Solved Lolipop etc

[dmcneil35]

Hi,

Happy new year.

I had the lolipop thingy on my computer. It was removed (I think) with bitdefender. I'd like to make sure no other viruses etc are on my machine. My computer works. But is slow.

2 dds and logs follow. The other log in the next post

thanks

David


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.45.2
Run by HP_Administrator at 19:48:49 on 2014-01-02
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.1015.88 [GMT -5:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe
C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4.5\Transfer Utility\CameraMonitor.exe
C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe
c:\program files\Mozilla Firefox\firefox.exe
c:\program files\Mozilla Firefox\plugin-container.exe
c:\program files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uProxyServer = 205.213.195.70:8080
uProxyOverride = <local>
BHO: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - c:\program files\bitdefender\bitdefender\pmbxie.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Bitdefender Wallet Agent] "c:\program files\bitdefender\bitdefender\pmbxag.exe"
uRun: [Bitdefender Wallet] "c:\program files\bitdefender\bitdefender\pwdmanui.exe" --hidden --nowizard
uRun: [Bitdefender Wallet Application Agent] "c:\program files\bitdefender\bitdefender\bdapppassmgr.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [UpdatePRCShortCut] "c:\windows\sminst\muitransfer\muistartmenu.exe" "c:\windows\sminst" updatewithcreateonce "software\cyberlink\PowerRecover"
mRun: [Reminder] c:\windows\sminst\Reminder.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Bdagent] "c:\program files\bitdefender\bitdefender\bdagent.exe"
dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
dRun: [Bitdefender Wallet Agent] "c:\program files\bitdefender\bitdefender\pmbxag.exe"
dRun: [Bitdefender Wallet] "c:\program files\bitdefender\bitdefender\pwdmanui.exe" --hidden --nowizard
dRun: [Bitdefender Wallet Application Agent] "c:\program files\bitdefender\bitdefender\bdapppassmgr.exe"
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\hp_administrator\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imagem~1.lnk - c:\program files\pixela\imagemixer 3 se ver.4.5\transfer utility\CameraMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\photof~1.lnk - c:\program files\panasonic\photofunstudio -viewer-\PhAutoRun.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1294355956989
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{58760A3C-BCCF-45D9-A72D-281595A5B161} : DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\zh89uc04.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\zh89uc04.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\plugins\np-mswmp.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\bitdefender\bitdefender\npcomm.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\lightspark 0.5.3-git\nplightsparkplugin.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll
FF - ExtSQL: 2013-11-28 16:42; ffpwdman@bitdefender.com; c:\program files\bitdefender\bitdefender\ffpwdman
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2013-12-17 640560]
R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [2013-12-17 165744]
R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2013-12-17 72704]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2014-1-2 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2014-1-2 701512]
R2 SafeBox;SafeBox;c:\program files\bitdefender\bitdefender safebox\safeboxservice.exe [2013-12-17 81704]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\bitdefender\bitdefender\updatesrv.exe [2013-12-17 54424]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2013-12-17 242504]
R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2013-12-17 490144]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf.sys [2013-12-17 116560]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-1-2 22856]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2009-3-27 588032]
S1 iSafeNetFilter;iSafeNetFilter;\??\c:\program files\isafe\isafenetfilter.sys --> c:\program files\isafe\iSafeNetFilter.sys [?]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-7-25 162672]
S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2013-12-17 66832]
S3 NAVENG;NAVENG;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\naveng.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\NAVENG.SYS [?]
S3 NAVEX15;NAVEX15;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\navex15.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\NAVEX15.SYS [?]
S4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\bitdefender\bitdefender\bdparentalservice.exe [2013-12-17 69880]
.
=============== Created Last 30 ================
.
2014-01-02 22:49:38 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-01-02 22:35:05 -------- d-----w- c:\documents and settings\hp_administrator\application data\Malwarebytes
2014-01-02 22:34:46 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2014-01-02 22:34:28 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-02 22:34:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-12-18 14:26:08 -------- d-----w- C:\b173431b9b34f36d5d70
2013-12-17 17:07:10 1942232 ----a-w- c:\documents and settings\all users\application data\1387297222.bdinstall.bin
2013-12-17 17:00:45 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2013-12-17 17:00:17 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2013-12-17 16:59:58 -------- d-----w- c:\documents and settings\all users\application data\BDLogging
2013-12-17 16:59:26 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
2013-12-17 16:59:05 74512 ----a-w- c:\windows\system32\bdsandboxuiskin.dll
2013-12-17 16:59:05 66832 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2013-12-17 16:59:05 511328 ----a-w- c:\windows\capicom.dll
2013-12-17 16:59:05 27168 ----a-w- c:\windows\system32\bdsandboxuh.dll
2013-12-17 16:59:05 116560 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
2013-12-17 16:58:44 640560 ----a-w- c:\windows\system32\drivers\avc3.sys
2013-12-17 16:58:44 490144 ----a-w- c:\windows\system32\drivers\avckf.sys
2013-12-17 16:58:44 242504 ----a-w- c:\windows\system32\drivers\avchv.sys
2013-12-17 16:30:34 -------- d-----w- c:\documents and settings\hp_administrator\application data\Bitdefender
2013-12-17 16:28:08 -------- d-----w- c:\documents and settings\hp_administrator\application data\QuickScan
2013-12-17 16:20:45 -------- d-----w- c:\documents and settings\all users\application data\Bitdefender
2013-12-17 16:20:43 165744 ----a-w- c:\windows\system32\drivers\gzflt.sys
2013-12-17 16:20:33 360376 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-12-17 16:20:33 -------- d-----w- c:\program files\Bitdefender
2013-12-17 16:13:45 -------- d-----w- c:\program files\common files\Bitdefender
2013-12-10 04:02:40 -------- d-----w- c:\documents and settings\hp_administrator\application data\eCyber
2013-12-09 23:18:52 -------- d-----w- c:\program files\Lightspark 0.5.3-git
2013-12-09 23:17:29 -------- d-----w- c:\documents and settings\hp_administrator\.android
2013-12-09 23:17:27 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\cache
2013-12-09 23:17:15 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\genienext
2013-12-09 23:17:13 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\Mobogenie
2013-12-09 23:17:12 -------- d-----w- c:\program files\AmiExt
2013-12-09 23:15:59 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\RegistryDR
2013-12-09 23:15:52 -------- d-----w- c:\program files\Mobogenie
2013-12-09 23:15:45 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2013-12-09 23:15:32 -------- d-----w- c:\program files\Registry Dr
2013-12-09 23:14:57 -------- d-----w- c:\documents and settings\hp_administrator\application data\iSafe
2013-12-09 23:14:14 -------- d-----w- c:\program files\MyPC Backup
2013-12-09 23:11:53 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\Lollipop
2013-12-06 01:19:33 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-12-06 01:19:19 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2013-11-13 02:59:42 150528 ------w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:26:17 1879040 ------w- c:\windows\system32\win32k.sys
2013-10-29 07:57:34 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:57:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-29 07:57:33 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 07:57:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-29 00:45:02 385024 ----a-w- c:\windows\system32\html.iec
2013-10-23 23:45:49 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-10-15 21:26:22 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 19:51:26,01 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2011-01-06 19:36:05
System Uptime: 2014-01-02 19:12:56 (0 hours ago)
.
Motherboard: FOXCONN | | CALI
Processor: Intel(R) Atom(TM) CPU 230 @ 1.60GHz | CPU 1 | 1596/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 78,713 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 0,423 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ROOT\LEGACY_SASKUTIL\0000
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_SASKUTIL\0000
Service:
.
==== System Restore Points ===================
.
RP894: 2013-10-05 01:29:51 - System Checkpoint
RP895: 2013-10-06 02:29:57 - System Checkpoint
RP896: 2013-10-07 03:21:05 - System Checkpoint
RP897: 2013-10-08 11:34:00 - System Checkpoint
RP898: 2013-10-09 12:08:38 - System Checkpoint
RP899: 2013-10-10 13:18:11 - System Checkpoint
RP900: 2013-10-11 14:13:55 - System Checkpoint
RP901: 2013-10-12 14:15:00 - System Checkpoint
RP902: 2013-10-13 15:13:55 - System Checkpoint
RP903: 2013-10-14 15:26:25 - System Checkpoint
RP904: 2013-10-15 16:13:29 - System Checkpoint
RP905: 2013-10-15 16:40:41 - Installed GTA San Andreas
RP906: 2013-10-15 16:59:27 - Installed GTA San Andreas
RP907: 2013-10-15 17:27:18 - Installed GTA San Andreas
RP908: 2013-10-15 18:01:05 - Installed GTA San Andreas
RP909: 2013-10-16 18:13:55 - System Checkpoint
RP910: 2013-10-17 19:13:57 - System Checkpoint
RP911: 2013-10-22 22:01:34 - System Checkpoint
RP912: 2013-10-23 23:36:31 - System Checkpoint
RP913: 2013-10-24 23:45:43 - System Checkpoint
RP914: 2013-10-26 00:45:45 - System Checkpoint
RP915: 2013-10-27 02:19:34 - System Checkpoint
RP916: 2013-10-28 02:45:45 - System Checkpoint
RP917: 2013-10-29 03:28:10 - System Checkpoint
RP918: 2013-10-30 22:29:54 - System Checkpoint
RP919: 2013-11-01 05:03:30 - System Checkpoint
RP920: 2013-11-03 15:52:24 - System Checkpoint
RP921: 2013-11-04 16:40:47 - System Checkpoint
RP922: 2013-11-05 16:59:52 - System Checkpoint
RP923: 2013-11-07 01:36:55 - System Checkpoint
RP924: 2013-11-08 01:37:05 - System Checkpoint
RP925: 2013-11-11 17:21:52 - System Checkpoint
RP926: 2009-03-27 02:45:02 - System Checkpoint
RP927: 2009-03-27 01:53:28 - System Checkpoint
RP928: 2013-11-13 17:25:55 - System Checkpoint
RP929: 2013-11-14 01:30:42 - Software Distribution Service 3.0
RP930: 2013-11-15 01:38:50 - Software Distribution Service 3.0
RP931: 2013-11-16 13:34:14 - Software Distribution Service 3.0
RP932: 2013-11-17 03:00:59 - Software Distribution Service 3.0
RP933: 2013-11-18 01:12:16 - Software Distribution Service 3.0
RP934: 2013-11-19 02:21:55 - System Checkpoint
RP935: 2013-11-20 03:13:51 - System Checkpoint
RP936: 2013-11-21 11:10:38 - System Checkpoint
RP937: 2013-11-22 11:26:45 - System Checkpoint
RP938: 2013-11-23 15:28:49 - System Checkpoint
RP939: 2013-11-24 16:34:18 - System Checkpoint
RP940: 2013-11-25 20:16:08 - System Checkpoint
RP941: 2013-11-26 21:11:58 - System Checkpoint
RP942: 2013-11-27 22:00:25 - System Checkpoint
RP943: 2013-11-29 19:40:02 - System Checkpoint
RP944: 2013-11-30 22:44:34 - System Checkpoint
RP945: 2013-12-01 23:29:09 - System Checkpoint
RP946: 2013-12-03 00:45:27 - System Checkpoint
RP947: 2013-12-04 03:12:29 - System Checkpoint
RP948: 2013-12-05 03:44:47 - System Checkpoint
RP949: 2013-12-05 20:13:48 - Installed Java 7 Update 45
RP950: 2013-12-06 23:31:28 - System Checkpoint
RP951: 2013-12-08 00:31:12 - System Checkpoint
RP952: 2013-12-09 01:30:43 - System Checkpoint
RP953: 2013-12-10 17:52:01 - System Checkpoint
RP954: 2013-12-10 21:28:49 - Removed Ask Toolbar.
RP955: 2013-12-10 21:30:41 - Removed Ask Toolbar.
RP956: 2013-12-10 22:47:52 - Supprimé Bonjour
RP957: 2013-12-10 23:31:31 - Removed Registry Dr
RP958: 2013-12-10 23:37:47 - Supprimé QuickTime
RP959: 2013-12-12 00:11:03 - System Checkpoint
RP960: 2013-12-12 03:01:21 - Software Distribution Service 3.0
RP961: 2013-12-13 03:34:19 - System Checkpoint
RP962: 2013-12-14 03:00:21 - Software Distribution Service 3.0
RP963: 2013-12-15 03:37:31 - System Checkpoint
RP964: 2013-12-16 03:57:39 - System Checkpoint
RP965: 2013-12-17 12:00:45 - Installed Windows XP Wdf01009.
RP966: 2013-12-18 09:26:03 - Software Distribution Service 3.0
RP967: 2013-12-19 10:45:47 - System Checkpoint
RP968: 2013-12-20 12:41:31 - System Checkpoint
RP969: 2013-12-21 14:01:10 - System Checkpoint
RP970: 2013-12-22 14:43:19 - System Checkpoint
RP971: 2013-12-23 17:00:11 - System Checkpoint
RP972: 2013-12-28 21:51:04 - System Checkpoint
RP973: 2013-12-29 22:18:56 - System Checkpoint
RP974: 2013-12-31 13:40:44 - System Checkpoint
RP975: 2014-01-01 13:56:26 - System Checkpoint
RP976: 2014-01-02 15:57:38 - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
Bitdefender Total Security
DivX Setup
Dropbox
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 2170 series
hp psc 2170 series
ImageMixer 3 SE Ver.4.5 Transfer Utility
ImageMixer 3 SE Ver.4.5 Video Tools
Intel(R) Graphics Media Accelerator Driver
iTunes
Java 7 Update 45
Java Auto Updater
Lightspark 0.5.3-git
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
Music Transfer Utility Ver.1.5
PowerRecover
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2803821-v2)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SILKYPIX Developer Studio 3.0 SE
Skype Click to Call
Skype™ 6.7
StudioTax 2012
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Windows XP (KB2345886)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Internet Explorer 8
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
2013-12-29 00:24:29, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
2013-12-28 21:07:45, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iSafeNetFilter SRTSP SRTSPX
2013-12-28 21:07:45, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ACDaemon service.
2013-12-28 21:07:45, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the service.
2013-12-28 21:07:45, error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: The system cannot find the path specified.
.
==== End Of File ===========================
.

 

[dmcneil35]

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2011-01-06 19:36:05
System Uptime: 2014-01-02 19:12:56 (0 hours ago)
.
Motherboard: FOXCONN | | CALI
Processor: Intel(R) Atom(TM) CPU 230 @ 1.60GHz | CPU 1 | 1596/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 78,713 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 0,423 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ROOT\LEGACY_SASKUTIL\0000
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_SASKUTIL\0000
Service:
.
==== System Restore Points ===================
.
RP894: 2013-10-05 01:29:51 - System Checkpoint
RP895: 2013-10-06 02:29:57 - System Checkpoint
RP896: 2013-10-07 03:21:05 - System Checkpoint
RP897: 2013-10-08 11:34:00 - System Checkpoint
RP898: 2013-10-09 12:08:38 - System Checkpoint
RP899: 2013-10-10 13:18:11 - System Checkpoint
RP900: 2013-10-11 14:13:55 - System Checkpoint
RP901: 2013-10-12 14:15:00 - System Checkpoint
RP902: 2013-10-13 15:13:55 - System Checkpoint
RP903: 2013-10-14 15:26:25 - System Checkpoint
RP904: 2013-10-15 16:13:29 - System Checkpoint
RP905: 2013-10-15 16:40:41 - Installed GTA San Andreas
RP906: 2013-10-15 16:59:27 - Installed GTA San Andreas
RP907: 2013-10-15 17:27:18 - Installed GTA San Andreas
RP908: 2013-10-15 18:01:05 - Installed GTA San Andreas
RP909: 2013-10-16 18:13:55 - System Checkpoint
RP910: 2013-10-17 19:13:57 - System Checkpoint
RP911: 2013-10-22 22:01:34 - System Checkpoint
RP912: 2013-10-23 23:36:31 - System Checkpoint
RP913: 2013-10-24 23:45:43 - System Checkpoint
RP914: 2013-10-26 00:45:45 - System Checkpoint
RP915: 2013-10-27 02:19:34 - System Checkpoint
RP916: 2013-10-28 02:45:45 - System Checkpoint
RP917: 2013-10-29 03:28:10 - System Checkpoint
RP918: 2013-10-30 22:29:54 - System Checkpoint
RP919: 2013-11-01 05:03:30 - System Checkpoint
RP920: 2013-11-03 15:52:24 - System Checkpoint
RP921: 2013-11-04 16:40:47 - System Checkpoint
RP922: 2013-11-05 16:59:52 - System Checkpoint
RP923: 2013-11-07 01:36:55 - System Checkpoint
RP924: 2013-11-08 01:37:05 - System Checkpoint
RP925: 2013-11-11 17:21:52 - System Checkpoint
RP926: 2009-03-27 02:45:02 - System Checkpoint
RP927: 2009-03-27 01:53:28 - System Checkpoint
RP928: 2013-11-13 17:25:55 - System Checkpoint
RP929: 2013-11-14 01:30:42 - Software Distribution Service 3.0
RP930: 2013-11-15 01:38:50 - Software Distribution Service 3.0
RP931: 2013-11-16 13:34:14 - Software Distribution Service 3.0
RP932: 2013-11-17 03:00:59 - Software Distribution Service 3.0
RP933: 2013-11-18 01:12:16 - Software Distribution Service 3.0
RP934: 2013-11-19 02:21:55 - System Checkpoint
RP935: 2013-11-20 03:13:51 - System Checkpoint
RP936: 2013-11-21 11:10:38 - System Checkpoint
RP937: 2013-11-22 11:26:45 - System Checkpoint
RP938: 2013-11-23 15:28:49 - System Checkpoint
RP939: 2013-11-24 16:34:18 - System Checkpoint
RP940: 2013-11-25 20:16:08 - System Checkpoint
RP941: 2013-11-26 21:11:58 - System Checkpoint
RP942: 2013-11-27 22:00:25 - System Checkpoint
RP943: 2013-11-29 19:40:02 - System Checkpoint
RP944: 2013-11-30 22:44:34 - System Checkpoint
RP945: 2013-12-01 23:29:09 - System Checkpoint
RP946: 2013-12-03 00:45:27 - System Checkpoint
RP947: 2013-12-04 03:12:29 - System Checkpoint
RP948: 2013-12-05 03:44:47 - System Checkpoint
RP949: 2013-12-05 20:13:48 - Installed Java 7 Update 45
RP950: 2013-12-06 23:31:28 - System Checkpoint
RP951: 2013-12-08 00:31:12 - System Checkpoint
RP952: 2013-12-09 01:30:43 - System Checkpoint
RP953: 2013-12-10 17:52:01 - System Checkpoint
RP954: 2013-12-10 21:28:49 - Removed Ask Toolbar.
RP955: 2013-12-10 21:30:41 - Removed Ask Toolbar.
RP956: 2013-12-10 22:47:52 - Supprimé Bonjour
RP957: 2013-12-10 23:31:31 - Removed Registry Dr
RP958: 2013-12-10 23:37:47 - Supprimé QuickTime
RP959: 2013-12-12 00:11:03 - System Checkpoint
RP960: 2013-12-12 03:01:21 - Software Distribution Service 3.0
RP961: 2013-12-13 03:34:19 - System Checkpoint
RP962: 2013-12-14 03:00:21 - Software Distribution Service 3.0
RP963: 2013-12-15 03:37:31 - System Checkpoint
RP964: 2013-12-16 03:57:39 - System Checkpoint
RP965: 2013-12-17 12:00:45 - Installed Windows XP Wdf01009.
RP966: 2013-12-18 09:26:03 - Software Distribution Service 3.0
RP967: 2013-12-19 10:45:47 - System Checkpoint
RP968: 2013-12-20 12:41:31 - System Checkpoint
RP969: 2013-12-21 14:01:10 - System Checkpoint
RP970: 2013-12-22 14:43:19 - System Checkpoint
RP971: 2013-12-23 17:00:11 - System Checkpoint
RP972: 2013-12-28 21:51:04 - System Checkpoint
RP973: 2013-12-29 22:18:56 - System Checkpoint
RP974: 2013-12-31 13:40:44 - System Checkpoint
RP975: 2014-01-01 13:56:26 - System Checkpoint
RP976: 2014-01-02 15:57:38 - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
Bitdefender Total Security
DivX Setup
Dropbox
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 2170 series
hp psc 2170 series
ImageMixer 3 SE Ver.4.5 Transfer Utility
ImageMixer 3 SE Ver.4.5 Video Tools
Intel(R) Graphics Media Accelerator Driver
iTunes
Java 7 Update 45
Java Auto Updater
Lightspark 0.5.3-git
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
Music Transfer Utility Ver.1.5
PowerRecover
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2803821-v2)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SILKYPIX Developer Studio 3.0 SE
Skype Click to Call
Skype™ 6.7
StudioTax 2012
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Windows XP (KB2345886)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Internet Explorer 8
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
2013-12-29 00:24:29, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
2013-12-28 21:07:45, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iSafeNetFilter SRTSP SRTSPX
2013-12-28 21:07:45, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ACDaemon service.
2013-12-28 21:07:45, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the service.
2013-12-28 21:07:45, error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: The system cannot find the path specified.
.
==== End Of File ===========================

 

[Broni]

Somehow I missed this topic.

Let me know if you still need help.

If so I still need MBAM log.

 

[dmcneil35]

Yes still need help thanks. will post the log tomorrow

 

[dmcneil35]

Computer is really slow. lots of "processes" running in the backgroup. CPU at 100% sometimes (not that I have any idea what that means).

An automatic update is installing "windows malicious software removal tool" as I write

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.02.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
HP_Administrator :: YOUR-06CE742A84 [administrator]

Protection: Enabled

2014-01-02 18:23:35
mbam-log-2014-01-02 (18-23-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209551
Time elapsed: 34 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE60E6ED-49DD-4099-8B5E-386A4908D5D5} (PUP.Optional.GreyGray.A) -> Quarantined and deleted successfully.
HKCU\Software\ConduitSearchScopes (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKCU\Software\PriceGong (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKCU\Software\AmiExt\IE plugin (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 5
C:\Documents and Settings\HP_Administrator\Application Data\SwvUpdater (PUP.Software.Updater) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\PriceGong (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\newnext.me (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\newnext.me\cache (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.

Files Detected: 41
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\PublicTransportSetup(2).exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\PublicTransportSetup.exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\FlashPlayersetup__3873_i184360526_il7.exe (PUP.Optional.InstallMonetizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\VLC_32.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\fEBundle28-11-2013.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pricepeep_270015_0101.exe (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\GreyGraySetup.exe (PUP.Optional.Greygray.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\flashEnhancer1\Install\flashEnhancerInstaller.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\SwvUpdater\Updater.xml (PUP.Software.Updater) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\SwvUpdater\status.cfg (PUP.Software.Updater) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\1.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\a.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\b.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\c.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\d.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\e.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\f.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\g.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\h.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\I.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\j.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\k.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\l.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\m.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\n.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\o.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\p.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\q.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\r.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\s.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\t.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\u.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\v.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\w.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\wlu.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\x.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\y.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\PriceGong\Data\z.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.

(end)

 

[Broni]

Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.

• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

• Unzip downloaded file.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

[dmcneil35]

RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : HP_Administrator [Admin rights]
Mode : Remove -- Date : 01/09/2014 00:22:26
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3160318AS +++++
--- User ---
[MBR] 92885f1e005d6159b6e5586c7898bb4c
[BSP] 5c7cde0c6172719c584d81923a880ddf : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 142599 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 292061184 | Size: 10018 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_01092014_002226.txt >>
RKreport[0]_D_01062014_181239.txt;RKreport[0]_S_01062014_181202.txt;RKreport[0]_S_01092014_001940.txt

 

[dmcneil35]

And 2 RK reports from Dec 6th. I ran RK at that time. it seemed to delete a bunch of stuff. the computer has been working a little better since then. but still v slow

RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : HP_Administrator [Admin rights]
Mode : Scan -- Date : 01/06/2014 18:12:02
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : UpdatePRCShortCut ("C:\Windows\SMINST\MUITransfer\MUIStartMenu.exe" "C:\Windows\SMINST" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" [7][-][x][x]) -> FOUND
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (205.213.195.70:8080 [Country: , City: ]) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3160318AS +++++
--- User ---
[MBR] 92885f1e005d6159b6e5586c7898bb4c
[BSP] 5c7cde0c6172719c584d81923a880ddf : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 142599 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 292061184 | Size: 10018 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_01062014_181202.txt >>


RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : HP_Administrator [Admin rights]
Mode : Remove -- Date : 01/06/2014 18:12:39
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : UpdatePRCShortCut ("C:\Windows\SMINST\MUITransfer\MUIStartMenu.exe" "C:\Windows\SMINST" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" [7][-][x][x]) -> DELETED
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3160318AS +++++
--- User ---
[MBR] 92885f1e005d6159b6e5586c7898bb4c
[BSP] 5c7cde0c6172719c584d81923a880ddf : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 142599 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 292061184 | Size: 10018 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_01062014_181239.txt >>
RKreport[0]_S_01062014_181202.txt

 

[dmcneil35]

Two MBAR logs follow.

second time I scanned it said: nothing found, no cleaning needed

Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2014.01.09.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
HP_Administrator :: YOUR-06CE742A84 [administrator]

2014-01-09 16:03:23
mbar-log-2014-01-09 (16-03-23).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 214442
Time elapsed: 36 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.596000 GHz
Memory total: 1064546304, free: 95145984

Downloaded database version: v2014.01.08.07
Downloaded database version: v2013.12.18.01
Initializing...
======================
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.596000 GHz
Memory total: 1064546304, free: 131604480

Could not load protection driver
Downloaded database version: v2014.01.09.04
Downloaded database version: v2013.12.18.01
=======================================
------------ Kernel report ------------
01/09/2014 09:42:46
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
trufos.sys
\WINDOWS\system32\DRIVERS\FLTMGR.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
sr.sys
avc3.sys
gzflt.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Serial.sys
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igxpmp32.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rtenicxp.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\Afc.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\avchv.sys
\SystemRoot\system32\DRIVERS\WDFLDR.SYS
\SystemRoot\System32\Drivers\wdf01000.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\bdvedisk.sys
\??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys
\SystemRoot\system32\DRIVERS\RTL8192su.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\HPZius12.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\HPZid412.sys
\SystemRoot\system32\DRIVERS\HPZipr12.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\igxpgd32.dll
\SystemRoot\System32\igxprd32.dll
\SystemRoot\System32\igxpdv32.DLL
\SystemRoot\System32\igxpdx32.DLL
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\avckf.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\ipfltdrv.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR3
Upper Device Object: 0xffffffff8499b6b0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000075\
Lower Device Object: 0xffffffff849a3600
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8652bab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-4\
Lower Device Object: 0xffffffff8658d940
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8652bab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8657b8f0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8652bab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86580520, DeviceName: \Device\00000063\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8658d940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A784A533

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 292043587
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 292061184 Numsec = 20516864

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-312561808-312581808)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff8499b6b0, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff849a8470, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8499b6b0, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff849a3600, DeviceName: \Device\00000075\, DriverName: \Driver\usbstor\
------------ End ----------
Scan finished
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.596000 GHz
Memory total: 1064546304, free: 201809920

Downloaded database version: v2014.01.09.05
Downloaded database version: v2014.01.09.06
Downloaded database version: v2014.01.09.07
Initializing...
======================
------------ Kernel report ------------
01/09/2014 16:03:01
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
trufos.sys
\WINDOWS\system32\DRIVERS\FLTMGR.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
sr.sys
avc3.sys
gzflt.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Serial.sys
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igxpmp32.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rtenicxp.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\Afc.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\avchv.sys
\SystemRoot\system32\DRIVERS\WDFLDR.SYS
\SystemRoot\System32\Drivers\wdf01000.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\bdvedisk.sys
\??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys
\SystemRoot\system32\DRIVERS\RTL8192su.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\HPZius12.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\HPZid412.sys
\SystemRoot\system32\DRIVERS\HPZipr12.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\igxpgd32.dll
\SystemRoot\System32\igxprd32.dll
\SystemRoot\System32\igxpdv32.DLL
\SystemRoot\System32\igxpdx32.DLL
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\avckf.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\ipfltdrv.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\48230029.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR3
Upper Device Object: 0xffffffff8499b6b0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000075\
Lower Device Object: 0xffffffff849a3600
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8652bab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-4\
Lower Device Object: 0xffffffff8658d940
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8652bab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8657b8f0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8652bab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86580520, DeviceName: \Device\00000063\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8658d940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A784A533

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 292043587
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 292061184 Numsec = 20516864

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-312561808-312581808)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff8499b6b0, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff849a8470, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8499b6b0, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff849a3600, DeviceName: \Device\00000075\, DriverName: \Driver\usbstor\
------------ End ----------
Scan finished
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished

 

[Broni]

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[dmcneil35]

Computer still v slow. I get this weird voice advert when I open firefox. somthing about taking a survey

-----
ComboFix 14-01-08.03 - HP_Administrator 2014-01-09 19:59:53.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.1015.309 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\1387297222.bdinstall.bin
c:\documents and settings\All Users\Application Data\AMMYY
c:\documents and settings\All Users\Application Data\AMMYY\hr
c:\documents and settings\All Users\Application Data\AMMYY\hr3
c:\documents and settings\All Users\Application Data\AMMYY\settings3.bin
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{80E158EA-7181-40FE-A701-301CE6BE64AB}\PostBuild.exe
c:\documents and settings\HP_Administrator\Local Settings\Application Data\lollipop
c:\documents and settings\HP_Administrator\Local Settings\Temporary Internet Files\GreyGray_iels
c:\documents and settings\HP_Administrator\My Documents\~WRL0491.tmp
c:\documents and settings\HP_Administrator\My Documents\~WRL2327.tmp
c:\documents and settings\HP_Administrator\Recent\hpothb07.dat
c:\documents and settings\HP_Administrator\Recent\hpothb07.tif
.
.
((((((((((((((((((((((((( Files Created from 2013-12-10 to 2014-01-10 )))))))))))))))))))))))))))))))
.
.
2014-01-09 21:02 . 2014-01-09 21:02 104664 ----a-w- c:\windows\system32\drivers\48230029.sys
2014-01-09 21:01 . 2014-01-09 21:01 51416 ----a-w- c:\windows\system32\drivers\32A91A4B.sys
2014-01-09 14:42 . 2014-01-09 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-01-09 14:42 . 2014-01-09 14:42 104664 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-01-09 05:46 . 2014-01-09 05:46 51416 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-01-08 15:20 . 2014-01-08 15:20 -------- d-----w- c:\windows\system32\MRT
2014-01-05 22:58 . 2014-01-05 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\bdch
2014-01-02 22:35 . 2014-01-02 22:35 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2014-01-02 22:34 . 2014-01-02 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2014-01-02 22:34 . 2014-01-02 22:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-01-02 22:34 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-18 14:26 . 2013-12-18 14:26 -------- d-----w- C:\b173431b9b34f36d5d70
2013-12-17 22:37 . 2013-12-17 22:37 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Bitdefender
2013-12-17 22:37 . 2013-12-17 22:37 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\QuickScan
2013-12-17 17:08 . 2013-12-17 17:08 -------- d-----w- c:\documents and settings\LocalService\Application Data\QuickScan
2013-12-17 17:00 . 2008-11-07 23:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2013-12-17 17:00 . 2009-07-15 03:27 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2013-12-17 16:59 . 2013-12-17 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\BDLogging
2013-12-17 16:59 . 2012-04-17 18:40 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
2013-12-17 16:59 . 2013-11-04 20:47 66832 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2013-12-17 16:59 . 2013-11-04 20:47 74512 ----a-w- c:\windows\system32\bdsandboxuiskin.dll
2013-12-17 16:59 . 2013-11-04 20:46 27168 ----a-w- c:\windows\system32\bdsandboxuh.dll
2013-12-17 16:59 . 2013-02-22 23:46 116560 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
2013-12-17 16:59 . 2007-04-11 15:11 511328 ----a-w- c:\windows\capicom.dll
2013-12-17 16:58 . 2013-07-19 22:06 490144 ----a-w- c:\windows\system32\drivers\avckf.sys
2013-12-17 16:58 . 2013-07-19 22:03 640560 ----a-w- c:\windows\system32\drivers\avc3.sys
2013-12-17 16:58 . 2012-11-02 18:17 242504 ----a-w- c:\windows\system32\drivers\avchv.sys
2013-12-17 16:30 . 2013-12-17 22:37 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Bitdefender
2013-12-17 16:28 . 2013-12-17 16:28 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\QuickScan
2013-12-17 16:20 . 2013-12-17 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Bitdefender
2013-12-17 16:20 . 2013-08-23 17:48 165744 ----a-w- c:\windows\system32\drivers\gzflt.sys
2013-12-17 16:20 . 2013-12-17 16:30 -------- d-----w- c:\program files\Bitdefender
2013-12-17 16:20 . 2013-08-07 17:46 360376 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-12-17 16:13 . 2013-12-17 16:20 -------- d-----w- c:\program files\Common Files\Bitdefender
2013-12-11 03:13 . 2013-12-11 03:13 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\InstallShield
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-09 05:19 . 2014-01-06 23:11 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS.bak
2014-01-09 05:19 . 2014-01-06 23:11 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 4352 ----a-w- c:\windows\system32\drivers\wmilib.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 37608 ----a-w- c:\windows\system32\drivers\wdfldr.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 12032 ----a-w- c:\windows\system32\drivers\ws2ifsl.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 444136 ----a-w- c:\windows\system32\drivers\wdf01000.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 34560 ----a-w- c:\windows\system32\drivers\wanarp.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 81664 ----a-w- c:\windows\system32\drivers\videoprt.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 58112 ----a-w- c:\windows\system32\drivers\vdmindvd.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 26368 ----a-w- c:\windows\system32\drivers\usbstor.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 20992 ----a-w- c:\windows\system32\drivers\vga.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 20608 ----a-w- c:\windows\system32\drivers\usbuhci.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 123008 ----a-w- c:\windows\system32\drivers\usbvideo.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 14976 ----a-w- c:\windows\system32\drivers\usbscan.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 59520 ----a-w- c:\windows\system32\drivers\usbhub.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 5376 ----a-w- c:\windows\system32\drivers\usbd.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 30336 ----a-w- c:\windows\system32\drivers\usbehci.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 15872 ----a-w- c:\windows\system32\drivers\usbintel.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 144128 ----a-w- c:\windows\system32\drivers\usbport.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 25728 ----a-w- c:\windows\system32\drivers\usbcamd2.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 25600 ----a-w- c:\windows\system32\drivers\usbcamd.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 66048 ----a-w- c:\windows\system32\drivers\udfs.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 60160 ----a-w- c:\windows\system32\drivers\usbaudio.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 45056 ----a-w- c:\windows\system32\drivers\usbaapl.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 384768 ----a-w- c:\windows\system32\drivers\update.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 21376 ----a-w- c:\windows\system32\drivers\tsbvcap.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 51712 ----a-w- c:\windows\system32\drivers\tosdvd.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 40840 ----a-w- c:\windows\system32\drivers\termdd.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 360376 ----a-w- c:\windows\system32\drivers\trufos.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 21896 ----a-w- c:\windows\system32\drivers\tdtcp.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 19072 ----a-w- c:\windows\system32\drivers\tdi.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 12040 ----a-w- c:\windows\system32\drivers\tdpipe.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 48512 ----a-w- c:\windows\system32\drivers\stream.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 4352 ----a-w- c:\windows\system32\drivers\swenum.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 14976 ----a-w- c:\windows\system32\drivers\tape.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 73472 ----a-w- c:\windows\system32\drivers\sr.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 6272 ----a-w- c:\windows\system32\drivers\splitter.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 357888 ----a-w- c:\windows\system32\drivers\srv.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 25344 ----a-w- c:\windows\system32\drivers\sonydcam.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 14592 ----a-w- c:\windows\system32\drivers\smclib.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 11392 ----a-w- c:\windows\system32\drivers\sfloppy.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 11008 ----a-w- c:\windows\system32\drivers\sffp_sd.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 10240 ----a-w- c:\windows\system32\drivers\sffp_mmc.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 79232 ----a-w- c:\windows\system32\drivers\sdbus.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 64512 ----a-w- c:\windows\system32\drivers\serial.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 20480 ----a-w- c:\windows\system32\drivers\secdrv.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 15744 ----a-w- c:\windows\system32\drivers\serenum.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 11904 ----a-w- c:\windows\system32\drivers\sffdisk.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 96384 ----a-w- c:\windows\system32\drivers\scsiport.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 588032 ----a-w- c:\windows\system32\drivers\RTL8192su.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 6427240 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 5888 ----a-w- c:\windows\system32\drivers\rootmdm.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 141568 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 57600 ----a-w- c:\windows\system32\drivers\redbook.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 30592 ----a-w- c:\windows\system32\drivers\rndismp.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 203136 ----a-w- c:\windows\system32\drivers\rmcast.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 12032 ----a-w- c:\windows\system32\drivers\riodrv.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 12032 ----a-w- c:\windows\system32\drivers\rio8drv.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 48384 ----a-w- c:\windows\system32\drivers\raspptp.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 34432 ----a-w- c:\windows\system32\drivers\rawwan.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 175744 ----a-w- c:\windows\system32\drivers\rdbss.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 16512 ----a-w- c:\windows\system32\drivers\raspti.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 8832 ----a-w- c:\windows\system32\drivers\rasacd.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 51328 ----a-w- c:\windows\system32\drivers\rasl2tp.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 69120 ----a-w- c:\windows\system32\drivers\psched.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 45648 ----a-w- c:\windows\system32\drivers\PxHelp20.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 35840 ----a-w- c:\windows\system32\drivers\processr.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 17792 ----a-w- c:\windows\system32\drivers\ptilink.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 146048 ----a-w- c:\windows\system32\drivers\portcls.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 120192 ----a-w- c:\windows\system32\drivers\pcmcia.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 68224 ----a-w- c:\windows\system32\drivers\pci.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 6784 ----a-w- c:\windows\system32\drivers\parvdm.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 3328 ----a-w- c:\windows\system32\drivers\pciide.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 24960 ----a-w- c:\windows\system32\drivers\pciidex.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 80128 ----a-w- c:\windows\system32\drivers\parport.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 42752 ----a-w- c:\windows\system32\drivers\p3.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 3456 ----a-w- c:\windows\system32\drivers\oprghdlr.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 19712 ----a-w- c:\windows\system32\drivers\partmgr.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 63232 ----a-w- c:\windows\system32\drivers\nwlnknb.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 55936 ----a-w- c:\windows\system32\drivers\nwlnkspx.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 88320 ----a-w- c:\windows\system32\drivers\nwlnkipx.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 32512 ----a-w- c:\windows\system32\drivers\nwlnkfwd.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 2944 ----a-w- c:\windows\system32\drivers\null.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 12416 ----a-w- c:\windows\system32\drivers\nwlnkflt.sys.bak
2014-01-09 05:19 . 2014-01-06 23:11 574976 ----a-w- c:\windows\system32\drivers\ntfs.sys.bak
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2013-07-08 19:58 179560 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2013-07-08 19:58 179560 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2013-07-08 19:58 179560 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2013-07-08 19:58 179560 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-07-25 20684656]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2013-12-17 477736]
"Bitdefender Wallet Application Agent"="c:\program files\Bitdefender\Bitdefender\bdapppassmgr.exe" [2013-12-17 612696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-26 166424]
"Reminder"="c:\windows\SMINST\Reminder.exe" [2009-07-23 1959208]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"Bdagent"="c:\program files\Bitdefender\Bitdefender\bdagent.exe" [2013-12-17 1834240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"(A0)"="c:\documents and settings\HP_Administrator\Desktop\mbar\mbar.exe" [2013-11-19 1175352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2013-12-17 477736]
"Bitdefender Wallet"="c:\program files\Bitdefender\Bitdefender\pwdmanui.exe" [2013-12-17 898512]
"Bitdefender Wallet Application Agent"="c:\program files\Bitdefender\Bitdefender\bdapppassmgr.exe" [2013-12-17 612696]
.
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe [2014-1-2 30714328]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ImageMixer 3 SE Camera Monitor Ver.4.5.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.4.5\Transfer Utility\CameraMonitor.exe [2011-12-2 406896]
PHOTOfunSTUDIO -viewer-.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2012-8-27 40960]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk
backup=c:\windows\pss\hp psc 2000 Series.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
1998-05-07 16:04 52736 ----a-w- c:\windows\system\hpsysdrv.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2013-12-17 640560]
R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [2013-12-17 165744]
R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2013-12-17 72704]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-01-02 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2014-01-02 701512]
R2 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender Safebox\safeboxservice.exe [2013-12-17 81704]
R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender\updatesrv.exe [2013-12-17 54424]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2013-12-17 242504]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys [2013-12-17 116560]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-01-09 51416]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-01-02 22856]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2009-03-27 588032]
S1 iSafeNetFilter;iSafeNetFilter;\??\c:\program files\iSafe\iSafeNetFilter.sys --> c:\program files\iSafe\iSafeNetFilter.sys [?]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-09 3275136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-07-25 162672]
S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2013-12-17 490144]
S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2013-12-17 66832]
S4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender\bdparentalservice.exe [2013-12-17 69880]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - MBAMSwissArmy
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-19 20:05]
.
2013-12-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyServer = 205.213.195.70:8080
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\zh89uc04.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-11-28 16:42; ffpwdman@bitdefender.com; c:\program files\Bitdefender\Bitdefender\ffpwdman
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-09 20:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrueSight]
"ImagePath"="\??\"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1344)
c:\windows\system32\igfxdev.dll
.
Completion time: 2014-01-09 20:15:58
ComboFix-quarantined-files.txt 2014-01-10 01:15
.
Pre-Run: 84 177 145 856 bytes free
Post-Run: 91 079 311 360 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - E2AFF36165855406A2DD809F8B1BD2DC
2947C7A174342A9DFF3C607CC5E4CAF4

 

[Broni]

What exactly is slow?

Is Firefox the only browser affected by ads?

You have some Norton's leftovers. Run this tool to remove them: http://www.majorgeeks.com/files/details/norton_removal_tool.html

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[dmcneil35]

Programs open slowly. even typing has a delay. I opened internet explorer to check the voice add thing and nothing happened. but IE reports "working off line" ??

proceeding to assigned tasks

 

[dmcneil35]

Firefox taking forever to load. but no more audio ad

# AdwCleaner v3.016 - Report created 09/01/2014 at 21:03:47
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : HP_Administrator - YOUR-06CE742A84
# Running from : C:\Documents and Settings\HP_Administrator\My Documents\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\NCH Software
Folder Deleted : C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Mobogenie
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\NCH Software
Folder Deleted : C:\Program Files\PC Optimizer Pro
Folder Deleted : C:\Documents and Settings\LocalService\Application Data\iSafe
Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mobogenie
Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\iSafe
Folder Deleted : C:\Documents and Settings\HP_Administrator\My Documents\Mobogenie
Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\zh89uc04.default\Smartbar
Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\zh89uc04.default\CT2801948
Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\zh89uc04.default\Extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
File Deleted : C:\END
File Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\zh89uc04.default\searchplugins\bingp.xml
File Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\zh89uc04.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2801948
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\lollipop
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\NCH Software
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PricePeep

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\zh89uc04.default\prefs.js ]

Line Deleted : user_pref("CT2801948.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT2801948.1000082.muteState", "off");
Line Deleted : user_pref("CT2801948.1000082.shrinkState", "expanded");
Line Deleted : user_pref("CT2801948.1000082.state", "{\"state\":\"stopped\",\"text\":\"Quebec - ...\",\"description\":\"Quebec - CBC Radio One\",\"url\":\"hxxp://origin.www.cbc.ca/mrl2/livemedia/cbcr1-quebeccity.asx[...]
Line Deleted : user_pref("CT2801948.1000234.TWC_TMP_city", "MONTREAL");
Line Deleted : user_pref("CT2801948.1000234.TWC_TMP_country", "CA");
Line Deleted : user_pref("CT2801948.1000234.TWC_locId", "CAXX0301");
Line Deleted : user_pref("CT2801948.1000234.TWC_location", "Montreal, Canada");
Line Deleted : user_pref("CT2801948.1000234.TWC_region", "OT");
Line Deleted : user_pref("CT2801948.1000234.TWC_temp_dis", "c");
Line Deleted : user_pref("CT2801948.1000234.TWC_wind_dis", "kmh");
Line Deleted : user_pref("CT2801948.1000234.weatherData", "{\"icon\":\"30.png\",\"temperature\":\"4°C\",\"temperatureClear\":\"4°C\",\"highTemperature\":\"1°C\",\"lowTemperature\":\"-2°C\",\"feelsLike\":\"1°C\",\"co[...]
Line Deleted : user_pref("CT2801948.129343840936544328.APP_WIN_FEATURES", "hscroll=1,vscroll=1,saveresizedsize=0,resizable=yes,titlebar=yes,closeonexternalclick=no,savelocation=no,openposition=center");
Line Deleted : user_pref("CT2801948.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2801948.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2801948.Facebook_Mode", "2");
Line Deleted : user_pref("CT2801948.FirstTime", "true");
Line Deleted : user_pref("CT2801948.FirstTimeFF3", "true");
Line Deleted : user_pref("CT2801948.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=2&q=");
Line Deleted : user_pref("CT2801948.UserID", "UN28148528763935354");
Line Deleted : user_pref("CT2801948.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT2801948.autoDisableScopes", -1);
Line Deleted : user_pref("CT2801948.browser.search.defaultthis.engineName", true);
Line Deleted : user_pref("CT2801948.defaultSearch", "true");
Line Deleted : user_pref("CT2801948.embeddedsData", "[{\"appId\":\"129306881621438061\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT2801948.enableAlerts", "always");
Line Deleted : user_pref("CT2801948.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT2801948.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT2801948.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT2801948.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT2801948.fixUrls", true);
Line Deleted : user_pref("CT2801948.hxxp___pinterest_aot_im.isEnabled", "Y");
Line Deleted : user_pref("CT2801948.installId", "toolbarinstall.exe");
Line Deleted : user_pref("CT2801948.installType", "ConduitNSISIntegration");
Line Deleted : user_pref("CT2801948.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2801948.isNewTabEnabled", true);
Line Deleted : user_pref("CT2801948.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT2801948.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT2801948.keyword", true);
Line Deleted : user_pref("CT2801948.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Faccounts.google.com%2FServiceLogin%3Fservice%3Dmail%26passive%3Dtrue%26rm%3Dfalse%26continu[...]
Line Deleted : user_pref("CT2801948.openThankYouPage", "false");
Line Deleted : user_pref("CT2801948.openUninstallPage", "true");
Line Deleted : user_pref("CT2801948.search.searchAppId", "129306881621438061");
Line Deleted : user_pref("CT2801948.search.searchCount", "2");
Line Deleted : user_pref("CT2801948.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT2801948.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2801948.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2801948.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT2801948.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2801948\"}");
Line Deleted : user_pref("CT2801948.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://NCHEN.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT2801948.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"NCH EN\"}");
Line Deleted : user_pref("CT2801948.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2801948.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT2801948.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1354470294377");
Line Deleted : user_pref("CT2801948.serviceLayer_services_appTracking_lastUpdate", "1344365855056");
Line Deleted : user_pref("CT2801948.serviceLayer_services_appsMetadata_lastUpdate", "1354484068051");
Line Deleted : user_pref("CT2801948.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1353944761960");
Line Deleted : user_pref("CT2801948.serviceLayer_services_login_10.10.20.14_lastUpdate", "1354513498348");
Line Deleted : user_pref("CT2801948.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1353944762113");
Line Deleted : user_pref("CT2801948.serviceLayer_services_searchAPI_lastUpdate", "1354487669844");
Line Deleted : user_pref("CT2801948.serviceLayer_services_serviceMap_lastUpdate", "1354487668680");
Line Deleted : user_pref("CT2801948.serviceLayer_services_toolbarContextMenu_lastUpdate", "1353944761814");
Line Deleted : user_pref("CT2801948.serviceLayer_services_toolbarSettings_lastUpdate", "1354513497823");
Line Deleted : user_pref("CT2801948.serviceLayer_services_translation_lastUpdate", "1354487668843");
Line Deleted : user_pref("CT2801948.settingsINI", true);
Line Deleted : user_pref("CT2801948.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT2801948.smartbar.CTID", "CT2801948");
Line Deleted : user_pref("CT2801948.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT2801948.smartbar.homepage", true);
Line Deleted : user_pref("CT2801948.smartbar.isHidden", true);
Line Deleted : user_pref("CT2801948.smartbar.toolbarName", "NCH EN ");
Line Deleted : user_pref("CT2801948.toolbarBornServerTime", "28-7-2012");
Line Deleted : user_pref("CT2801948.toolbarCurrentServerTime", "3-12-2012");
Line Deleted : user_pref("CT2801948.twitter_v1.8.0_twitter_app_open_t_f", "false");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=13");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "NCH EN Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=2&q=");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT2801948");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=2&q=");

*************************

AdwCleaner[R0].txt - [11548 octets] - [09/01/2014 21:01:49]
AdwCleaner[S0].txt - [11738 octets] - [09/01/2014 21:03:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11799 octets] ##########

 

[dmcneil35]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Microsoft Windows XP x86
Ran by HP_Administrator on 2014-01-09 at 22:10:28,00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\cre"
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"



~~~ FireFox

Successfully deleted: [Folder] C:\Documents and Settings\HP_Administrator\Application Data\mozilla\firefox\profiles\zh89uc04.default\smartbar
Successfully deleted the following from C:\Documents and Settings\HP_Administrator\Application Data\mozilla\firefox\profiles\zh89uc04.default\prefs.js

user_pref("CT2801948.FirstTime", "true");
user_pref("CT2801948.FirstTimeFF3", "true");
user_pref("CT2801948.UserID", "UN02354392670524963");
user_pref("CT2801948.fullUserID", "UN02354392670524963.XP.20140109215645");
user_pref("CT2801948.isCheckedStartAsHidden", true);
user_pref("CT2801948.lastVersion", "10.23.0.822");
user_pref("CT2801948.settingsINI", true);
user_pref("CT2801948.smartbar.CTID", "CT2801948");
user_pref("CT2801948.smartbar.Uninstall", "0");
user_pref("CT2801948.smartbar.toolbarName", "NCH EN ");
user_pref("CT2801948.userIdGenerationCounter", "1");
user_pref("CT2801948_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1389322871636,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("plugin.state.npconduitfirefoxplugin", 2);
user_pref("smartbar.machineId", "D6G33JP9HADOI/5IILLH/T/BKTVOXIYXRJ0BTBIX71MBP1MYU/I9AKB1+/ZD7XHYM7OED7KXPEVPJ12ACZEHVW");
Emptied folder: C:\Documents and Settings\HP_Administrator\Application Data\mozilla\firefox\profiles\zh89uc04.default\minidumps [4 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2014-01-09 at 22:29:45,51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[dmcneil35]

OTL Extras logfile created on: 2014-01-09 22:46:52 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd
1015,23 Mb Total Physical Memory | 514,71 Mb Available Physical Memory | 50,70% Memory free
2,38 Gb Paging File | 1,58 Gb Available in Paging File | 66,07% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139,26 Gb Total Space | 84,70 Gb Free Space | 60,82% Space Free | Partition Type: NTFS
Drive D: | 9,78 Gb Total Space | 0,42 Gb Free Space | 4,32% Space Free | Partition Type: NTFS
Computer Name: YOUR-06CE742A84 | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-2985956707-2506270801-1478608977-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- c:\program files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNetisabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabledxpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*isabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe:*:Enabledropbox -- (Dropbox, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 45
"{28C7E8E5-F0E4-4CF3-A823-AD49BFF4DE9A}" = ImageMixer 3 SE Ver.4.5 Video Tools
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4028A420-8CB5-4F9C-B698-6EBA5491256D}" = ImageMixer 3 SE Ver.4.5 Transfer Utility
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.7
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{65AC648B-9559-4C54-8ED3-B04A10C0FB8D}" = StudioTax 2012
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{87E6A443-536D-4047-AAC9-40947FC3333A}" = Music Transfer Utility Ver.1.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{93FB47FB-4FDF-4131-B5FD-7A37883868E7}" = hp psc 2170 series
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{B2F25F71-D920-4288-A548-54CD253DEF14}" = SILKYPIX Developer Studio 3.0 SE
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Bitdefender" = Bitdefender Total Security
"DivX Setup" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP PSC 2170 Series" = HP Photo and Imaging 2.0 - hp psc 2170 series
"ie8" = Windows Internet Explorer 8
"InstallShield_{B2F25F71-D920-4288-A548-54CD253DEF14}" = SILKYPIX Developer Studio 3.0 SE
"Lightspark" = Lightspark 0.5.3-git
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2985956707-2506270801-1478608977-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 2013-12-07 04:32:00 | Computer Name = YOUR-06CE742A84 | Source = Bonjour Service | ID = 100
Description =
Error - 2013-12-07 04:32:00 | Computer Name = YOUR-06CE742A84 | Source = Bonjour Service | ID = 100
Description =
Error - 2013-12-07 04:32:00 | Computer Name = YOUR-06CE742A84 | Source = Bonjour Service | ID = 100
Description =
Error - 2013-12-08 05:27:12 | Computer Name = YOUR-06CE742A84 | Source = Application Error | ID = 1000
Description = Faulting application acdaemon.exe, version 1.1.0.49, faulting module
acdaemon.exe, version 1.1.0.49, fault address 0x0001af76.
Error - 2013-12-09 16:44:19 | Computer Name = YOUR-06CE742A84 | Source = Application Error | ID = 1000
Description = Faulting application acdaemon.exe, version 1.1.0.49, faulting module
acdaemon.exe, version 1.1.0.49, fault address 0x0001af76.
Error - 2013-12-09 23:56:36 | Computer Name = YOUR-06CE742A84 | Source = Application Error | ID = 1000
Description = Faulting application acdaemon.exe, version 1.1.0.49, faulting module
acdaemon.exe, version 1.1.0.49, fault address 0x0001af76.
Error - 2013-12-09 23:58:11 | Computer Name = YOUR-06CE742A84 | Source = Application Error | ID = 1001
Description = Fault bucket -2109233358.
Error - 2013-12-10 00:02:31 | Computer Name = YOUR-06CE742A84 | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 25.0.1.5064, faulting
module mozalloc.dll, version 25.0.1.5064, fault address 0x0000119c.
Error - 2014-01-07 00:41:40 | Computer Name = YOUR-06CE742A84 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070005 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro
Error - 2014-01-07 00:41:40 | Computer Name = YOUR-06CE742A84 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.
[ OSession Events ]
Error - 2013-04-05 03:00:27 | Computer Name = YOUR-06CE742A84 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 123190
seconds with 12060 seconds of active time. This session ended with a crash.
Error - 2013-05-20 03:52:57 | Computer Name = YOUR-06CE742A84 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10087
seconds with 0 seconds of active time. This session ended with a crash.
Error - 2013-08-11 03:31:08 | Computer Name = YOUR-06CE742A84 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 137541
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 2014-01-08 18:40:42 | Computer Name = YOUR-06CE742A84 | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address D8FEE32FC5B4. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.
Error - 2014-01-09 01:56:15 | Computer Name = YOUR-06CE742A84 | Source = Service Control Manager | ID = 7034
Description = The MBAMScheduler service terminated unexpectedly. It has done this
1 time(s).
Error - 2014-01-09 01:56:21 | Computer Name = YOUR-06CE742A84 | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).
Error - 2014-01-09 02:49:31 | Computer Name = YOUR-06CE742A84 | Source = Service Control Manager | ID = 7000
Description = The Norton Internet Security service failed to start due to the following
error: %%3
Error - 2014-01-09 02:49:33 | Computer Name = YOUR-06CE742A84 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
iSafeNetFilter SRTSP SRTSPX
Error - 2014-01-09 10:13:23 | Computer Name = YOUR-06CE742A84 | Source = Service Control Manager | ID = 7000
Description = The Norton Internet Security service failed to start due to the following
error: %%3
Error - 2014-01-09 10:13:23 | Computer Name = YOUR-06CE742A84 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
iSafeNetFilter SRTSP SRTSPX
Error - 2014-01-09 14:26:40 | Computer Name = YOUR-06CE742A84 | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address D8FEE32FC5B4. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.
Error - 2014-01-09 20:32:15 | Computer Name = YOUR-06CE742A84 | Source = Service Control Manager | ID = 7034
Description = The Skype C2C Service service terminated unexpectedly. It has done
this 1 time(s).
Error - 2014-01-09 22:42:14 | Computer Name = YOUR-06CE742A84 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
iSafeNetFilter
< End of report >

 

[dmcneil35]

Dupe...

 

[dmcneil35]

OTL logfile created on: 2014-01-09 22:46:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd
1015,23 Mb Total Physical Memory | 514,71 Mb Available Physical Memory | 50,70% Memory free
2,38 Gb Paging File | 1,58 Gb Available in Paging File | 66,07% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139,26 Gb Total Space | 84,70 Gb Free Space | 60,82% Space Free | Partition Type: NTFS
Drive D: | 9,78 Gb Total Space | 0,42 Gb Free Space | 4,32% Space Free | Partition Type: NTFS
Computer Name: YOUR-06CE742A84 | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014-01-09 22:45:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe
PRC - [2014-01-02 19:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2013-12-17 12:36:40 | 001,834,240 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
PRC - [2013-12-17 12:36:26 | 000,477,736 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
PRC - [2013-12-17 12:36:04 | 000,612,696 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe
PRC - [2013-11-15 15:05:46 | 001,234,792 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
PRC - [2013-10-09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013-10-08 07:48:23 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013-10-07 11:13:01 | 000,054,424 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
PRC - [2013-07-08 14:52:34 | 000,081,704 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
PRC - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013-04-04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011-07-28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010-03-18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009-08-28 21:07:22 | 000,406,896 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4.5\Transfer Utility\CameraMonitor.exe
PRC - [2008-05-27 18:35:30 | 000,040,960 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
PRC - [2008-04-14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003-03-09 21:31:02 | 000,065,795 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
========== Modules (No Company Name) ==========
MOD - [2014-01-08 10:38:56 | 002,128,832 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender\otengines_00023_003\ashttpph.mdl
MOD - [2014-01-08 10:38:52 | 001,119,480 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender\otengines_00023_003\ashttprbl.mdl
MOD - [2014-01-08 10:38:51 | 000,667,280 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender\otengines_00023_003\ashttpbr.mdl
MOD - [2014-01-08 10:38:45 | 000,488,584 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender\otengines_00023_003\ashttpdsp.mdl
MOD - [2014-01-02 19:45:04 | 003,558,400 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013-11-28 16:38:13 | 000,004,608 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender\ui\imsecurityal.ui
MOD - [2013-11-28 16:38:11 | 000,003,072 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender\ui\accessl.ui
MOD - [2013-11-17 03:23:39 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2013-11-17 03:23:25 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2013-11-17 03:23:21 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2013-11-15 12:54:45 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\b01bf82d99cca42b8140884fb833583d\System.Transactions.ni.dll
MOD - [2013-11-15 12:54:14 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\9c02362e677418460c52569019a266e4\System.EnterpriseServices.ni.dll
MOD - [2013-11-15 12:13:33 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll
MOD - [2013-11-15 12:08:21 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
MOD - [2013-11-15 12:08:00 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\02257c6b67db33c194fa3beccf977afb\System.Windows.Forms.ni.dll
MOD - [2013-11-15 12:06:36 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll
MOD - [2013-11-15 12:03:35 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\5013900c3c0610c88059fcb8f1f4acb4\System.Data.ni.dll
MOD - [2013-11-15 11:53:15 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013-11-15 11:52:40 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2013-10-18 18:55:02 | 025,100,288 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\libcef.dll
MOD - [2013-09-03 13:29:38 | 000,095,088 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender\bdmetrics.dll
MOD - [2013-08-07 12:47:42 | 000,401,528 | ---- | M] () -- \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll
MOD - [2013-06-19 11:44:37 | 000,204,280 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll
MOD - [2013-03-25 15:16:32 | 000,919,136 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender Safebox\system.data.sqlite.dll
MOD - [2012-02-20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012-02-20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011-11-14 19:17:06 | 000,132,176 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender\bdfwcore.dll
MOD - [2011-07-28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011-07-28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2008-08-29 15:15:50 | 000,364,544 | ---- | M] () -- C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4.5\Transfer Utility\pxl_m17n_tool.dll
MOD - [2008-05-27 18:30:44 | 000,036,864 | ---- | M] () -- C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\RawPictureLib.pcp
MOD - [2008-04-14 07:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008-04-14 07:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2003-03-09 20:31:04 | 000,561,152 | ---- | M] () -- C:\WINDOWS\system32\hpotscl.dll
========== Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013-12-21 10:18:19 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-11-21 18:41:02 | 000,069,880 | ---- | M] (Bitdefender) [Disabled | Stopped] -- C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe -- (BdDesktopParental)
SRV - [2013-11-15 15:05:46 | 001,234,792 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender\vsserv.exe -- (VSSERV)
SRV - [2013-10-09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013-10-08 07:48:23 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013-10-07 11:13:01 | 000,054,424 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe -- (UPDATESRV)
SRV - [2013-09-19 15:05:14 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-07-25 07:52:52 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-07-08 14:52:34 | 000,081,704 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe -- (SafeBox)
SRV - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2010-03-18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2003-03-09 21:31:02 | 000,065,795 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (TrueSight)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\iSafe\iSafeNetFilter.sys -- (iSafeNetFilter)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013-11-04 15:47:30 | 000,066,832 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bdsandbox.sys -- (BDSandBox)
DRV - [2013-08-23 12:48:39 | 000,165,744 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\gzflt.sys -- (gzflt)
DRV - [2013-08-07 12:46:04 | 000,360,376 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\trufos.sys -- (trufos)
DRV - [2013-07-26 10:53:51 | 000,135,600 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys -- (bdselfpr)
DRV - [2013-07-19 17:06:44 | 000,490,144 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avckf.sys -- (avckf)
DRV - [2013-07-19 17:03:32 | 000,640,560 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avc3.sys -- (avc3)
DRV - [2013-04-04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013-02-22 18:46:44 | 000,116,560 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys -- (Bdfndisf)
DRV - [2012-11-02 13:17:14 | 000,242,504 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avchv.sys -- (avchv)
DRV - [2012-04-17 13:40:22 | 000,072,704 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bdvedisk.sys -- (BDVEDISK)
DRV - [2011-11-14 19:16:26 | 000,130,640 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2011-08-16 17:46:02 | 006,427,240 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2009-08-05 09:23:22 | 000,588,032 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009-04-23 06:22:16 | 000,141,568 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2005-02-23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IN&c=64&bd=PRESARIO&pf=desktop
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IN&c=64&bd=PRESARIO&pf=desktop
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2985956707-2506270801-1478608977-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2985956707-2506270801-1478608977-1006\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2985956707-2506270801-1478608977-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2985956707-2506270801-1478608977-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-2985956707-2506270801-1478608977-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 205.213.195.70:8080
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: fr-classique%40dictionaries.addons.mozilla.org:4.3
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.126
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Bitdefender.com/PasswordManager;version=17.8: C:\Program Files\Bitdefender\Bitdefender\pmbxnp.dll (Bitdefender)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1: C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-10-01 13:25:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ffpwdman@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender\ffpwdman\ [2013-11-28 16:42:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: c:\program files\Mozilla Firefox\components [2013-12-10 23:38:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: c:\program files\Mozilla Firefox\plugins [2013-12-10 23:38:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender\bdtbext [2013-11-28 16:42:31 | 000,000,000 | ---D | M]
[2011-01-06 18:46:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2014-01-09 22:42:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\zh89uc04.default\extensions
[2014-01-09 21:52:29 | 000,000,000 | ---D | M] (NCH EN) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\zh89uc04.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
[2011-10-08 07:59:29 | 000,000,000 | ---D | M] (Dictionnaire français «Classique») -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\zh89uc04.default\extensions\fr-classique@dictionaries.addons.mozilla.org
[2014-01-09 22:42:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\zh89uc04.default\extensions\staged
[2014-01-01 16:34:45 | 000,915,554 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\zh89uc04.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014-01-09 22:02:08 | 000,001,086 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\zh89uc04.default\searchplugins\nch-en-customized-web-search.xml
[2013-11-16 00:11:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013-11-16 00:11:44 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013-11-16 00:11:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013-11-16 00:11:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013-12-21 10:18:30 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011-10-01 13:25:35 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2013-11-17 03:17:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

 

[dmcneil35]

Part 2.

I may have accidentally hit scan instead of quick scan

O1 HOSTS File: ([2014-01-09 20:11:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Bitdefender Wallet) - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\SMINST\reminder.exe (CyberLink)
O4 - HKU\.DEFAULT..\Run: [Bitdefender Wallet] C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe (Bitdefender)
O4 - HKU\.DEFAULT..\Run: [Bitdefender Wallet Agent] C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe (Bitdefender)
O4 - HKU\.DEFAULT..\Run: [Bitdefender Wallet Application Agent] C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe (Bitdefender)
O4 - HKU\S-1-5-18..\Run: [Bitdefender Wallet] C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe (Bitdefender)
O4 - HKU\S-1-5-18..\Run: [Bitdefender Wallet Agent] C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe (Bitdefender)
O4 - HKU\S-1-5-18..\Run: [Bitdefender Wallet Application Agent] C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe (Bitdefender)
O4 - HKU\S-1-5-21-2985956707-2506270801-1478608977-1006..\Run: [Bitdefender Wallet Agent] C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe (Bitdefender)
O4 - HKU\S-1-5-21-2985956707-2506270801-1478608977-1006..\Run: [Bitdefender Wallet Application Agent] C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe (Bitdefender)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.4.5.lnk = C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4.5\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2985956707-2506270801-1478608977-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2985956707-2506270801-1478608977-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2985956707-2506270801-1478608977-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-2985956707-2506270801-1478608977-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2985956707-2506270801-1478608977-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1294355956989 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58760A3C-BCCF-45D9-A72D-281595A5B161}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - https://dub117.afx.ms/att/GetInline...aeac9938272f368e8e490ae746b43c&amp;oneredir=1
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-09-01 19:52:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014-01-09 22:10:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014-01-09 21:01:46 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014-01-09 19:53:10 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014-01-09 19:41:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014-01-09 19:41:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014-01-09 19:41:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014-01-09 19:41:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014-01-09 19:41:03 | 000,000,000 | ---D | C] -- C:\ComboFix
[2014-01-09 19:32:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014-01-09 19:31:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2014-01-09 16:02:58 | 000,104,664 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\48230029.sys
[2014-01-09 16:01:47 | 000,051,416 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\32A91A4B.sys
[2014-01-09 09:42:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2014-01-09 09:42:42 | 000,104,664 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014-01-09 00:46:23 | 000,051,416 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014-01-09 00:45:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\mbar
[2014-01-08 10:20:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2014-01-06 18:11:59 | 000,037,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wdfldr.sys.bak
[2014-01-06 18:11:59 | 000,004,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wmilib.sys.bak
[2014-01-06 18:11:58 | 000,081,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\videoprt.sys.bak
[2014-01-06 18:11:58 | 000,058,112 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\vdmindvd.sys.bak
[2014-01-06 18:11:57 | 000,144,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys.bak
[2014-01-06 18:11:57 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbintel.sys.bak
[2014-01-06 18:11:57 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbd.sys.bak
[2014-01-06 18:11:56 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd2.sys.bak
[2014-01-06 18:11:56 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd.sys.bak
[2014-01-06 18:11:56 | 000,021,376 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\drivers\tsbvcap.sys.bak
[2014-01-06 18:11:56 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023.sys.bak
[2014-01-06 18:11:55 | 000,360,376 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\trufos.sys.bak
[2014-01-06 18:11:55 | 000,226,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys.bak
[2014-01-06 18:11:55 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tosdvd.sys.bak
[2014-01-06 18:11:55 | 000,019,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdi.sys.bak
[2014-01-06 18:11:54 | 000,048,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys.bak
[2014-01-06 18:11:54 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tape.sys.bak
[2014-01-06 18:11:53 | 000,025,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sonydcam.sys.bak
[2014-01-06 18:11:53 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smclib.sys.bak
[2014-01-06 18:11:52 | 000,096,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\scsiport.sys.bak
[2014-01-06 18:11:51 | 000,588,032 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\RTL8192su.sys.bak
[2014-01-06 18:11:50 | 006,427,240 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys.bak
[2014-01-06 18:11:50 | 000,141,568 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\Rtenicxp.sys.bak
[2014-01-06 18:11:49 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rmcast.sys.bak
[2014-01-06 18:11:49 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismp.sys.bak
[2014-01-06 18:11:49 | 000,012,032 | ---- | C] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\riodrv.sys.bak
[2014-01-06 18:11:49 | 000,012,032 | ---- | C] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\rio8drv.sys.bak
[2014-01-06 18:11:48 | 000,034,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rawwan.sys.bak
[2014-01-06 18:11:47 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys.bak
[2014-01-06 18:11:47 | 000,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys.bak
[2014-01-06 18:11:46 | 000,063,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnknb.sys.bak
[2014-01-06 18:11:46 | 000,055,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkspx.sys.bak
[2014-01-06 18:11:46 | 000,003,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\oprghdlr.sys.bak
[2014-01-06 18:11:45 | 000,088,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkipx.sys.bak
[2014-01-06 18:11:45 | 000,040,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nmnt.sys.bak
[2014-01-06 18:11:45 | 000,012,032 | ---- | C] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\nikedrv.sys.bak
[2014-01-06 18:11:42 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mpe.sys.bak
[2014-01-06 18:11:41 | 000,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mf.sys.bak
[2014-01-06 18:11:41 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys.bak
[2014-01-06 18:11:41 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys.bak
[2014-01-06 18:11:41 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mcd.sys.bak
[2014-01-06 18:11:40 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys.bak
[2014-01-06 18:11:37 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidclass.sys.bak
[2014-01-06 18:11:37 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidparse.sys.bak
[2014-01-06 18:11:36 | 000,165,744 | ---- | C] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\gzflt.sys.bak
[2014-01-06 18:11:36 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fsvga.sys.bak
[2014-01-06 18:11:35 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxg.sys.bak
[2014-01-06 18:11:35 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys.bak
[2014-01-06 18:11:35 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxapi.sys.bak
[2014-01-06 18:11:35 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxgthk.sys.bak
[2014-01-06 18:11:34 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\diskdump.sys.bak
[2014-01-06 18:11:34 | 000,011,776 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\drivers\cpqdap01.sys.bak
[2014-01-06 18:11:33 | 000,262,528 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\cinemst2.sys.bak
[2014-01-06 18:11:33 | 000,049,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\classpnp.sys.bak
[2014-01-06 18:11:33 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys.bak
[2014-01-06 18:11:33 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys.bak
[2014-01-06 18:11:31 | 000,490,144 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\avckf.sys.bak
[2014-01-06 18:11:31 | 000,116,560 | ---- | C] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys.bak
[2014-01-06 18:11:31 | 000,072,704 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\bdvedisk.sys.bak
[2014-01-06 18:11:31 | 000,066,832 | ---- | C] (BitDefender SRL) -- C:\WINDOWS\System32\drivers\bdsandbox.sys.bak
[2014-01-06 18:11:31 | 000,011,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bdasup.sys.bak
[2014-01-06 18:11:30 | 000,640,560 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\avc3.sys.bak
[2014-01-06 18:11:30 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmuni.sys.bak
[2014-01-06 18:11:30 | 000,242,504 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\avchv.sys.bak
[2014-01-06 18:11:30 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmlane.sys.bak
[2014-01-06 18:11:30 | 000,031,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmepvc.sys.bak
[2014-01-06 18:11:29 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk6.sys.bak
[2014-01-06 18:11:28 | 000,011,776 | ---- | C] (Arcsoft, Inc.) -- C:\WINDOWS\System32\drivers\afc.sys.bak
[2014-01-06 18:03:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\RK_Quarantine
[2014-01-05 17:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\bdch
[2014-01-02 19:48:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Administrative Tools
[2014-01-02 17:35:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
[2014-01-02 17:34:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014-01-02 17:34:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014-01-02 17:34:28 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014-01-02 17:34:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013-12-18 09:26:26 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013-12-18 09:26:08 | 000,000,000 | ---D | C] -- C:\b173431b9b34f36d5d70
[2013-12-17 12:08:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\QuickScan
[2013-12-17 12:00:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bitdefender
[2013-12-17 12:00:45 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2013-12-17 12:00:17 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WdfCoInstaller01009.dll
[2013-12-17 11:59:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BDLogging
[2013-12-17 11:59:26 | 000,072,704 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\bdvedisk.sys
[2013-12-17 11:59:05 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\capicom.dll
[2013-12-17 11:59:05 | 000,116,560 | ---- | C] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys
[2013-12-17 11:59:05 | 000,074,512 | ---- | C] (BitDefender SRL) -- C:\WINDOWS\System32\bdsandboxuiskin.dll
[2013-12-17 11:59:05 | 000,066,832 | ---- | C] (BitDefender SRL) -- C:\WINDOWS\System32\drivers\bdsandbox.sys
[2013-12-17 11:59:05 | 000,027,168 | ---- | C] (BitDefender SRL) -- C:\WINDOWS\System32\bdsandboxuh.dll
[2013-12-17 11:58:44 | 000,640,560 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\avc3.sys
[2013-12-17 11:58:44 | 000,490,144 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\avckf.sys
[2013-12-17 11:58:44 | 000,242,504 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\avchv.sys
[2013-12-17 11:30:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Bitdefender
[2013-12-17 11:28:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\QuickScan
[2013-12-17 11:20:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Bitdefender
[2013-12-17 11:20:43 | 000,165,744 | ---- | C] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\gzflt.sys
[2013-12-17 11:20:33 | 000,360,376 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\trufos.sys
[2013-12-17 11:20:33 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2013-12-17 11:13:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014-01-09 23:05:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014-01-09 21:40:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014-01-09 20:11:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014-01-09 19:53:19 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2014-01-09 18:36:11 | 000,000,488 | ---- | M] () -- C:\hpfr5550.xml
[2014-01-09 16:02:59 | 000,104,664 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\48230029.sys
[2014-01-09 16:01:53 | 000,051,416 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\32A91A4B.sys
[2014-01-09 09:42:42 | 000,104,664 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014-01-09 02:10:56 | 000,001,073 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Dropbox.lnk
[2014-01-09 02:10:54 | 000,001,073 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Dropbox.lnk
[2014-01-09 00:46:23 | 000,051,416 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014-01-09 00:19:36 | 000,037,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wdfldr.sys.bak
[2014-01-09 00:19:36 | 000,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wmilib.sys.bak
[2014-01-09 00:19:35 | 000,081,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\videoprt.sys.bak
[2014-01-09 00:19:35 | 000,058,112 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\vdmindvd.sys.bak
[2014-01-09 00:19:34 | 000,144,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys.bak
[2014-01-09 00:19:34 | 000,025,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd2.sys.bak
[2014-01-09 00:19:34 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd.sys.bak
[2014-01-09 00:19:34 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbintel.sys.bak
[2014-01-09 00:19:34 | 000,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbd.sys.bak
[2014-01-09 00:19:33 | 000,021,376 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\System32\drivers\tsbvcap.sys.bak
[2014-01-09 00:19:33 | 000,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023.sys.bak
[2014-01-09 00:19:32 | 000,360,376 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\trufos.sys.bak
[2014-01-09 00:19:32 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys.bak
[2014-01-09 00:19:32 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tosdvd.sys.bak
[2014-01-09 00:19:32 | 000,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdi.sys.bak
[2014-01-09 00:19:31 | 000,048,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys.bak
[2014-01-09 00:19:31 | 000,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tape.sys.bak
[2014-01-09 00:19:30 | 000,025,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sonydcam.sys.bak
[2014-01-09 00:19:30 | 000,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smclib.sys.bak
[2014-01-09 00:19:28 | 000,588,032 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\RTL8192su.sys.bak
[2014-01-09 00:19:28 | 000,096,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\scsiport.sys.bak
[2014-01-09 00:19:27 | 006,427,240 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys.bak
[2014-01-09 00:19:26 | 000,203,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rmcast.sys.bak
[2014-01-09 00:19:26 | 000,141,568 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\Rtenicxp.sys.bak
[2014-01-09 00:19:26 | 000,030,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismp.sys.bak
[2014-01-09 00:19:26 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\riodrv.sys.bak
[2014-01-09 00:19:26 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\rio8drv.sys.bak
[2014-01-09 00:19:24 | 000,034,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rawwan.sys.bak
[2014-01-09 00:19:23 | 000,146,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys.bak
[2014-01-09 00:19:22 | 000,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys.bak
[2014-01-09 00:19:22 | 000,003,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\oprghdlr.sys.bak
[2014-01-09 00:19:21 | 000,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkipx.sys.bak
[2014-01-09 00:19:21 | 000,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnknb.sys.bak
[2014-01-09 00:19:21 | 000,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkspx.sys.bak
[2014-01-09 00:19:20 | 000,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nmnt.sys.bak
[2014-01-09 00:19:20 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\nikedrv.sys.bak
[2014-01-09 00:19:15 | 000,015,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mpe.sys.bak
[2014-01-09 00:19:14 | 000,141,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys.bak
[2014-01-09 00:19:14 | 000,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mf.sys.bak
[2014-01-09 00:19:14 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys.bak
[2014-01-09 00:19:14 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys.bak
[2014-01-09 00:19:14 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mcd.sys.bak
[2014-01-09 00:19:09 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidclass.sys.bak
[2014-01-09 00:19:09 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidparse.sys.bak
[2014-01-09 00:19:08 | 000,165,744 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\gzflt.sys.bak
[2014-01-09 00:19:08 | 000,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fsvga.sys.bak
[2014-01-09 00:19:06 | 000,071,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxg.sys.bak
[2014-01-09 00:19:06 | 000,060,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys.bak
[2014-01-09 00:19:06 | 000,010,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxapi.sys.bak
[2014-01-09 00:19:06 | 000,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxgthk.sys.bak
[2014-01-09 00:19:04 | 000,049,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\classpnp.sys.bak
[2014-01-09 00:19:04 | 000,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\diskdump.sys.bak
[2014-01-09 00:19:04 | 000,011,776 | ---- | M] (Compaq Computer Corporation) -- C:\WINDOWS\System32\drivers\cpqdap01.sys.bak
[2014-01-09 00:19:03 | 000,262,528 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\cinemst2.sys.bak
[2014-01-09 00:19:03 | 000,009,200 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys.bak
[2014-01-09 00:19:03 | 000,009,072 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys.bak
[2014-01-09 00:19:00 | 000,116,560 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys.bak
[2014-01-09 00:19:00 | 000,072,704 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\bdvedisk.sys.bak
[2014-01-09 00:19:00 | 000,066,832 | ---- | M] (BitDefender SRL) -- C:\WINDOWS\System32\drivers\bdsandbox.sys.bak
[2014-01-09 00:18:59 | 000,490,144 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\avckf.sys.bak
[2014-01-09 00:18:59 | 000,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bdasup.sys.bak
[2014-01-09 00:18:58 | 000,640,560 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\avc3.sys.bak
[2014-01-09 00:18:58 | 000,242,504 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\avchv.sys.bak
[2014-01-09 00:18:57 | 000,352,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmuni.sys.bak
[2014-01-09 00:18:57 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmlane.sys.bak
[2014-01-09 00:18:57 | 000,031,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmepvc.sys.bak
[2014-01-09 00:18:55 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk6.sys.bak
[2014-01-09 00:18:54 | 000,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\WINDOWS\System32\drivers\afc.sys.bak
[2014-01-02 17:34:53 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014-01-01 16:14:55 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013-12-30 20:02:37 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013-12-22 17:56:36 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\&Help and Support.lnk
[2013-12-18 09:32:03 | 000,000,385 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Datauser_gensett.xml
[2013-12-17 17:37:59 | 000,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml
[2013-12-17 12:00:59 | 000,001,768 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bitdefender Total Security.lnk
[2013-12-17 12:00:58 | 000,001,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bitdefender Safepay.lnk
[2013-12-17 12:00:57 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2013-12-17 12:00:56 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2013-12-17 12:00:55 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013-12-12 03:27:05 | 000,286,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014-01-09 19:53:19 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2014-01-09 19:53:17 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2014-01-09 19:41:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2014-01-09 19:41:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014-01-09 19:41:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014-01-09 19:41:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014-01-09 19:41:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014-01-02 17:34:53 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013-12-22 17:56:35 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\&Help and Support.lnk
[2013-12-18 09:32:03 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Datauser_gensett.xml
[2013-12-17 17:37:59 | 000,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml
[2013-12-17 12:00:59 | 000,001,768 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bitdefender Total Security.lnk
[2013-12-17 12:00:58 | 000,001,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bitdefender Safepay.lnk
[2013-12-17 12:00:57 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2013-12-17 12:00:56 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2013-11-14 18:40:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013-10-15 16:02:45 | 000,001,476 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\recently-used.xbel
[2013-10-13 19:29:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2013-10-10 11:38:46 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013-02-15 13:13:39 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2013-02-15 12:48:02 | 000,000,253 | -H-- | C] () -- C:\Documents and Settings\All Users\hpothb07.tif
[2013-02-15 12:48:02 | 000,000,164 | -H-- | C] () -- C:\Documents and Settings\All Users\hpothb07.dat
[2013-02-15 12:43:55 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\hpothb07.tif
[2013-02-15 12:43:55 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\hpothb07.dat
[2012-08-27 17:14:17 | 000,000,113 | ---- | C] () -- C:\WINDOWS\PhEdit.INI
[2012-08-27 16:24:14 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2012-08-27 16:24:13 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2012-08-27 16:24:13 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2012-08-27 16:24:13 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2012-08-27 16:24:13 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2012-08-27 16:24:13 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2012-08-27 16:24:13 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2012-08-27 16:24:13 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2012-08-27 16:24:13 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2012-08-27 16:24:13 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2012-08-27 16:24:13 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2012-08-27 16:24:13 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2012-08-27 16:24:13 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2012-08-27 16:24:13 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2012-08-27 16:24:13 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2012-08-27 16:24:13 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2012-08-27 16:24:13 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2012-08-27 16:24:13 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2012-08-27 16:24:13 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2012-08-03 01:21:52 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2011-01-17 19:47:16 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2009-09-01 20:08:40 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008-04-14 07:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-02-09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008-04-14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (TrueSight)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\iSafe\iSafeNetFilter.sys -- (iSafeNetFilter)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys -- (catchme)
IE - HKU\S-1-5-21-2985956707-2506270801-1478608977-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-2985956707-2506270801-1478608977-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 205.213.195.70:8080
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found


:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Click on "Run ESET Online Scanner" button.
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[dmcneil35]

OTL stalled. rebooted in safemode. computer still super slow

All processes killed
========== OTL ==========
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
File %SystemRoot%\System32\appmgmts.dll not found.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Error: No service named TrueSight was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrueSight deleted successfully.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service iSafeNetFilter stopped successfully!
Service iSafeNetFilter deleted successfully!
File C:\Program Files\iSafe\iSafeNetFilter.sys not found.
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys not found.
Unable to set value : HKU\S-1-5-21-2985956707-2506270801-1478608977-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E!
Unable to set value : HKU\S-1-5-21-2985956707-2506270801-1478608977-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\FRST not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 148480 bytes
->Temporary Internet Files folder emptied: 7421847 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: HP_Administrator
->Temp folder emptied: 46911729 bytes
->Temporary Internet Files folder emptied: 9669675 bytes
->FireFox cache emptied: 81665099 bytes
->Flash cache emptied: 3092641 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8109112 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 152.00 mb
[EMPTYJAVA]
User: Administrator
User: All Users
User: Default User
User: HP_Administrator
User: LocalService
User: NetworkService
Total Java Files Cleaned = 0.00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default User
User: HP_Administrator
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01102014_091108

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF5675.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF5682.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF65C3.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF65D3.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF662E.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF668E.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF7903.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF7910.tmp not found!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\RWPCOGH9\resourcespreload[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\RWPCOGH9\RteFrameResources[1].htm moved successfully.
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\B86OB4PH\13557[1].htm not found!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\B86OB4PH\GFXHasherAjaxIFrame_e8u3OtQonFhEjc0Yi_3RCA2[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\B86OB4PH\Messenger[1].htm moved successfully.
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6SKFHRWZ\default[1].htm not found!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6SKFHRWZ\hps-euro-w01-bold-eot[1].eot moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6SKFHRWZ\hps-euro-w01-regular-eot[1].eot moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6SKFHRWZ\regular[1].eot moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6SKFHRWZ\semibold[1].eot moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6SKFHRWZ\xmlProxy[1].htm moved successfully.
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\55CWO7QF\flextag[1].htm not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\55CWO7QF\GFXHasherVerification[1].htm not found!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\55CWO7QF\home[1].html moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\55CWO7QF\light[1].eot moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\55CWO7QF\outlook[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\55CWO7QF\swe-iframe[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\55CWO7QF\tracking-iframe[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\55CWO7QF\xmlProxy[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\55CWO7QF\xmlProxy[2].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\55CWO7QF\xmlProxy[3].htm moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

[dmcneil35]

Results of screen317's Security Check version 0.99.78
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Bitdefender Total Security
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 45
Adobe Flash Player 11.8.800.168
Adobe Reader XI
Mozilla Firefox (26.0)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Bitdefender Bitdefender vsserv.exe
Bitdefender Bitdefender updatesrv.exe
Bitdefender Bitdefender SafeBox safeboxservice.exe
Bitdefender Bitdefender bdagent.exe
Bitdefender Bitdefender pmbxag.exe
Bitdefender Bitdefender bdapppassmgr.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 0%
````````````````````End of Log``````````````````````

 

[dmcneil35]

Results of screen317's Security Check version 0.99.78
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Bitdefender Total Security
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 45
Adobe Flash Player 11.8.800.168
Adobe Reader XI
Mozilla Firefox (26.0)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Bitdefender Bitdefender vsserv.exe
Bitdefender Bitdefender updatesrv.exe
Bitdefender Bitdefender SafeBox safeboxservice.exe
Bitdefender Bitdefender bdagent.exe
Bitdefender Bitdefender pmbxag.exe
Bitdefender Bitdefender bdapppassmgr.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 0%
````````````````````End of Log``````````````````````

 

[dmcneil35]

Oops. farbar this time...

Farbar Service Scanner Version: 08-01-2014
Ran by HP_Administrator (administrator) on 10-01-2014 at 09:43:05
Running from "C:\Documents and Settings\HP_Administrator\My Documents\Downloads"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
bdftdif(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0700000004000000030000000900000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

 

[dmcneil35]

Ran TFP and it got hung up trying to close applications - I think firefox. computer froze and I couldn't close programs (firefix or TFP). control alt delete non responsive. I turned off the computer at the switch, rebooted and reran TFP, this time with no applications open. at time of writing it hung up again "stopping running processes". I have just left it.

I will await further instruction and post if it get's itself unstuck