR] 92885f1e005d6159b6e5586c7898bb4c
    [BSP] 5c7cde0c6172719c584d81923a880ddf : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 142599 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 292061184 | Size: 10018 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_D_01092014_002226.txt >>
    RKreport[0]_D_01062014_181239.txt;RKreport[0]_S_01062014_181202.txt;RKreport[0]_S_01092014_001940.txt
  8. dmcneil35

    dmcneil35 Newcomer, in training Topic Starter Posts: 63

    And 2 RK reports from Dec 6th. I ran RK at that time. it seemed to delete a bunch of stuff. the computer has been working a little better since then. but still v slow

    RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : HP_Administrator [Admin rights]
    Mode : Scan -- Date : 01/06/2014 18:12:02
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 5 ¤¤¤
    [RUN][SUSP PATH] HKLM\[...]\Run : UpdatePRCShortCut ("C:\Windows\SMINST\MUITransfer\MUIStartMenu.exe" "C:\Windows\SMINST" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" [7][-][x][x]) -> FOUND
    [PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (205.213.195.70:8080 [Country: , City: ]) -> FOUND
    [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
    [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Browser Addons : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3160318AS +++++
    --- User ---
    [MBR] 92885f1e005d6159b6e5586c7898bb4c
    [BSP] 5c7cde0c6172719c584d81923a880ddf : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 142599 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 292061184 | Size: 10018 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_S_01062014_181202.txt >>


    RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : HP_Administrator [Admin rights]
    Mode : Remove -- Date : 01/06/2014 18:12:39
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [RUN][SUSP PATH] HKLM\[...]\Run : UpdatePRCShortCut ("C:\Windows\SMINST\MUITransfer\MUIStartMenu.exe" "C:\Windows\SMINST" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" [7][-][x][x]) -> DELETED
    [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
    [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Browser Addons : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3160318AS +++++
    --- User ---
    [MBR] 92885f1e005d6159b6e5586c7898bb4c
    [BSP] 5c7cde0c6172719c584d81923a880ddf : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 142599 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 292061184 | Size: 10018 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_D_01062014_181239.txt >>
    RKreport[0]_S_01062014_181202.txt
  9. dmcneil35

    dmcneil35 Newcomer, in training Topic Starter Posts: 63

    Two MBAR logs follow.

    second time I scanned it said: nothing found, no cleaning needed

    Malwarebytes Anti-Rootkit BETA 1.07.0.1008
    www.malwarebytes.org

    Database version: v2014.01.09.07

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    HP_Administrator :: YOUR-06CE742A84 [administrator]

    2014-01-09 16:03:23
    mbar-log-2014-01-09 (16-03-23).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 214442
    Time elapsed: 36 minute(s), 3 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1008

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 1.596000 GHz
    Memory total: 1064546304, free: 95145984

    Downloaded database version: v2014.01.08.07
    Downloaded database version: v2013.12.18.01
    Initializing...
    ======================
    This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1008

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 1.596000 GHz
    Memory total: 1064546304, free: 131604480

    Could not load protection driver
    Downloaded database version: v2014.01.09.04
    Downloaded database version: v2013.12.18.01
    =======================================
    ------------ Kernel report ------------
    01/09/2014 09:42:46
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntkrnlpa.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    ACPI.sys
    \WINDOWS\system32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    trufos.sys
    \WINDOWS\system32\DRIVERS\FLTMGR.SYS
    pciide.sys
    \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    MountMgr.sys
    ftdisk.sys
    PartMgr.sys
    VolSnap.sys
    atapi.sys
    disk.sys
    \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    sr.sys
    avc3.sys
    gzflt.sys
    PxHelp20.sys
    KSecDD.sys
    Ntfs.sys
    NDIS.sys
    Serial.sys
    Mup.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\igxpmp32.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\Rtenicxp.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\imapi.sys
    \SystemRoot\system32\drivers\Afc.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\redbook.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\audstub.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\psched.sys
    \SystemRoot\system32\DRIVERS\msgpc.sys
    \SystemRoot\system32\DRIVERS\ptilink.sys
    \SystemRoot\system32\DRIVERS\raspti.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\update.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\avchv.sys
    \SystemRoot\system32\DRIVERS\WDFLDR.SYS
    \SystemRoot\System32\Drivers\wdf01000.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RtkHDAud.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \SystemRoot\system32\DRIVERS\tcpip.sys
    \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys
    \SystemRoot\system32\DRIVERS\ipnat.sys
    \SystemRoot\system32\DRIVERS\netbt.sys
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\System32\Drivers\Fips.SYS
    \SystemRoot\system32\DRIVERS\bdvedisk.sys
    \??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys
    \SystemRoot\system32\DRIVERS\RTL8192su.sys
    \SystemRoot\System32\Drivers\Cdfs.SYS
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\usbscan.sys
    \SystemRoot\system32\DRIVERS\usbprint.sys
    \SystemRoot\system32\DRIVERS\HPZius12.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\HPZid412.sys
    \SystemRoot\system32\DRIVERS\HPZipr12.sys
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\igxpgd32.dll
    \SystemRoot\System32\igxprd32.dll
    \SystemRoot\System32\igxpdv32.DLL
    \SystemRoot\System32\igxpdx32.DLL
    \SystemRoot\System32\ATMFD.DLL
    \??\C:\WINDOWS\system32\drivers\mbam.sys
    \SystemRoot\system32\DRIVERS\avckf.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\mrxdav.sys
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\system32\DRIVERS\srv.sys
    \SystemRoot\System32\Drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\ipfltdrv.sys
    \SystemRoot\system32\drivers\kmixer.sys
    \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
    \WINDOWS\system32\ntdll.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR3
    Upper Device Object: 0xffffffff8499b6b0
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000075\
    Lower Device Object: 0xffffffff849a3600
    Lower Device Driver Name: \Driver\usbstor\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff8652bab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-4\
    Lower Device Object: 0xffffffff8658d940
    Lower Device Driver Name: \Driver\atapi\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff8652bab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8657b8f0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8652bab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff86580520, DeviceName: \Device\00000063\, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff8658d940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-4\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: A784A533

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 292043587
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 292061184 Numsec = 20516864

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 160041885696 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-312561808-312581808)...
    Done!
    Physical Sector Size: 0
    Drive: 1, DevicePointer: 0xffffffff8499b6b0, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff849a8470, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8499b6b0, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff849a3600, DeviceName: \Device\00000075\, DriverName: \Driver\usbstor\
    ------------ End ----------
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
    Removal finished
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1008

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 1.596000 GHz
    Memory total: 1064546304, free: 201809920

    Downloaded database version: v2014.01.09.05
    Downloaded database version: v2014.01.09.06
    Downloaded database version: v2014.01.09.07
    Initializing...
    ======================
    ------------ Kernel report ------------
    01/09/2014 16:03:01
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntkrnlpa.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    ACPI.sys
    \WINDOWS\system32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    trufos.sys
    \WINDOWS\system32\DRIVERS\FLTMGR.SYS
    pciide.sys
    \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    MountMgr.sys
    ftdisk.sys
    PartMgr.sys
    VolSnap.sys
    atapi.sys
    disk.sys
    \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    sr.sys
    avc3.sys
    gzflt.sys
    PxHelp20.sys
    KSecDD.sys
    Ntfs.sys
    NDIS.sys
    Serial.sys
    Mup.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\igxpmp32.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\Rtenicxp.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\imapi.sys
    \SystemRoot\system32\drivers\Afc.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\redbook.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\audstub.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\psched.sys
    \SystemRoot\system32\DRIVERS\msgpc.sys
    \SystemRoot\system32\DRIVERS\ptilink.sys
    \SystemRoot\system32\DRIVERS\raspti.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\update.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\avchv.sys
    \SystemRoot\system32\DRIVERS\WDFLDR.SYS
    \SystemRoot\System32\Drivers\wdf01000.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RtkHDAud.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \SystemRoot\system32\DRIVERS\tcpip.sys
    \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys
    \SystemRoot\system32\DRIVERS\ipnat.sys
    \SystemRoot\system32\DRIVERS\netbt.sys
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\System32\Drivers\Fips.SYS
    \SystemRoot\system32\DRIVERS\bdvedisk.sys
    \??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys
    \SystemRoot\system32\DRIVERS\RTL8192su.sys
    \SystemRoot\System32\Drivers\Cdfs.SYS
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\usbscan.sys
    \SystemRoot\system32\DRIVERS\usbprint.sys
    \SystemRoot\system32\DRIVERS\HPZius12.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\HPZid412.sys
    \SystemRoot\system32\DRIVERS\HPZipr12.sys
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\igxpgd32.dll
    \SystemRoot\System32\igxprd32.dll
    \SystemRoot\System32\igxpdv32.DLL
    \SystemRoot\System32\igxpdx32.DLL
    \SystemRoot\System32\ATMFD.DLL
    \??\C:\WINDOWS\system32\drivers\mbam.sys
    \SystemRoot\system32\DRIVERS\avckf.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\mrxdav.sys
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\system32\DRIVERS\srv.sys
    \SystemRoot\System32\Drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\ipfltdrv.sys
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \??\C:\WINDOWS\system32\drivers\48230029.sys
    \WINDOWS\system32\ntdll.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR3
    Upper Device Object: 0xffffffff8499b6b0
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000075\
    Lower Device Object: 0xffffffff849a3600
    Lower Device Driver Name: \Driver\usbstor\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff8652bab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-4\
    Lower Device Object: 0xffffffff8658d940
    Lower Device Driver Name: \Driver\atapi\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff8652bab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8657b8f0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8652bab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff86580520, DeviceName: \Device\00000063\, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff8658d940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-4\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: A784A533

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 292043587
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 292061184 Numsec = 20516864

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 160041885696 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-312561808-312581808)...
    Done!
    Physical Sector Size: 0
    Drive: 1, DevicePointer: 0xffffffff8499b6b0, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff849a8470, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8499b6b0, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff849a3600, DeviceName: \Device\00000075\, DriverName: \Driver\usbstor\
    ------------ End ----------
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
    Removal finished
  10. Broni

    Broni Malware Annihilator Posts: 46,123   +251

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  11. dmcneil35

    dmcneil35 Newcomer, in training Topic Starter Posts: 63

    Computer still v slow. I get this weird voice advert when I open firefox. somthing about taking a survey

    -----
    ComboFix 14-01-08.03 - HP_Administrator 2014-01-09 19:59:53.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.1015.309 [GMT -5:00]
    Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\ComboFix.exe
    AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    FW: Bitdefender Firewall *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\1387297222.bdinstall.bin
    c:\documents and settings\All Users\Application Data\AMMYY
    c:\documents and settings\All Users\Application Data\AMMYY\hr
    c:\documents and settings\All Users\Application Data\AMMYY\hr3
    c:\documents and settings\All Users\Application Data\AMMYY\settings3.bin
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
    c:\documents and settings\All Users\Application Data\TEMP\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}\PostBuild.exe
    c:\documents and settings\All Users\Application Data\TEMP\{80E158EA-7181-40FE-A701-301CE6BE64AB}\PostBuild.exe
    c:\documents and settings\HP_Administrator\Local Settings\Application Data\lollipop
    c:\documents and settings\HP_Administrator\Local Settings\Temporary Internet Files\GreyGray_iels
    c:\documents and settings\HP_Administrator\My Documents\~WRL0491.tmp
    c:\documents and settings\HP_Administrator\My Documents\~WRL2327.tmp
    c:\documents and settings\HP_Administrator\Recent\hpothb07.dat
    c:\documents and settings\HP_Administrator\Recent\hpothb07.tif
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-12-10 to 2014-01-10 )))))))))))))))))))))))))))))))
    .
    .
    2014-01-09 21:02 . 2014-01-09 21:02 104664 ----a-w- c:\windows\system32\drivers\48230029.sys
    2014-01-09 21:01 . 2014-01-09 21:01 51416 ----a-w- c:\windows\system32\drivers\32A91A4B.sys
    2014-01-09 14:42 . 2014-01-09 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
    2014-01-09 14:42 . 2014-01-09 14:42 104664 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-01-09 05:46 . 2014-01-09 05:46 51416 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-01-08 15:20 . 2014-01-08 15:20 -------- d-----w- c:\windows\system32\MRT
    2014-01-05 22:58 . 2014-01-05 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\bdch
    2014-01-02 22:35 . 2014-01-02 22:35 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
    2014-01-02 22:34 . 2014-01-02 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2014-01-02 22:34 . 2014-01-02 22:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2014-01-02 22:34 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-12-18 14:26 . 2013-12-18 14:26 -------- d-----w- C:\b173431b9b34f36d5d70
    2013-12-17 22:37 . 2013-12-17 22:37 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Bitdefender
    2013-12-17 22:37 . 2013-12-17 22:37 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\QuickScan
    2013-12-17 17:08 . 2013-12-17 17:08 -------- d-----w- c:\documents and settings\LocalService\Application Data\QuickScan
    2013-12-17 17:00 . 2008-11-07 23:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
    2013-12-17 17:00 . 2009-07-15 03:27 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
    2013-12-17 16:59 . 2013-12-17 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\BDLogging
    2013-12-17 16:59 . 2012-04-17 18:40 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
    2013-12-17 16:59 . 2013-11-04 20:47 66832 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
    2013-12-17 16:59 . 2013-11-04 20:47 74512 ----a-w- c:\windows\system32\bdsandboxuiskin.dll
    2013-12-17 16:59 . 2013-11-04 20:46 27168 ----a-w- c:\windows\system32\bdsandboxuh.dll
    2013-12-17 16:59 . 2013-02-22 23:46 116560 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
    2013-12-17 16:59 . 2007-04-11 15:11 511328 ----a-w- c:\windows\capicom.dll
    2013-12-17 16:58 . 2013-07-19 22:06 490144 ----a-w- c:\windows\system32\drivers\avckf.sys
    2013-12-17 16:58 . 2013-07-19 22:03 640560 ----a-w- c:\windows\system32\drivers\avc3.sys
    2013-12-17 16:58 . 2012-11-02 18:17 242504 ----a-w- c:\windows\system32\drivers\avchv.sys
    2013-12-17 16:30 . 2013-12-17 22:37 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Bitdefender
    2013-12-17 16:28 . 2013-12-17 16:28 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\QuickScan
    2013-12-17 16:20 . 2013-12-17 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Bitdefender
    2013-12-17 16:20 . 2013-08-23 17:48 165744 ----a-w- c:\windows\system32\drivers\gzflt.sys
    2013-12-17 16:20 . 2013-12-17 16:30 -------- d-----w- c:\program files\Bitdefender
    2013-12-17 16:20 . 2013-08-07 17:46 360376 ----a-w- c:\windows\system32\drivers\trufos.sys
    2013-12-17 16:13 . 2013-12-17 16:20 -------- d-----w- c:\program files\Common Files\Bitdefender
    2013-12-11 03:13 . 2013-12-11 03:13 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\InstallShield
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-01-09 05:19 . 2014-01-06 23:11 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS.bak
    2014-01-09 05:19 . 2014-01-06 23:11 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 4352 ----a-w- c:\windows\system32\drivers\wmilib.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 37608 ----a-w- c:\windows\system32\drivers\wdfldr.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 12032 ----a-w- c:\windows\system32\drivers\ws2ifsl.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 444136 ----a-w- c:\windows\system32\drivers\wdf01000.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 34560 ----a-w- c:\windows\system32\drivers\wanarp.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 81664 ----a-w- c:\windows\system32\drivers\videoprt.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 58112 ----a-w- c:\windows\system32\drivers\vdmindvd.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 26368 ----a-w- c:\windows\system32\drivers\usbstor.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 20992 ----a-w- c:\windows\system32\drivers\vga.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 20608 ----a-w- c:\windows\system32\drivers\usbuhci.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 123008 ----a-w- c:\windows\system32\drivers\usbvideo.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 14976 ----a-w- c:\windows\system32\drivers\usbscan.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 59520 ----a-w- c:\windows\system32\drivers\usbhub.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 5376 ----a-w- c:\windows\system32\drivers\usbd.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 30336 ----a-w- c:\windows\system32\drivers\usbehci.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 15872 ----a-w- c:\windows\system32\drivers\usbintel.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 144128 ----a-w- c:\windows\system32\drivers\usbport.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 25728 ----a-w- c:\windows\system32\drivers\usbcamd2.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 25600 ----a-w- c:\windows\system32\drivers\usbcamd.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 66048 ----a-w- c:\windows\system32\drivers\udfs.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 60160 ----a-w- c:\windows\system32\drivers\usbaudio.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 45056 ----a-w- c:\windows\system32\drivers\usbaapl.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 384768 ----a-w- c:\windows\system32\drivers\update.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 21376 ----a-w- c:\windows\system32\drivers\tsbvcap.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 51712 ----a-w- c:\windows\system32\drivers\tosdvd.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 40840 ----a-w- c:\windows\system32\drivers\termdd.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 360376 ----a-w- c:\windows\system32\drivers\trufos.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 21896 ----a-w- c:\windows\system32\drivers\tdtcp.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 19072 ----a-w- c:\windows\system32\drivers\tdi.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 12040 ----a-w- c:\windows\system32\drivers\tdpipe.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 48512 ----a-w- c:\windows\system32\drivers\stream.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 4352 ----a-w- c:\windows\system32\drivers\swenum.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 14976 ----a-w- c:\windows\system32\drivers\tape.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 73472 ----a-w- c:\windows\system32\drivers\sr.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 6272 ----a-w- c:\windows\system32\drivers\splitter.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 357888 ----a-w- c:\windows\system32\drivers\srv.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 25344 ----a-w- c:\windows\system32\drivers\sonydcam.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 14592 ----a-w- c:\windows\system32\drivers\smclib.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 11392 ----a-w- c:\windows\system32\drivers\sfloppy.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 11008 ----a-w- c:\windows\system32\drivers\sffp_sd.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 10240 ----a-w- c:\windows\system32\drivers\sffp_mmc.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 79232 ----a-w- c:\windows\system32\drivers\sdbus.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 64512 ----a-w- c:\windows\system32\drivers\serial.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 20480 ----a-w- c:\windows\system32\drivers\secdrv.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 15744 ----a-w- c:\windows\system32\drivers\serenum.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 11904 ----a-w- c:\windows\system32\drivers\sffdisk.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 96384 ----a-w- c:\windows\system32\drivers\scsiport.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 588032 ----a-w- c:\windows\system32\drivers\RTL8192su.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 6427240 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 5888 ----a-w- c:\windows\system32\drivers\rootmdm.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 141568 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 57600 ----a-w- c:\windows\system32\drivers\redbook.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 30592 ----a-w- c:\windows\system32\drivers\rndismp.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 203136 ----a-w- c:\windows\system32\drivers\rmcast.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 12032 ----a-w- c:\windows\system32\drivers\riodrv.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 12032 ----a-w- c:\windows\system32\drivers\rio8drv.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 48384 ----a-w- c:\windows\system32\drivers\raspptp.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 34432 ----a-w- c:\windows\system32\drivers\rawwan.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 175744 ----a-w- c:\windows\system32\drivers\rdbss.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 16512 ----a-w- c:\windows\system32\drivers\raspti.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 8832 ----a-w- c:\windows\system32\drivers\rasacd.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 51328 ----a-w- c:\windows\system32\drivers\rasl2tp.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 69120 ----a-w- c:\windows\system32\drivers\psched.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 45648 ----a-w- c:\windows\system32\drivers\PxHelp20.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 35840 ----a-w- c:\windows\system32\drivers\processr.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 17792 ----a-w- c:\windows\system32\drivers\ptilink.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 146048 ----a-w- c:\windows\system32\drivers\portcls.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 120192 ----a-w- c:\windows\system32\drivers\pcmcia.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 68224 ----a-w- c:\windows\system32\drivers\pci.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 6784 ----a-w- c:\windows\system32\drivers\parvdm.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 3328 ----a-w- c:\windows\system32\drivers\pciide.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 24960 ----a-w- c:\windows\system32\drivers\pciidex.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 80128 ----a-w- c:\windows\system32\drivers\parport.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 42752 ----a-w- c:\windows\system32\drivers\p3.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 3456 ----a-w- c:\windows\system32\drivers\oprghdlr.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 19712 ----a-w- c:\windows\system32\drivers\partmgr.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 63232 ----a-w- c:\windows\system32\drivers\nwlnknb.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 55936 ----a-w- c:\windows\system32\drivers\nwlnkspx.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 88320 ----a-w- c:\windows\system32\drivers\nwlnkipx.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 32512 ----a-w- c:\windows\system32\drivers\nwlnkfwd.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 2944 ----a-w- c:\windows\system32\drivers\null.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 12416 ----a-w- c:\windows\system32\drivers\nwlnkflt.sys.bak
    2014-01-09 05:19 . 2014-01-06 23:11 574976 ----a-w- c:\windows\system32\drivers\ntfs.sys.bak
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-10 23:54 131248 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-10 23:54 131248 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-10 23:54 131248 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-10 23:54 131248 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
    @="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
    [HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
    2013-07-08 19:58 179560 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
    @="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
    [HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
    2013-07-08 19:58 179560 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
    @="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
    [HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
    2013-07-08 19:58 179560 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
    @="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
    [HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
    2013-07-08 19:58 179560 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-07-25 20684656]
    "Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2013-12-17 477736]
    "Bitdefender Wallet Application Agent"="c:\program files\Bitdefender\Bitdefender\bdapppassmgr.exe" [2013-12-17 612696]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-26 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-26 166424]
    "Reminder"="c:\windows\SMINST\Reminder.exe" [2009-07-23 1959208]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
    "Bdagent"="c:\program files\Bitdefender\Bitdefender\bdagent.exe" [2013-12-17 1834240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "(A0)"="c:\documents and settings\HP_Administrator\Desktop\mbar\mbar.exe" [2013-11-19 1175352]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2013-12-17 477736]
    "Bitdefender Wallet"="c:\program files\Bitdefender\Bitdefender\pwdmanui.exe" [2013-12-17 898512]
    "Bitdefender Wallet Application Agent"="c:\program files\Bitdefender\Bitdefender\bdapppassmgr.exe" [2013-12-17 612696]
    .
    c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe [2014-1-2 30714328]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    ImageMixer 3 SE Camera Monitor Ver.4.5.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.4.5\Transfer Utility\CameraMonitor.exe [2011-12-2 406896]
    PHOTOfunSTUDIO -viewer-.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2012-8-27 40960]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk
    backup=c:\windows\pss\hp psc 2000 Series.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
    backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
    1998-05-07 16:04 52736 ----a-w- c:\windows\system\hpsysdrv.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Documents and Settings\\HP_Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2013-12-17 640560]
    R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [2013-12-17 165744]
    R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2013-12-17 72704]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-01-02 418376]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2014-01-02 701512]
    R2 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender Safebox\safeboxservice.exe [2013-12-17 81704]
    R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender\updatesrv.exe [2013-12-17 54424]
    R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2013-12-17 242504]
    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys [2013-12-17 116560]
    R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-01-09 51416]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-01-02 22856]
    R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2009-03-27 588032]
    S1 iSafeNetFilter;iSafeNetFilter;\??\c:\program files\iSafe\iSafeNetFilter.sys --> c:\program files\iSafe\iSafeNetFilter.sys [?]
    S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
    S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-09 3275136]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-07-25 162672]
    S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2013-12-17 490144]
    S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2013-12-17 66832]
    S4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender\bdparentalservice.exe [2013-12-17 69880]
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - MBAMSwissArmy
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-19 20:05]
    .
    2013-12-10 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    mStart Page = about:blank
    uInternet Settings,ProxyServer = 205.213.195.70:8080
    uInternet Settings,ProxyOverride = <local>
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\zh89uc04.default\
    FF - prefs.js: network.proxy.type - 0
    FF - ExtSQL: 2013-11-28 16:42; ffpwdman@bitdefender.com; c:\program files\Bitdefender\Bitdefender\ffpwdman
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2014-01-09 20:11
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrueSight]
    "ImagePath"="\??\"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1344)
    c:\windows\system32\igfxdev.dll
    .
    Completion time: 2014-01-09 20:15:58
    ComboFix-quarantined-files.txt 2014-01-10 01:15
    .
    Pre-Run: 84 177 145 856 bytes free
    Post-Run: 91 079 311 360 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - E2AFF36165855406A2DD809F8B1BD2DC
    2947C7A174342A9DFF3C607CC5E4CAF4
     
  12. Broni

    Broni Malware Annihilator Posts: 46,123   +251

    [​IMG] What exactly is slow?

    [​IMG] Is Firefox the only browser affected by ads?

    [​IMG] You have some Norton's leftovers. Run this tool to remove them: http://www.majorgeeks.com/files/details/norton_removal_tool.html

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  13. dmcneil35

    dmcneil35 Newcomer, in training Topic Starter Posts: 63

    Programs open slowly. even typing has a delay. I opened internet explorer to check the voice add thing and nothing happened. but IE reports "working off line" ??

    proceeding to assigned tasks
  14. dmcneil35

    dmcneil35 Newcomer, in training Topic Starter Posts: 63

    Firefox taking forever to load. but no more audio ad

    # AdwCleaner v3.016 - Report created 09/01/2014 at 21:03:47
    # Updated 23/12/2013 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : HP_Administrator - YOUR-06CE742A84
    # Running from : C:\Documents and Settings\HP_Administrator\My Documents\Downloads\adwcleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\NCH Software
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\Program Files\Mobogenie
    Folder Deleted : C:\Program Files\MyPC Backup
    Folder Deleted : C:\Program Files\NCH Software
    Folder Deleted : C:\Program Files\PC Optimizer Pro
    Folder Deleted : C:\Documents and Settings\LocalService\Application Data\iSafe
    Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Conduit
    Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mobogenie
    Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\iSafe
    Folder Deleted : C:\Documents and Settings\HP_Administrator\My Documents\Mobogenie
    Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\zh89uc04.default\Smartbar
    Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\zh89uc04.default\CT2801948
    Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\zh89uc04.default\Extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
    File Deleted : C:\END
    File Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\zh89uc04.default\searchplugins\bingp.xml
    File Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\zh89uc04.default\user.js

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2801948
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\lollipop
    Key Deleted : HKCU\Software\NCH Software
    Key Deleted : HKCU\Software\pc optimizer pro
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\NCH Software
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PricePeep

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702


    -\\ Mozilla Firefox v26.0 (en-US)

    [ File : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\zh89uc04.default\prefs.js ]

    Line Deleted : user_pref("CT2801948.1000082.isPlayDisplay", "true");
    Line Deleted : user_pref("CT2801948.1000082.muteState", "off");
    Line Deleted : user_pref("CT2801948.1000082.shrinkState", "expanded");
    Line Deleted : user_pref("CT2801948.1000082.state", "{\"state\":\"stopped\",\"text\":\"Quebec - ...\",\"description\":\"Quebec - CBC Radio One\",\"url\":\"hxxp://origin.www.cbc.ca/mrl2/livemedia/cbcr1-quebeccity.asx[...]
    Line Deleted : user_pref("CT2801948.1000234.TWC_TMP_city", "MONTREAL");
    Line Deleted : user_pref("CT2801948.1000234.TWC_TMP_country", "CA");
    Line Deleted : user_pref("CT2801948.1000234.TWC_locId", "CAXX0301");
    Line Deleted : user_pref("CT2801948.1000234.TWC_location", "Montreal, Canada");
    Line Deleted : user_pref("CT2801948.1000234.TWC_region", "OT");
    Line Deleted : user_pref("CT2801948.1000234.TWC_temp_dis", "c");
    Line Deleted : user_pref("CT2801948.1000234.TWC_wind_dis", "kmh");
    Line Deleted : user_pref("CT2801948.1000234.weatherData", "{\"icon\":\"30.png\",\"temperature\":\"4°C\",\"temperatureClear\":\"4°C\",\"highTemperature\":\"1°C\",\"lowTemperature\":\"-2°C\",\"feelsLike\":\"1°C\",\"co[...]
    Line Deleted : user_pref("CT2801948.129343840936544328.APP_WIN_FEATURES", "hscroll=1,vscroll=1,saveresizedsize=0,resizable=yes,titlebar=yes,closeonexternalclick=no,savelocation=no,openposition=center");
    Line Deleted : user_pref("CT2801948.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Line Deleted : user_pref("CT2801948.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Line Deleted : user_pref("CT2801948.Facebook_Mode", "2");
    Line Deleted : user_pref("CT2801948.FirstTime", "true");
    Line Deleted : user_pref("CT2801948.FirstTimeFF3", "true");
    Line Deleted : user_pref("CT2801948.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=2&q=");
    Line Deleted : user_pref("CT2801948.UserID", "UN28148528763935354");
    Line Deleted : user_pref("CT2801948.addressBarTakeOverEnabledInHidden", "true");
    Line Deleted : user_pref("CT2801948.autoDisableScopes", -1);
    Line Deleted : user_pref("CT2801948.browser.search.defaultthis.engineName", true);
    Line Deleted : user_pref("CT2801948.defaultSearch", "true");
    Line Deleted : user_pref("CT2801948.embeddedsData", "[{\"appId\":\"129306881621438061\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
    Line Deleted : user_pref("CT2801948.enableAlerts", "always");
    Line Deleted : user_pref("CT2801948.enableSearchFromAddressBar", "true");
    Line Deleted : user_pref("CT2801948.firstTimeDialogOpened", "true");
    Line Deleted : user_pref("CT2801948.fixPageNotFoundError", "true");
    Line Deleted : user_pref("CT2801948.fixPageNotFoundErrorInHidden", "true");
    Line Deleted : user_pref("CT2801948.fixUrls", true);
    Line Deleted : user_pref("CT2801948.hxxp___pinterest_aot_im.isEnabled", "Y");
    Line Deleted : user_pref("CT2801948.installId", "toolbarinstall.exe");
    Line Deleted : user_pref("CT2801948.installType", "ConduitNSISIntegration");
    Line Deleted : user_pref("CT2801948.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Line Deleted : user_pref("CT2801948.isNewTabEnabled", true);
    Line Deleted : user_pref("CT2801948.isPerformedSmartBarTransition", "true");
    Line Deleted : user_pref("CT2801948.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
    Line Deleted : user_pref("CT2801948.keyword", true);
    Line Deleted : user_pref("CT2801948.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Faccounts.google.com%2FServiceLogin%3Fservice%3Dmail%26passive%3Dtrue%26rm%3Dfalse%26continu[...]
    Line Deleted : user_pref("CT2801948.openThankYouPage", "false");
    Line Deleted : user_pref("CT2801948.openUninstallPage", "true");
    Line Deleted : user_pref("CT2801948.search.searchAppId", "129306881621438061");
    Line Deleted : user_pref("CT2801948.search.searchCount", "2");
    Line Deleted : user_pref("CT2801948.searchInNewTabEnabledInHidden", "true");
    Line Deleted : user_pref("CT2801948.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Line Deleted : user_pref("CT2801948.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
    Line Deleted : user_pref("CT2801948.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
    Line Deleted : user_pref("CT2801948.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2801948\"}");
    Line Deleted : user_pref("CT2801948.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://NCHEN.OurToolbar.com//xpi\"}");
    Line Deleted : user_pref("CT2801948.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"NCH EN\"}");
    Line Deleted : user_pref("CT2801948.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Line Deleted : user_pref("CT2801948.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
    Line Deleted : user_pref("CT2801948.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1354470294377");
    Line Deleted : user_pref("CT2801948.serviceLayer_services_appTracking_lastUpdate", "1344365855056");
    Line Deleted : user_pref("CT2801948.serviceLayer_services_appsMetadata_lastUpdate", "1354484068051");
    Line Deleted : user_pref("CT2801948.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1353944761960");
    Line Deleted : user_pref("CT2801948.serviceLayer_services_login_10.10.20.14_lastUpdate", "1354513498348");
    Line Deleted : user_pref("CT2801948.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1353944762113");
    Line Deleted : user_pref("CT2801948.serviceLayer_services_searchAPI_lastUpdate", "1354487669844");
    Line Deleted : user_pref("CT2801948.serviceLayer_services_serviceMap_lastUpdate", "1354487668680");
    Line Deleted : user_pref("CT2801948.serviceLayer_services_toolbarContextMenu_lastUpdate", "1353944761814");
    Line Deleted : user_pref("CT2801948.serviceLayer_services_toolbarSettings_lastUpdate", "1354513497823");
    Line Deleted : user_pref("CT2801948.serviceLayer_services_translation_lastUpdate", "1354487668843");
    Line Deleted : user_pref("CT2801948.settingsINI", true);
    Line Deleted : user_pref("CT2801948.shouldFirstTimeDialog", "false");
    Line Deleted : user_pref("CT2801948.smartbar.CTID", "CT2801948");
    Line Deleted : user_pref("CT2801948.smartbar.Uninstall", "0");
    Line Deleted : user_pref("CT2801948.smartbar.homepage", true);
    Line Deleted : user_pref("CT2801948.smartbar.isHidden", true);
    Line Deleted : user_pref("CT2801948.smartbar.toolbarName", "NCH EN ");
    Line Deleted : user_pref("CT2801948.toolbarBornServerTime", "28-7-2012");
    Line Deleted : user_pref("CT2801948.toolbarCurrentServerTime", "3-12-2012");
    Line Deleted : user_pref("CT2801948.twitter_v1.8.0_twitter_app_open_t_f", "false");
    Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=13");
    Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "NCH EN Customized Web Search");
    Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=2&q=");
    Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT2801948");
    Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
    Line Deleted : user_pref("browser.search.order.1", "Ask.com");
    Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=2&q=");

    *************************

    AdwCleaner[R0].txt - [11548 octets] - [09/01/2014 21:01:49]
    AdwCleaner[S0].txt - [11738 octets] - [09/01/2014 21:03:47]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11799 octets] ##########
  15. dmcneil35

    dmcneil35 Newcomer, in training Topic Starter Posts: 63

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.0 (01.07.2014:1)
    OS: Microsoft Windows XP x86
    Ran by HP_Administrator on 2014-01-09 at 22:10:28,00
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\cre"
    Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"



    ~~~ FireFox

    Successfully deleted: [Folder] C:\Documents and Settings\HP_Administrator\Application Data\mozilla\firefox\profiles\zh89uc04.default\smartbar
    Successfully deleted the following from C:\Documents and Settings\HP_Administrator\Application Data\mozilla\firefox\profiles\zh89uc04.default\prefs.js

    user_pref("CT2801948.FirstTime", "true");
    user_pref("CT2801948.FirstTimeFF3", "true");
    user_pref("CT2801948.UserID", "UN02354392670524963");
    user_pref("CT2801948.fullUserID", "UN02354392670524963.XP.20140109215645");
    user_pref("CT2801948.isCheckedStartAsHidden", true);
    user_pref("CT2801948.lastVersion", "10.23.0.822");
    user_pref("CT2801948.settingsINI", true);
    user_pref("CT2801948.smartbar.CTID", "CT2801948");
    user_pref("CT2801948.smartbar.Uninstall", "0");
    user_pref("CT2801948.smartbar.toolbarName", "NCH EN ");
    user_pref("CT2801948.userIdGenerationCounter", "1");
    user_pref("CT2801948_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1389322871636,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
    user_pref("plugin.state.npconduitfirefoxplugin", 2);
    user_pref("smartbar.machineId", "D6G33JP9HADOI/5IILLH/T/BKTVOXIYXRJ0BTBIX71MBP1MYU/I9AKB1+/ZD7XHYM7OED7KXPEVPJ12ACZEHVW");
    Emptied folder: C:\Documents and Settings\HP_Administrator\Application Data\mozilla\firefox\profiles\zh89uc04.default\minidumps [4 files]





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 2014-01-09 at 22:29:45,51
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  16. dmcneil35

    dmcneil35 Newcomer, in training Topic Starter Posts: 63

    OTL Extras logfile created on: 2014-01-09 22:46:52 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd
    1015,23 Mb Total Physical Memory | 514,71 Mb Available Physical Memory | 50,70% Memory free
    2,38 Gb Paging File | 1,58 Gb Available in Paging File | 66,07% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 139,26 Gb Total Space | 84,70 Gb Free Space | 60,82% Space Free | Partition Type: NTFS
    Drive D: | 9,78 Gb Total Space | 0,42 Gb Free Space | 4,32% Space Free | Partition Type: NTFS
    Computer Name: YOUR-06CE742A84 | User Name: HP_Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
    ========== Extra Registry (SafeList) ==========
    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
    [HKEY_USERS\S-1-5-21-2985956707-2506270801-1478608977-1006\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- c:\program files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    ========== Shell Spawning ==========
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    https [open] -- Reg Error: Key error.
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    ========== Security Center Settings ==========
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "ANTIVIRUSDISABLENOTIFY" = 0
    "FIREWALLDISABLENOTIFY" = 0
    "UPDATESDISABLENOTIFY" = 0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
    ========== System Restore Settings ==========
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2
    ========== Firewall Settings ==========
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22002
    ========== Authorized Applications List ==========
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
    "C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 45
    "{28C7E8E5-F0E4-4CF3-A823-AD49BFF4DE9A}" = ImageMixer 3 SE Ver.4.5 Video Tools
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{4028A420-8CB5-4F9C-B698-6EBA5491256D}" = ImageMixer 3 SE Ver.4.5 Transfer Utility
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
    "{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.7
    "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
    "{65AC648B-9559-4C54-8ED3-B04A10C0FB8D}" = StudioTax 2012
    "{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{87E6A443-536D-4047-AAC9-40947FC3333A}" = Music Transfer Utility Ver.1.5
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
    "{93FB47FB-4FDF-4131-B5FD-7A37883868E7}" = hp psc 2170 series
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
    "{B2F25F71-D920-4288-A548-54CD253DEF14}" = SILKYPIX Developer Studio 3.0 SE
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Bitdefender" = Bitdefender Total Security
    "DivX Setup" = DivX Setup
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HP PSC 2170 Series" = HP Photo and Imaging 2.0 - hp psc 2170 series
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{B2F25F71-D920-4288-A548-54CD253DEF14}" = SILKYPIX Developer Studio 3.0 SE
    "Lightspark" = Lightspark 0.5.3-git
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
    ========== HKEY_USERS Uninstall List ==========
    [HKEY_USERS\S-1-5-21-2985956707-2506270801-1478608977-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    ========== Last 20 Event Log Errors ==========
    [ Application Events ]
    Error - 2013-12-07 04:32:00 | Computer Name = YOUR-06CE742A84 | Source = Bonjour Service | ID = 100
    Description =
    Error - 2013-12-07 04:32:00 | Computer Name = YOUR-06CE742A84 | Source = Bonjour Service | ID = 100
    Description =
    Error - 2013-12-07 04:32:00 | Computer Name = YOUR-06CE742A84 | Source = Bonjour Service | ID = 100
    Description =
    Error - 2013-12-08 05:27:12 | Computer Name = YOUR-06CE742A84 | Source = Application Error | ID = 1000
    Description = Faulting application acdaemon.exe, version 1.1.0.49, faulting module
    acdaemon.exe, version 1.1.0.49, fault address 0x0001af76.
    Error - 2013-12-09 16:44:19 | Computer Name = YOUR-06CE742A84 | Source = Application Error | ID = 1000
    Description = Faulting application acdaemon.exe, version 1.1.0.49, faulting module
    acdaemon.exe, version 1.1.0.49, fault address 0x0001af76.
    Error - 2013-12-09 23:56:36 | Computer Name = YOUR-06CE742A84 | Source = Application Error | ID = 1000
    Description = Faulting application acdaemon.exe, version 1.1.0.49, faulting module
    acdaemon.exe, version 1.1.0.49, fault address 0x0001af76.
    Error - 2013-12-09 23:58:11 | Computer Name = YOUR-06CE742A84 | Source = Application Error | ID = 1001
    Description = Fault bucket -2109233358.
    Error - 2013-12-10 00:02:31 | Computer Name = YOUR-06CE742A84 | Source = Application Error | ID = 1000
    Description = Faulting application plugin-container.exe, version 25.0.1.5064, faulting
    module mozalloc.dll, version 25.0.1.5064, fault address 0x0000119c.
    Error - 2014-01-07 00:41:40 | Computer Name = YOUR-06CE742A84 | Source = EventSystem | ID = 4609
    Description = The COM+ Event System detected a bad return code during its internal
    processing. HRESULT was 80070005 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
    Please contact Microsoft Product Support Services to report this erro
    Error - 2014-01-07 00:41:40 | Computer Name = YOUR-06CE742A84 | Source = VSS | ID = 8193
    Description = Volume Shadow Copy Service error: Unexpected error calling routine
    CoCreateInstance. hr = 0x80040206.
    [ OSession Events ]
    Error - 2013-04-05 03:00:27 | Computer Name = YOUR-06CE742A84 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 123190
    seconds with 12060 seconds of active time. This session ended with a crash.
    Error - 2013-05-20 03:52:57 | Computer Name = YOUR-06CE742A84 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10087
    seconds with 0 seconds of active time. This session ended with a crash.
    Error - 2013-08-11 03:31:08 | Computer Name = YOUR-06CE742A84 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 137541
    seconds with 0 seconds of active time. This session ended with a crash.
    [ System Events ]
    Error - 2014-01-08 18:40:42 | Computer Name = YOUR-06CE742A84 | Source = Dhcp | ID = 1001
    Description = Your computer was not assigned an address from the network (by the
    DHCP Server) for the Network Card with network address D8FEE32FC5B4. The following
    error occurred: %%1223. Your computer will continue to try and obtain an address
    on its own from the network address (DHCP) server.
    Error - 2014-01-09 01:56:15 | Computer Name = YOUR-06CE742A84 | Source = Service Control Manager | ID = 7034
    Description = The MBAMScheduler service terminated unexpectedly. It has done this
    1 time(s).
    Error - 2014-01-09 01:56:21 | Computer Name = YOUR-06CE742A84 | Source = Service Control Manager | ID = 7034
    Description = The MBAMService service terminated unexpectedly. It has done this
    1 time(s).
    Error - 2014-01-09 02:49:31 | Computer Name = YOUR-06CE742A84 | Source = Service Control Manager | ID = 7000
    Description = The Norton Internet Security service failed to start due to the following
    error: %%3
    Error - 2014-01-09 02:49:33 | Computer Name = YOUR-06CE742A84 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    iSafeNetFilter SRTSP SRTSPX
    Error - 2014-01-09 10:13:23 | Computer Name = YOUR-06CE742A84 | Source = Service Control Manager | ID = 7000
    Description = The Norton Internet Security service failed to start due to the following
    error: %%3
    Error - 2014-01-09 10:13:23 | Computer Name = YOUR-06CE742A84 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    iSafeNetFilter SRTSP SRTSPX
    Error - 2014-01-09 14:26:40 | Computer Name = YOUR-06CE742A84 | Source = Dhcp | ID = 1001
    Description = Your computer was not assigned an address from the network (by the
    DHCP Server) for the Network Card with network address D8FEE32FC5B4. The following
    error occurred: %%1223. Your computer will continue to try and obtain an address
    on its own from the network address (DHCP) server.
    Error - 2014-01-09 20:32:15 | Computer Name = YOUR-06CE742A84 | Source = Service Control Manager | ID = 7034
    Description = The Skype C2C Service service terminated unexpectedly. It has done
    this 1 time(s).
    Error - 2014-01-09 22:42:14 | Computer Name = YOUR-06CE742A84 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    iSafeNetFilter
    < End of report >
  17. dmcneil35

    dmcneil35 Newcomer, in training Topic Starter Posts: 63

    Dupe...
    Last edited by a moderator: Jan 10, 2014
  18. dmcneil35

    dmcneil35 Newcomer, in training Topic Starter Posts: 63

    OTL logfile created on: 2014-01-09 22:46:51 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd
    1015,23 Mb Total Physical Memory | 514,71 Mb Available Physical Memory | 50,70% Memory free
    2,38 Gb Paging File | 1,58 Gb Available in Paging File | 66,07% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 139,26 Gb Total Space | 84,70 Gb Free Space | 60,82% Space Free | Partition Type: NTFS
    Drive D: | 9,78 Gb Total Space | 0,42 Gb Free Space | 4,32% Space Free | Partition Type: NTFS
    Computer Name: YOUR-06CE742A84 | User Name: HP_Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
    ========== Processes (SafeList) ==========
    PRC - [2014-01-09 22:45:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe
    PRC - [2014-01-02 19:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe
    PRC - [2013-12-17 12:36:40 | 001,834,240 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
    PRC - [2013-12-17 12:36:26 | 000,477,736 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
    PRC - [2013-12-17 12:36:04 | 000,612,696 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe
    PRC - [2013-11-15 15:05:46 | 001,234,792 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
    PRC - [2013-10-09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2013-10-08 07:48:23 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2013-10-07 11:13:01 | 000,054,424 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
    PRC - [2013-07-08 14:52:34 | 000,081,704 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
    PRC - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2013-04-04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2011-07-28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2010-03-18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2009-08-28 21:07:22 | 000,406,896 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4.5\Transfer Utility\CameraMonitor.exe
    PRC - [2008-05-27 18:35:30 | 000,040,960 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
    PRC - [2008-04-14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2003-03-09 21:31:02 | 000,065,795 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
    ========== Modules (No Company Name) ==========
    MOD - [2014-01-08 10:38:56 | 002,128,832 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender\otengines_00023_003\ashttpph.mdl
    MOD - [2014-01-08 10:38:52 | 001,119,480 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender\otengines_00023_003\ashttprbl.mdl
    MOD - [2014-01-08 10:38:51 | 000,667,280 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender\otengines_00023_003\ashttpbr.mdl
    MOD - [2014-01-08 10:38:45 | 000,488,584 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender\otengines_00023_003\ashttpdsp.mdl
    MOD - [2014-01-02 19:45:04 | 003,558,400 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\wxmsw28uh_vc.dll
    MOD - [2013-11-28 16:38:13 | 000,004,608 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender\ui\imsecurityal.ui
    MOD - [2013-11-28 16:38:11 | 000,003,072 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender\ui\accessl.ui
    MOD - [2013-11-17 03:23:39 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2013-11-17 03:23:25 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    MOD - [2013-11-17 03:23:21 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    MOD - [2013-11-15 12:54:45 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\b01bf82d99cca42b8140884fb833583d\System.Transactions.ni.dll
    MOD - [2013-11-15 12:54:14 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\9c02362e677418460c52569019a266e4\System.EnterpriseServices.ni.dll
    MOD - [2013-11-15 12:13:33 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll
    MOD - [2013-11-15 12:08:21 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
    MOD - [2013-11-15 12:08:00 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\02257c6b67db33c194fa3beccf977afb\System.Windows.Forms.ni.dll
    MOD - [2013-11-15 12:06:36 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll
    MOD - [2013-11-15 12:03:35 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\5013900c3c0610c88059fcb8f1f4acb4\System.Data.ni.dll
    MOD - [2013-11-15 11:53:15 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
    MOD - [2013-11-15 11:52:40 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
    MOD - [2013-10-18 18:55:02 | 025,100,288 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\libcef.dll
    MOD - [2013-09-03 13:29:38 | 000,095,088 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender\bdmetrics.dll
    MOD - [2013-08-07 12:47:42 | 000,401,528 | ---- | M] () -- \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll
    MOD - [2013-06-19 11:44:37 | 000,204,280 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll
    MOD - [2013-03-25 15:16:32 | 000,919,136 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender Safebox\system.data.sqlite.dll
    MOD - [2012-02-20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012-02-20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011-11-14 19:17:06 | 000,132,176 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender\bdfwcore.dll
    MOD - [2011-07-28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2011-07-28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    MOD - [2008-08-29 15:15:50 | 000,364,544 | ---- | M] () -- C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4.5\Transfer Utility\pxl_m17n_tool.dll
    MOD - [2008-05-27 18:30:44 | 000,036,864 | ---- | M] () -- C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\RawPictureLib.pcp
    MOD - [2008-04-14 07:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
    MOD - [2008-04-14 07:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2003-03-09 20:31:04 | 000,561,152 | ---- | M] () -- C:\WINDOWS\system32\hpotscl.dll
    ========== Services (SafeList) ==========
    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2013-12-21 10:18:19 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013-11-21 18:41:02 | 000,069,880 | ---- | M] (Bitdefender) [Disabled | Stopped] -- C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe -- (BdDesktopParental)
    SRV - [2013-11-15 15:05:46 | 001,234,792 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender\vsserv.exe -- (VSSERV)
    SRV - [2013-10-09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2013-10-08 07:48:23 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2013-10-07 11:13:01 | 000,054,424 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe -- (UPDATESRV)
    SRV - [2013-09-19 15:05:14 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013-07-25 07:52:52 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013-07-08 14:52:34 | 000,081,704 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe -- (SafeBox)
    SRV - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2010-03-18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2003-03-09 21:31:02 | 000,065,795 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
    ========== Driver Services (SafeList) ==========
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (TrueSight)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\iSafe\iSafeNetFilter.sys -- (iSafeNetFilter)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2013-11-04 15:47:30 | 000,066,832 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bdsandbox.sys -- (BDSandBox)
    DRV - [2013-08-23 12:48:39 | 000,165,744 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\gzflt.sys -- (gzflt)
    DRV - [2013-08-07 12:46:04 | 000,360,376 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\trufos.sys -- (trufos)
    DRV - [2013-07-26 10:53:51 | 000,135,600 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys -- (bdselfpr)
    DRV - [2013-07-19 17:06:44 | 000,490,144 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avckf.sys -- (avckf)
    DRV - [2013-07-19 17:03:32 | 000,640,560 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avc3.sys -- (avc3)
    DRV - [2013-04-04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2013-02-22 18:46:44 | 000,116,560 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys -- (Bdfndisf)
    DRV - [2012-11-02 13:17:14 | 000,242,504 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avchv.sys -- (avchv)
    DRV - [2012-04-17 13:40:22 | 000,072,704 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bdvedisk.sys -- (BDVEDISK)
    DRV - [2011-11-14 19:16:26 | 000,130,640 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys -- (bdftdif)
    DRV - [2011-08-16 17:46:02 | 006,427,240 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
    DRV - [2009-08-05 09:23:22 | 000,588,032 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
    DRV - [2009-04-23 06:22:16 | 000,141,568 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2005-02-23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
    ========== Standard Registry (SafeList) ==========
    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IN&c=64&bd=PRESARIO&pf=desktop
    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IN&c=64&bd=PRESARIO&pf=desktop
    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-2985956707-2506270801-1478608977-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-2985956707-2506270801-1478608977-1006\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-2985956707-2506270801-1478608977-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2985956707-2506270801-1478608977-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\S-1-5-21-2985956707-2506270801-1478608977-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 205.213.195.70:8080
    ========== FireFox ==========
    FF - prefs.js..browser.startup.homepage: "about:home"
    FF - prefs.js..extensions.enabledAddons: fr-classique%40dictionaries.addons.mozilla.org:4.3
    FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
    FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.126
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
    FF - user.js - File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Bitdefender.com/PasswordManager;version=17.8: C:\Program Files\Bitdefender\Bitdefender\pmbxnp.dll (Bitdefender)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1: C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-10-01 13:25:35 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ffpwdman@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender\ffpwdman\ [2013-11-28 16:42:48 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: c:\program files\Mozilla Firefox\components [2013-12-10 23:38:02 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: c:\program files\Mozilla Firefox\plugins [2013-12-10 23:38:02 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender\bdtbext [2013-11-28 16:42:31 | 000,000,000 | ---D | M]
    [2011-01-06 18:46:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
    [2014-01-09 22:42:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\zh89uc04.default\extensions
    [2014-01-09 21:52:29 | 000,000,000 | ---D | M] (NCH EN) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\zh89uc04.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
    [2011-10-08 07:59:29 | 000,000,000 | ---D | M] (Dictionnaire français «Classique») -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\zh89uc04.default\extensions\fr-classique@dictionaries.addons.mozilla.org
    [2014-01-09 22:42:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\zh89uc04.default\extensions\staged
    [2014-01-01 16:34:45 | 000,915,554 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\zh89uc04.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2014-01-09 22:02:08 | 000,001,086 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\zh89uc04.default\searchplugins\nch-en-customized-web-search.xml
    [2013-11-16 00:11:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013-11-16 00:11:44 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013-11-16 00:11:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2013-11-16 00:11:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013-12-21 10:18:30 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2011-10-01 13:25:35 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
    [2013-11-17 03:17:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
  19. dmcneil35

    dmcneil35 Newcomer, in training Topic Starter Posts: 63

    Part 2.

    I may have accidentally hit scan instead of quick scan

    O1 HOSTS File: ([2014-01-09 20:11:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Bitdefender Wallet) - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    O4 - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender\bdagent.exe (Bitdefender)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [Reminder] C:\WINDOWS\SMINST\reminder.exe (CyberLink)
    O4 - HKU\.DEFAULT..\Run: [Bitdefender Wallet] C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe (Bitdefender)
    O4 - HKU\.DEFAULT..\Run: [Bitdefender Wallet Agent] C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe (Bitdefender)
    O4 - HKU\.DEFAULT..\Run: [Bitdefender Wallet Application Agent] C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe (Bitdefender)
    O4 - HKU\S-1-5-18..\Run: [Bitdefender Wallet] C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe (Bitdefender)
    O4 - HKU\S-1-5-18..\Run: [Bitdefender Wallet Agent] C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe (Bitdefender)
    O4 - HKU\S-1-5-18..\Run: [Bitdefender Wallet Application Agent] C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe (Bitdefender)
    O4 - HKU\S-1-5-21-2985956707-2506270801-1478608977-1006..\Run: [Bitdefender Wallet Agent] C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe (Bitdefender)
    O4 - HKU\S-1-5-21-2985956707-2506270801-1478608977-1006..\Run: [Bitdefender Wallet Application Agent] C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe (Bitdefender)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.4.5.lnk = C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4.5\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)
    O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2985956707-2506270801-1478608977-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2985956707-2506270801-1478608977-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-2985956707-2506270801-1478608977-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
    O7 - HKU\S-1-5-21-2985956707-2506270801-1478608977-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-2985956707-2506270801-1478608977-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1294355956989 (WUWebControl Class)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58760A3C-BCCF-45D9-A72D-281595A5B161}: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop Components:0 () - https://dub117.afx.ms/att/GetInline...aeac9938272f368e8e490ae746b43c&amp;oneredir=1
    O24 - Desktop Components:1 (My Current Home Page) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009-09-01 19:52:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    ========== Files/Folders - Created Within 30 Days ==========
    [2014-01-09 22:10:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
    [2014-01-09 21:01:46 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014-01-09 19:53:10 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2014-01-09 19:41:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2014-01-09 19:41:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2014-01-09 19:41:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2014-01-09 19:41:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2014-01-09 19:41:03 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2014-01-09 19:32:52 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2014-01-09 19:31:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
    [2014-01-09 16:02:58 | 000,104,664 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\48230029.sys
    [2014-01-09 16:01:47 | 000,051,416 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\32A91A4B.sys
    [2014-01-09 09:42:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
    [2014-01-09 09:42:42 | 000,104,664 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
    [2014-01-09 00:46:23 | 000,051,416 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
    [2014-01-09 00:45:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\mbar
    [2014-01-08 10:20:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
    [2014-01-06 18:11:59 | 000,037,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wdfldr.sys.bak
    [2014-01-06 18:11:59 | 000,004,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wmilib.sys.bak
    [2014-01-06 18:11:58 | 000,081,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\videoprt.sys.bak
    [2014-01-06 18:11:58 | 000,058,112 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\vdmindvd.sys.bak
    [2014-01-06 18:11:57 | 000,144,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys.bak
    [2014-01-06 18:11:57 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbintel.sys.bak
    [2014-01-06 18:11:57 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbd.sys.bak
    [2014-01-06 18:11:56 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd2.sys.bak
    [2014-01-06 18:11:56 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd.sys.bak
    [2014-01-06 18:11:56 | 000,021,376 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\drivers\tsbvcap.sys.bak
    [2014-01-06 18:11:56 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023.sys.bak
    [2014-01-06 18:11:55 | 000,360,376 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\trufos.sys.bak
    [2014-01-06 18:11:55 | 000,226,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys.bak
    [2014-01-06 18:11:55 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tosdvd.sys.bak
    [2014-01-06 18:11:55 | 000,019,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdi.sys.bak
    [2014-01-06 18:11:54 | 000,048,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys.bak
    [2014-01-06 18:11:54 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tape.sys.bak
    [2014-01-06 18:11:53 | 000,025,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sonydcam.sys.bak
    [2014-01-06 18:11:53 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smclib.sys.bak
    [2014-01-06 18:11:52 | 000,096,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\scsiport.sys.bak
    [2014-01-06 18:11:51 | 000,588,032 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\RTL8192su.sys.bak
    [2014-01-06 18:11:50 | 006,427,240 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys.bak
    [2014-01-06 18:11:50 | 000,141,568 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\Rtenicxp.sys.bak
    [2014-01-06 18:11:49 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rmcast.sys.bak
    [2014-01-06 18:11:49 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismp.sys.bak
    [2014-01-06 18:11:49 | 000,012,032 | ---- | C] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\riodrv.sys.bak
    [2014-01-06 18:11:49 | 000,012,032 | ---- | C] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\rio8drv.sys.bak
    [2014-01-06 18:11:48 | 000,034,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rawwan.sys.bak
    [2014-01-06 18:11:47 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys.bak
    [2014-01-06 18:11:47 | 000,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys.bak
    [2014-01-06 18:11:46 | 000,063,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnknb.sys.bak
    [2014-01-06 18:11:46 | 000,055,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkspx.sys.bak
    [2014-01-06 18:11:46 | 000,003,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\oprghdlr.sys.bak
    [2014-01-06 18:11:45 | 000,088,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkipx.sys.bak
    [2014-01-06 18:11:45 | 000,040,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nmnt.sys.bak
    [2014-01-06 18:11:45 | 000,012,032 | ---- | C] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\nikedrv.sys.bak
    [2014-01-06 18:11:42 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mpe.sys.bak
    [2014-01-06 18:11:41 | 000,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mf.sys.bak
    [2014-01-06 18:11:41 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys.bak
    [2014-01-06 18:11:41 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys.bak
    [2014-01-06 18:11:41 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mcd.sys.bak
    [2014-01-06 18:11:40 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys.bak
    [2014-01-06 18:11:37 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidclass.sys.bak
    [2014-01-06 18:11:37 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidparse.sys.bak
    [2014-01-06 18:11:36 | 000,165,744 | ---- | C] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\gzflt.sys.bak
    [2014-01-06 18:11:36 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fsvga.sys.bak
    [2014-01-06 18:11:35 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxg.sys.bak
    [2014-01-06 18:11:35 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys.bak
    [2014-01-06 18:11:35 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxapi.sys.bak
    [2014-01-06 18:11:35 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxgthk.sys.bak
    [2014-01-06 18:11:34 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\diskdump.sys.bak
    [2014-01-06 18:11:34 | 000,011,776 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\drivers\cpqdap01.sys.bak
    [2014-01-06 18:11:33 | 000,262,528 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\cinemst2.sys.bak
    [2014-01-06 18:11:33 | 000,049,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\classpnp.sys.bak
    [2014-01-06 18:11:33 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys.bak
    [2014-01-06 18:11:33 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys.bak
    [2014-01-06 18:11:31 | 000,490,144 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\avckf.sys.bak
    [2014-01-06 18:11:31 | 000,116,560 | ---- | C] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys.bak
    [2014-01-06 18:11:31 | 000,072,704 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\bdvedisk.sys.bak
    [2014-01-06 18:11:31 | 000,066,832 | ---- | C] (BitDefender SRL) -- C:\WINDOWS\System32\drivers\bdsandbox.sys.bak
    [2014-01-06 18:11:31 | 000,011,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bdasup.sys.bak
    [2014-01-06 18:11:30 | 000,640,560 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\avc3.sys.bak
    [2014-01-06 18:11:30 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmuni.sys.bak
    [2014-01-06 18:11:30 | 000,242,504 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\avchv.sys.bak
    [2014-01-06 18:11:30 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmlane.sys.bak
    [2014-01-06 18:11:30 | 000,031,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmepvc.sys.bak
    [2014-01-06 18:11:29 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk6.sys.bak
    [2014-01-06 18:11:28 | 000,011,776 | ---- | C] (Arcsoft, Inc.) -- C:\WINDOWS\System32\drivers\afc.sys.bak
    [2014-01-06 18:03:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\RK_Quarantine
    [2014-01-05 17:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\bdch
    [2014-01-02 19:48:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Administrative Tools
    [2014-01-02 17:35:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
    [2014-01-02 17:34:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2014-01-02 17:34:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2014-01-02 17:34:28 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2014-01-02 17:34:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2013-12-18 09:26:26 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2013-12-18 09:26:08 | 000,000,000 | ---D | C] -- C:\b173431b9b34f36d5d70
    [2013-12-17 12:08:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\QuickScan
    [2013-12-17 12:00:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bitdefender
    [2013-12-17 12:00:45 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
    [2013-12-17 12:00:17 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WdfCoInstaller01009.dll
    [2013-12-17 11:59:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BDLogging
    [2013-12-17 11:59:26 | 000,072,704 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\bdvedisk.sys
    [2013-12-17 11:59:05 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\capicom.dll
    [2013-12-17 11:59:05 | 000,116,560 | ---- | C] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys
    [2013-12-17 11:59:05 | 000,074,512 | ---- | C] (BitDefender SRL) -- C:\WINDOWS\System32\bdsandboxuiskin.dll
    [2013-12-17 11:59:05 | 000,066,832 | ---- | C] (BitDefender SRL) -- C:\WINDOWS\System32\drivers\bdsandbox.sys
    [2013-12-17 11:59:05 | 000,027,168 | ---- | C] (BitDefender SRL) -- C:\WINDOWS\System32\bdsandboxuh.dll
    [2013-12-17 11:58:44 | 000,640,560 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\avc3.sys
    [2013-12-17 11:58:44 | 000,490,144 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\avckf.sys
    [2013-12-17 11:58:44 | 000,242,504 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\avchv.sys
    [2013-12-17 11:30:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Bitdefender
    [2013-12-17 11:28:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\QuickScan
    [2013-12-17 11:20:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Bitdefender
    [2013-12-17 11:20:43 | 000,165,744 | ---- | C] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\gzflt.sys
    [2013-12-17 11:20:33 | 000,360,376 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\trufos.sys
    [2013-12-17 11:20:33 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
    [2013-12-17 11:13:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    ========== Files - Modified Within 30 Days ==========
    [2014-01-09 23:05:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2014-01-09 21:40:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2014-01-09 20:11:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2014-01-09 19:53:19 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2014-01-09 18:36:11 | 000,000,488 | ---- | M] () -- C:\hpfr5550.xml
    [2014-01-09 16:02:59 | 000,104,664 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\48230029.sys
    [2014-01-09 16:01:53 | 000,051,416 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\32A91A4B.sys
    [2014-01-09 09:42:42 | 000,104,664 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
    [2014-01-09 02:10:56 | 000,001,073 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Dropbox.lnk
    [2014-01-09 02:10:54 | 000,001,073 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Dropbox.lnk
    [2014-01-09 00:46:23 | 000,051,416 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
    [2014-01-09 00:19:36 | 000,037,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wdfldr.sys.bak
    [2014-01-09 00:19:36 | 000,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wmilib.sys.bak
    [2014-01-09 00:19:35 | 000,081,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\videoprt.sys.bak
    [2014-01-09 00:19:35 | 000,058,112 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\vdmindvd.sys.bak
    [2014-01-09 00:19:34 | 000,144,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys.bak
    [2014-01-09 00:19:34 | 000,025,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd2.sys.bak
    [2014-01-09 00:19:34 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd.sys.bak
    [2014-01-09 00:19:34 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbintel.sys.bak
    [2014-01-09 00:19:34 | 000,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbd.sys.bak
    [2014-01-09 00:19:33 | 000,021,376 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\System32\drivers\tsbvcap.sys.bak
    [2014-01-09 00:19:33 | 000,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023.sys.bak
    [2014-01-09 00:19:32 | 000,360,376 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\trufos.sys.bak
    [2014-01-09 00:19:32 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys.bak
    [2014-01-09 00:19:32 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tosdvd.sys.bak
    [2014-01-09 00:19:32 | 000,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdi.sys.bak
    [2014-01-09 00:19:31 | 000,048,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys.bak
    [2014-01-09 00:19:31 | 000,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tape.sys.bak
    [2014-01-09 00:19:30 | 000,025,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sonydcam.sys.bak
    [2014-01-09 00:19:30 | 000,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smclib.sys.bak
    [2014-01-09 00:19:28 | 000,588,032 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\RTL8192su.sys.bak
    [2014-01-09 00:19:28 | 000,096,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\scsiport.sys.bak
    [2014-01-09 00:19:27 | 006,427,240 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys.bak
    [2014-01-09 00:19:26 | 000,203,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rmcast.sys.bak
    [2014-01-09 00:19:26 | 000,141,568 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\Rtenicxp.sys.bak
    [2014-01-09 00:19:26 | 000,030,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismp.sys.bak
    [2014-01-09 00:19:26 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\riodrv.sys.bak
    [2014-01-09 00:19:26 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\rio8drv.sys.bak
    [2014-01-09 00:19:24 | 000,034,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rawwan.sys.bak
    [2014-01-09 00:19:23 | 000,146,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys.bak
    [2014-01-09 00:19:22 | 000,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys.bak
    [2014-01-09 00:19:22 | 000,003,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\oprghdlr.sys.bak
    [2014-01-09 00:19:21 | 000,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkipx.sys.bak
    [2014-01-09 00:19:21 | 000,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnknb.sys.bak
    [2014-01-09 00:19:21 | 000,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkspx.sys.bak
    [2014-01-09 00:19:20 | 000,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nmnt.sys.bak
    [2014-01-09 00:19:20 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\nikedrv.sys.bak
    [2014-01-09 00:19:15 | 000,015,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mpe.sys.bak
    [2014-01-09 00:19:14 | 000,141,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys.bak
    [2014-01-09 00:19:14 | 000,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mf.sys.bak
    [2014-01-09 00:19:14 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys.bak
    [2014-01-09 00:19:14 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys.bak
    [2014-01-09 00:19:14 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mcd.sys.bak
    [2014-01-09 00:19:09 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidclass.sys.bak
    [2014-01-09 00:19:09 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidparse.sys.bak
    [2014-01-09 00:19:08 | 000,165,744 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\gzflt.sys.bak
    [2014-01-09 00:19:08 | 000,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fsvga.sys.bak
    [2014-01-09 00:19:06 | 000,071,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxg.sys.bak
    [2014-01-09 00:19:06 | 000,060,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys.bak
    [2014-01-09 00:19:06 | 000,010,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxapi.sys.bak
    [2014-01-09 00:19:06 | 000,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxgthk.sys.bak
    [2014-01-09 00:19:04 | 000,049,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\classpnp.sys.bak
    [2014-01-09 00:19:04 | 000,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\diskdump.sys.bak
    [2014-01-09 00:19:04 | 000,011,776 | ---- | M] (Compaq Computer Corporation) -- C:\WINDOWS\System32\drivers\cpqdap01.sys.bak
    [2014-01-09 00:19:03 | 000,262,528 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\cinemst2.sys.bak
    [2014-01-09 00:19:03 | 000,009,200 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys.bak
    [2014-01-09 00:19:03 | 000,009,072 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys.bak
    [2014-01-09 00:19:00 | 000,116,560 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys.bak
    [2014-01-09 00:19:00 | 000,072,704 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\bdvedisk.sys.bak
    [2014-01-09 00:19:00 | 000,066,832 | ---- | M] (BitDefender SRL) -- C:\WINDOWS\System32\drivers\bdsandbox.sys.bak
    [2014-01-09 00:18:59 | 000,490,144 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\avckf.sys.bak
    [2014-01-09 00:18:59 | 000,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bdasup.sys.bak
    [2014-01-09 00:18:58 | 000,640,560 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\avc3.sys.bak
    [2014-01-09 00:18:58 | 000,242,504 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\avchv.sys.bak
    [2014-01-09 00:18:57 | 000,352,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmuni.sys.bak
    [2014-01-09 00:18:57 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmlane.sys.bak
    [2014-01-09 00:18:57 | 000,031,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmepvc.sys.bak
    [2014-01-09 00:18:55 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk6.sys.bak
    [2014-01-09 00:18:54 | 000,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\WINDOWS\System32\drivers\afc.sys.bak
    [2014-01-02 17:34:53 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2014-01-01 16:14:55 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
    [2013-12-30 20:02:37 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013-12-22 17:56:36 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\&Help and Support.lnk
    [2013-12-18 09:32:03 | 000,000,385 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Datauser_gensett.xml
    [2013-12-17 17:37:59 | 000,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml
    [2013-12-17 12:00:59 | 000,001,768 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bitdefender Total Security.lnk
    [2013-12-17 12:00:58 | 000,001,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bitdefender Safepay.lnk
    [2013-12-17 12:00:57 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
    [2013-12-17 12:00:56 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
    [2013-12-17 12:00:55 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2013-12-12 03:27:05 | 000,286,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    ========== Files Created - No Company Name ==========
    [2014-01-09 19:53:19 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2014-01-09 19:53:17 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2014-01-09 19:41:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2014-01-09 19:41:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2014-01-09 19:41:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2014-01-09 19:41:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2014-01-09 19:41:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2014-01-02 17:34:53 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2013-12-22 17:56:35 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\&Help and Support.lnk
    [2013-12-18 09:32:03 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Datauser_gensett.xml
    [2013-12-17 17:37:59 | 000,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml
    [2013-12-17 12:00:59 | 000,001,768 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bitdefender Total Security.lnk
    [2013-12-17 12:00:58 | 000,001,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bitdefender Safepay.lnk
    [2013-12-17 12:00:57 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
    [2013-12-17 12:00:56 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
    [2013-11-14 18:40:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2013-10-15 16:02:45 | 000,001,476 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\recently-used.xbel
    [2013-10-13 19:29:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
    [2013-10-10 11:38:46 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2013-02-15 13:13:39 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
    [2013-02-15 12:48:02 | 000,000,253 | -H-- | C] () -- C:\Documents and Settings\All Users\hpothb07.tif
    [2013-02-15 12:48:02 | 000,000,164 | -H-- | C] () -- C:\Documents and Settings\All Users\hpothb07.dat
    [2013-02-15 12:43:55 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\hpothb07.tif
    [2013-02-15 12:43:55 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\hpothb07.dat
    [2012-08-27 17:14:17 | 000,000,113 | ---- | C] () -- C:\WINDOWS\PhEdit.INI
    [2012-08-27 16:24:14 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2012-08-27 16:24:13 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
    [2012-08-27 16:24:13 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
    [2012-08-27 16:24:13 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
    [2012-08-27 16:24:13 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
    [2012-08-27 16:24:13 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
    [2012-08-27 16:24:13 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
    [2012-08-27 16:24:13 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
    [2012-08-27 16:24:13 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
    [2012-08-27 16:24:13 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
    [2012-08-27 16:24:13 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
    [2012-08-27 16:24:13 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
    [2012-08-27 16:24:13 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
    [2012-08-27 16:24:13 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
    [2012-08-27 16:24:13 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
    [2012-08-27 16:24:13 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
    [2012-08-27 16:24:13 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
    [2012-08-27 16:24:13 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
    [2012-08-27 16:24:13 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
    [2012-08-03 01:21:52 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
    [2011-01-17 19:47:16 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    ========== ZeroAccess Check ==========
    [2009-09-01 20:08:40 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008-04-14 07:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009-02-09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008-04-14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    < End of report >
  20. Broni

    Broni Malware Annihilator Posts: 46,123   +251

    [​IMG]
    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Code:
    :OTL
    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (TrueSight)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\iSafe\iSafeNetFilter.sys -- (iSafeNetFilter)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys -- (catchme)
    IE - HKU\S-1-5-21-2985956707-2506270801-1478608977-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\S-1-5-21-2985956707-2506270801-1478608977-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 205.213.195.70:8080
    FF - user.js - File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    
    
    :Services
    
    :Reg
    
    :Files
    C:\FRST
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
    
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Click on "Run ESET Online Scanner" button.
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  21. dmcneil35

    dmcneil35 Newcomer, in training Topic Starter Posts: 63

    OTL stalled. rebooted in safemode. computer still super slow

    All processes killed
    ========== OTL ==========
    Service AppMgmt stopped successfully!
    Service AppMgmt deleted successfully!
    File %SystemRoot%\System32\appmgmts.dll not found.
    Service WDICA stopped successfully!
    Service WDICA deleted successfully!
    Error: No service named TrueSight was found to stop!
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrueSight deleted successfully.
    Service PDRFRAME stopped successfully!
    Service PDRFRAME deleted successfully!
    Service PDRELI stopped successfully!
    Service PDRELI deleted successfully!
    Service PDFRAME stopped successfully!
    Service PDFRAME deleted successfully!
    Service PDCOMP stopped successfully!
    Service PDCOMP deleted successfully!
    Service PCIDump stopped successfully!
    Service PCIDump deleted successfully!
    Service lbrtfdc stopped successfully!
    Service lbrtfdc deleted successfully!
    Service iSafeNetFilter stopped successfully!
    Service iSafeNetFilter deleted successfully!
    File C:\Program Files\iSafe\iSafeNetFilter.sys not found.
    Service i2omgmt stopped successfully!
    Service i2omgmt deleted successfully!
    Service Changer stopped successfully!
    Service Changer deleted successfully!
    Service catchme stopped successfully!
    Service catchme deleted successfully!
    File C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys not found.
    Unable to set value : HKU\S-1-5-21-2985956707-2506270801-1478608977-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E!
    Unable to set value : HKU\S-1-5-21-2985956707-2506270801-1478608977-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E!
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    File\Folder C:\FRST not found.
    ========== COMMANDS ==========
    [EMPTYTEMP]
    User: Administrator
    ->Temp folder emptied: 148480 bytes
    ->Temporary Internet Files folder emptied: 7421847 bytes
    User: All Users
    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    User: HP_Administrator
    ->Temp folder emptied: 46911729 bytes
    ->Temporary Internet Files folder emptied: 9669675 bytes
    ->FireFox cache emptied: 81665099 bytes
    ->Flash cache emptied: 3092641 bytes
    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 2402044 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 8109112 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes
    Total Files Cleaned = 152.00 mb
    [EMPTYJAVA]
    User: Administrator
    User: All Users
    User: Default User
    User: HP_Administrator
    User: LocalService
    User: NetworkService
    Total Java Files Cleaned = 0.00 mb
    [EMPTYFLASH]
    User: Administrator
    User: All Users
    User: Default User
    User: HP_Administrator
    ->Flash cache emptied: 0 bytes
    User: LocalService
    User: NetworkService
    Total Flash Files Cleaned = 0.00 mb
    OTL by OldTimer - Version 3.2.69.0 log created on 01102014_091108

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF5675.tmp not found!
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF5682.tmp not found!
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF65C3.tmp not found!
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF65D3.tmp not found!
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF662E.tmp not found!
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF668E.tmp not found!
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF7903.tmp not found!
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF7910.tmp not found!
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\RWPCOGH9\resourcespreload[1].htm moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\RWPCOGH9\RteFrameResources[1].htm moved successfully.
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\B86OB4PH\13557[1].htm not found!
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\B86OB4PH\GFXHasherAjaxIFrame_e8u3OtQonFhEjc0Yi_3RCA2[1].htm moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\B86OB4PH\Messenger[1].htm moved successfully.
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6SKFHRWZ\default[1].htm not found!
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6SKFHRWZ\hps-euro-w01-bold-eot[1].eot moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6SKFHRWZ\hps-euro-w01-regular-eot[1].eot moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6SKFHRWZ\regular[1].eot moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6SKFHRWZ\semibold[1].eot moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6SKFHRWZ\xmlProxy[1].htm moved successfully.
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\55CWO7QF\flextag[1].htm not found!
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\55CWO7QF\GFXHasherVerification[1].htm not found!
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\55CWO7QF\home[1].html moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\55CWO7QF\light[1].eot moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\55CWO7QF\outlook[1].htm moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\55CWO7QF\swe-iframe[1].htm moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\55CWO7QF\tracking-iframe[1].htm moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\55CWO7QF\xmlProxy[1].htm moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\55CWO7QF\xmlProxy[2].htm moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\55CWO7QF\xmlProxy[3].htm moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  22. dmcneil35

    dmcneil35 Newcomer, in training Topic Starter Posts: 63

    Results of screen317's Security Check version 0.99.78
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Disabled!
    Bitdefender Total Security
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.75.0.1300
    Java 7 Update 45
    Adobe Flash Player 11.8.800.168
    Adobe Reader XI
    Mozilla Firefox (26.0)
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    Bitdefender Bitdefender vsserv.exe
    Bitdefender Bitdefender updatesrv.exe
    Bitdefender Bitdefender SafeBox safeboxservice.exe
    Bitdefender Bitdefender bdagent.exe
    Bitdefender Bitdefender pmbxag.exe
    Bitdefender Bitdefender bdapppassmgr.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 0%
    ````````````````````End of Log``````````````````````
  23. dmcneil35

    dmcneil35 Newcomer, in training Topic Starter Posts: 63

    Results of screen317's Security Check version 0.99.78
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Disabled!
    Bitdefender Total Security
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.75.0.1300
    Java 7 Update 45
    Adobe Flash Player 11.8.800.168
    Adobe Reader XI
    Mozilla Firefox (26.0)
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    Bitdefender Bitdefender vsserv.exe
    Bitdefender Bitdefender updatesrv.exe
    Bitdefender Bitdefender SafeBox safeboxservice.exe
    Bitdefender Bitdefender bdagent.exe
    Bitdefender Bitdefender pmbxag.exe
    Bitdefender Bitdefender bdapppassmgr.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 0%
    ````````````````````End of Log``````````````````````
  24. dmcneil35

    dmcneil35 Newcomer, in training Topic Starter Posts: 63

    Oops. farbar this time...

    Farbar Service Scanner Version: 08-01-2014
    Ran by HP_Administrator (administrator) on 10-01-2014 at 09:43:05
    Running from "C:\Documents and Settings\HP_Administrator\My Documents\Downloads"
    Microsoft Windows XP Home Edition Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Other Services:
    ==============


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    bdftdif(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
    0x0700000004000000030000000900000008000000050000000600000007000000
    IpSec Tag value is correct.

    **** End of log ****
  25. dmcneil35

    dmcneil35 Newcomer, in training Topic Starter Posts: 63

    Ran TFP and it got hung up trying to close applications - I think firefox. computer froze and I couldn't close programs (firefix or TFP). control alt delete non responsive. I turned off the computer at the switch, rebooted and reran TFP, this time with no applications open. at time of writing it hung up again "stopping running processes". I have just left it.

    I will await further instruction and post if it get's itself unstuck


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.