Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

TR/Crypt.XPACK.Gen8 and maybe some others problems. [Solved]

Started by SunnySeven , Dec 08 2013 04:00 PM

  • This topic is locked This topic is locked

#1
SunnySeven
Posted 08 December 2013 - 04:00 PM

SunnySeven

    Member

  • Member
  • PipPip
  • 47 posts
Hello, I've been having trouble getting rid of TR/Crypt.XPACK.Gen8. I have already read another topic on this fourms here on the same similar problem but, I wasn't sure if the same method will work on my computer.

To sum up my problems, Avira keeps detecting that TR/Crypt.XPACK.Gen8 is in my C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP626\A0145895.dll everytime I go idle(I don't use a screensavor or anything). I've already done a full scan with avria and doesn't find anything. I've also tried malwarebytes and it would always find 2 trojans in C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP628\A0147511.exe and the another with A0147512 and a bunch of PUP.Optional that both keeps coming back. I also tried RogueKiller and no luck.

So pretty much I just wanna know if I should just follow the instructions in the link I posted. Heres my OTL logs:



OTL logfile created on: 12/8/2013 3:16:28 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.49 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 75.55% Memory free
6.07 Gb Paging File | 5.50 Gb Available in Paging File | 90.70% Paging File free
Paging file location(s): C:\pagefile.sys 3820 7640 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.30 Gb Total Space | 61.73 Gb Free Space | 34.62% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 1.43 Gb Free Space | 17.82% Space Free | Partition Type: FAT32

Computer Name: BAM | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\HP_Administrator\My Documents\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Codebox\BitMeterOS\BitMeterCaptureService.exe ()
PRC - C:\Program Files\Codebox\BitMeterOS\BitMeterWebService.exe ()
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\BellSouth\HelpCenter40b\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe (BellSouth)
PRC - C:\Program Files\BellSouthWCC\McciTrayApp.exe (Motive Communications, Inc.)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)
PRC - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe (Hewlett-Packard)
PRC - C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Program Files\Codebox\BitMeterOS\BitMeterCaptureService.exe ()
MOD - C:\Program Files\Codebox\BitMeterOS\BitMeterWebService.exe ()
MOD - C:\WINDOWS\system32\sqlite3.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\bwfiles.dll ()
MOD - C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\FrExt.dll ()
MOD - C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\clntutil.dll ()
MOD - C:\Program Files\Updates from HP\309731\Program\frext-309731.dll ()
MOD - C:\Program Files\Updates from HP\309731\Program\BWfiles-309731.dll ()
MOD - C:\Program Files\Updates from HP\309731\Program\HPClientExt.dll ()
MOD - c:\Program Files\HP\Digital Imaging\bin\HpqUtil.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()


========== Services (SafeList) ==========

SRV - (yhfixnoho) -- C:\WINDOWS\system32\cwlfb.dll File not found
SRV - (kfkya) -- C:\WINDOWS\system32\cwlfb.dll File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (awkxzbde) -- C:\WINDOWS\system32\cwlfb.dll File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (BitMeterCaptureService) -- C:\Program Files\Codebox\BitMeterOS\BitMeterCaptureService.exe ()
SRV - (BitMeterWebService) -- C:\Program Files\Codebox\BitMeterOS\BitMeterWebService.exe ()
SRV - (npggsvc) -- C:\WINDOWS\system32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (XDva405) -- C:\WINDOWS\system32\XDva405.sys File not found
DRV - (XDva402) -- C:\WINDOWS\system32\XDva402.sys File not found
DRV - (XDva401) -- C:\WINDOWS\system32\XDva401.sys File not found
DRV - (XDva399) -- C:\WINDOWS\system32\XDva399.sys File not found
DRV - (XDva398) -- C:\WINDOWS\system32\XDva398.sys File not found
DRV - (XDva351) -- C:\WINDOWS\system32\XDva351.sys File not found
DRV - (XDva288) -- C:\WINDOWS\system32\XDva288.sys File not found
DRV - (XDva279) -- C:\WINDOWS\system32\XDva279.sys File not found
DRV - (XDva275) -- C:\WINDOWS\system32\XDva275.sys File not found
DRV - (XDva190) -- C:\WINDOWS\system32\XDva190.sys File not found
DRV - (XDva164) -- C:\WINDOWS\system32\XDva164.sys File not found
DRV - (XDva090) -- C:\WINDOWS\system32\XDva090.sys File not found
DRV - (WDICA) -- File not found
DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (VMnetAdapter) -- system32\DRIVERS\vmnetadapter.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (npkcrypt) -- C:\Nexon\MapleStory\npkcrypt.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (EagleXNt) -- C:\WINDOWS\system32\drivers\EagleXNt.sys File not found
DRV - (EagleNT) -- C:\WINDOWS\system32\drivers\EagleNT.sys File not found
DRV - (Changer) -- File not found
DRV - (an4cvl40) -- File not found
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Almico Software)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (PcdrNdisuio) -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys (Windows ® 2000 DDK provider)
DRV - (NPPTNT2) -- C:\WINDOWS\system32\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (MRENDIS5) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
DRV - (MREMPR5) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider)
DRV - (fasttx2k) -- C:\WINDOWS\system32\drivers\Fasttx2k.sys (Promise Technology, Inc.)
DRV - (m4301a) -- C:\WINDOWS\system32\drivers\m4301A.sys (ALinx Corporation)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (USBIO) -- C:\WINDOWS\system32\drivers\usbio.sys (Thesycon GmbH, Germany)
DRV - (dsreader) -- C:\WINDOWS\system32\drivers\dsreader.sys (Thesycon GmbH, Germany)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...arm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...arm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...arm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...arm1=seconduser
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...arm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...arm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...arm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...arm1=seconduser
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...lion&pf=desktop
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...lion&pf=desktop
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\SearchScopes\{07CDF6CF-81A3-473E-A44B-C85FE997E245}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.c...rms}&tbid=60327
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\SearchScopes\{546216CA-FCE2-4483-8CD9-D99C3AB0319E}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-se...q={searchTerms}
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3072253
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://forecast.weat... AL 36869, USA"
FF - prefs.js..extensions.enabledAddons: exportcookies%40aag:1.2
FF - prefs.js..extensions.enabledAddons: translator%40zoli.bod:2.1.0.3
FF - prefs.js..extensions.enabledAddons: %7B600452e8-6851-46db-80fd-fa571b2deaa7%7D:0.7
FF - prefs.js..extensions.enabledAddons: bossknb%40ttt-jl.blogspot.com:3.0
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7B54BB9F3F-07E5-486c-9B39-C7398B99391C%7D:4.1.2013040601
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.2.1
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: %7B4176DFF4-4698-11DE-BEEB-45DA55D89593%7D:0.8.38
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.12
FF - prefs.js..extensions.enabledAddons: %7BFF2FA6A4-B3B1-11DD-B910-6C9A55D89593%7D:0.51
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.8.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: ""
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll (Veoh Networks Inc)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\HP_Administrator\Application Data\nprhapengine.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/11/15 16:08:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/11/15 16:08:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\VideoFinder4 [2008/04/07 20:12:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2009/07/25 15:41:54 | 000,000,000 | ---D | M]

[2008/06/20 23:52:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2013/12/05 02:05:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions
[2013/08/27 13:29:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/10/20 14:03:16 | 000,000,000 | ---D | M] (Bazzacuda Image Saver Plus) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\{FF2FA6A4-B3B1-11DD-B910-6C9A55D89593}
[2013/05/21 02:12:40 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\[email protected]
[2013/02/02 05:57:04 | 000,011,503 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\[email protected]
[2012/11/01 20:12:19 | 000,002,060 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\[email protected]
[2013/10/03 23:05:51 | 000,026,163 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\[email protected]
[2012/10/27 02:18:47 | 000,060,290 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\[email protected]
[2013/09/11 05:48:36 | 000,222,585 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi
[2013/04/13 19:36:40 | 000,307,011 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi
[2011/10/14 10:54:06 | 000,012,128 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\{600452e8-6851-46db-80fd-fa571b2deaa7}.xpi
[2013/12/05 02:05:03 | 000,535,138 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/06/24 12:11:13 | 000,005,490 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\{ab4b5718-3998-4a2c-91ae-18a7c2db513e}.xpi
[2013/10/09 23:05:55 | 000,915,554 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/04/04 04:15:44 | 000,714,654 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/10/01 06:02:25 | 000,282,570 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/05/28 15:04:37 | 000,002,552 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\searchplugins\aol-search.xml
[2009/11/11 12:38:47 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\searchplugins\daemon-search.xml
[2013/11/15 16:08:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/11/15 16:08:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/11/15 16:08:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/11/15 16:08:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/11/15 16:08:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/15 16:08:45 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/12/07 09:18:02 | 000,000,741 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {3049C3E9-B461-)Please wait scanning download directoriesCHINE - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll (Conduit Ltd.)
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\Toolbar\ShellBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files\uTorrentControl2\prxtbuTo2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BellSouthAlertManager.exe] C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe (BellSouth)
O4 - HKLM..\Run: [BellSouthWCC_McciTrayApp] C:\Program Files\BellSouthWCC\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [HelpCenter4.1] C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008..\Run: [] File not found
O4 - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = B1 00 00 00 [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = B1 00 00 00 [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O8 - Extra context menu item: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopet...v/GoPetsWeb.cab (GoPetsWeb Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4F10B1A-FB37-460E-AE80-48CD901D475C}: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9674092-538B-4B3A-98C7-144EF052819F}: DhcpNameServer = 192.168.1.254 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\MY DOCUMENTS\PROCESSEXPLORER\PROCEXP.EXE (Sysinternals - www.sysinternals.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/28 09:57:44 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 23:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{489d45bb-311d-11e1-94d1-000f66ef5b22}\Shell\AutoRun\command - "" = M:\setupSNK.exe
O33 - MountPoints2\{a6916568-31c7-11e1-94d2-000f66ef5b22}\Shell\AutoRun\command - "" = L:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/06 23:36:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\tdsskiller
[2013/12/06 23:31:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\OTL.exe
[2013/12/06 23:22:58 | 000,398,752 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\HP_Administrator\My Documents\unhide.exe
[2013/12/06 21:34:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\RK_Quarantine
[2013/12/05 01:54:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Recent
[2013/11/29 22:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Python 2.2
[2013/11/29 17:07:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\MultiBit
[2013/11/29 17:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\MultiBit-0.5.15
[2013/11/29 17:06:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MultiBit
[2013/11/15 16:08:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2006/09/24 20:01:22 | 000,014,336 | ---- | C] (Valhalla Legends) -- C:\Program Files\DxWnd.exe
[2006/09/24 20:01:18 | 000,041,472 | ---- | C] (Valhalla Legends) -- C:\Program Files\Standard.dxw
[2006/09/24 20:01:16 | 000,012,288 | ---- | C] (Valhalla Legends) -- C:\Program Files\IpBind.dxw
[2006/09/24 20:01:14 | 000,041,984 | ---- | C] (Valhalla Legends) -- C:\Program Files\DxWndSrv.dll
[2004/02/10 22:59:12 | 000,026,624 | ---- | C] (Valhalla Legends) -- C:\Program Files\ScWnd.hdl
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/08 15:21:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/08 15:21:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/08 15:12:13 | 000,000,189 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2013/12/08 15:06:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/08 15:06:05 | 2675,298,304 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/07 06:49:48 | 000,000,026 | ---- | M] () -- C:\WINDOWS\ExplorerXP.INI
[2013/12/07 02:50:21 | 000,140,288 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/12/06 23:31:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\OTL.exe
[2013/12/06 23:22:55 | 000,398,752 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\HP_Administrator\My Documents\unhide.exe
[2013/12/06 21:33:38 | 003,580,416 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\RogueKiller.exe
[2013/12/05 14:41:04 | 000,090,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013/12/05 01:21:47 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/12/03 14:55:51 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/29 17:06:59 | 000,001,451 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MultiBit 0.5.15.lnk
[2013/11/29 17:05:42 | 009,265,368 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\multibit-0.5.15-windows-setup.exe
[2013/11/26 01:16:21 | 000,137,208 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013/11/26 01:16:21 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/06 21:33:28 | 003,580,416 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\RogueKiller.exe
[2013/12/01 15:16:47 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/01 15:16:46 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/29 17:06:59 | 000,001,451 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MultiBit 0.5.15.lnk
[2013/11/29 17:04:03 | 009,265,368 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\multibit-0.5.15-windows-setup.exe
[2013/09/10 23:42:18 | 000,000,754 | ---- | C] () -- C:\WINDOWS\wordpad.INI
[2013/05/17 02:12:18 | 000,125,440 | ---- | C] () -- C:\WINDOWS\System32\lua5.1a.dll
[2013/04/14 05:15:47 | 000,205,064 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/12/11 09:22:22 | 000,000,101 | ---- | C] () -- C:\WINDOWS\System32\ud-boot-time.ini
[2011/01/07 16:23:58 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PnkBstrK.sys
[2008/11/11 22:57:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\~gep2~
[2007/10/22 16:48:52 | 000,140,288 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/21 04:59:10 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2006/09/24 20:01:20 | 000,007,168 | ---- | C] () -- C:\Program Files\Starcraft.dxw

========== ZeroAccess Check ==========

[2005/01/28 04:37:18 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/03/02 18:04:03 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2005/04/28 09:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterMute
[2005/04/28 09:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2007/10/21 15:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BellSouth
[2013/12/08 15:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitMeterOS
[2009/11/11 12:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/11/11 13:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2013/05/28 15:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2010/10/24 01:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2012/03/16 22:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2013/05/28 15:03:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\StarApp
[2008/08/06 22:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/08/21 20:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia
[2007/11/16 22:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/04/04 22:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/23 23:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/13 13:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/12 01:45:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2005/04/28 09:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterMute
[2005/04/28 09:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 498 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF

< End of report >
  • 0

Advertisements

#2
Valinorum
Posted 08 December 2013 - 11:33 PM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Hi SunnySeven, :)

:welcome:

My name is Valinorum and I will be your helper today. Before we proceed, please, acknowledge yourself the following(s):

  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Privet Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.

Note: Please, bare in mind that I am still a trainee and my replies need to be reviewed by my teachers before I post them to you which requires time as both teachers and helpers are volunteers here. Take it as a good thing because now you have two people examining your problem. I really hope that we will be able to send you home with a smile on your face. :)

 

Can you post the Extras.txt log generated by OTL.exe on its first run. It is located in the same place with OTL.exe.

Regards,
Valinorum
  • 0

#3
SunnySeven
Posted 08 December 2013 - 11:48 PM

SunnySeven

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Hello, here ya go:

OTL Extras logfile created on: 12/7/2013 11:58:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.49 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 77.68% Memory free
6.07 Gb Paging File | 5.45 Gb Available in Paging File | 89.75% Paging File free
Paging file location(s): C:\pagefile.sys 3820 7640 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.30 Gb Total Space | 61.90 Gb Free Space | 34.72% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 1.43 Gb Free Space | 17.82% Space Free | Partition Type: FAT32

Computer Name: BAM | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"57181:TCP" = 57181:TCP:*:Enabled:Pando Media Booster
"57181:UDP" = 57181:UDP:*:Enabled:Pando Media Booster
"58236:TCP" = 58236:TCP:*:Enabled:Pando Media Booster
"58236:UDP" = 58236:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"1494:TCP" = 1494:TCP:*:Enabled:cviwn
"57181:TCP" = 57181:TCP:*:Enabled:Pando Media Booster
"57181:UDP" = 57181:UDP:*:Enabled:Pando Media Booster
"58236:TCP" = 58236:TCP:*:Enabled:Pando Media Booster
"58236:UDP" = 58236:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion -- (Hewlett-Packard)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- (Veoh Networks)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
"C:\Program Files\Wonderland Online\Main.exe" = C:\Program Files\Wonderland Online\Main.exe:*:Enabled:Main
"C:\Program Files\Codemasters\RF Online;\RF.exe" = C:\Program Files\Codemasters\RF Online;\RF.exe:*:Enabled:RFLauncher
"C:\Ntreev\Grand Chase\main.exe" = C:\Ntreev\Grand Chase\main.exe:*:Enabled:GrandChase
"C:\Program Files\RFP\RF Online\RF.exe" = C:\Program Files\RFP\RF Online\RF.exe:*:Enabled:RFLauncher
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Ntreev USA\Grand Chase\main.exe" = C:\Ntreev USA\Grand Chase\main.exe:*:Enabled:GrandChase
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\SG Interactive\Grand Chase\main.exe" = C:\SG Interactive\Grand Chase\main.exe:*:Enabled:GrandChase
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Documents and Settings\HP_Administrator\My Documents\cspspserver-1.51-gshi\CSPSPServer\CSPSPServer.exe" = C:\Documents and Settings\HP_Administrator\My Documents\cspspserver-1.51-gshi\CSPSPServer\CSPSPServer.exe:*:Disabled:CSPSPServer
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Documents and Settings\HP_Administrator\My Documents\DeSmuMe v.0.9.7 x86-x32 WIFI Capability WinPcap v.4.1.2\DeSmuMe v.0.9.7 x86-x32 WIFI Capability WinPcap v.4.1.2\DeSmuME_VS2008.exe" = C:\Documents and Settings\HP_Administrator\My Documents\DeSmuMe v.0.9.7 x86-x32 WIFI Capability WinPcap v.4.1.2\DeSmuMe v.0.9.7 x86-x32 WIFI Capability WinPcap v.4.1.2\DeSmuME_VS2008.exe:*:Enabled:DeSmuME_VS2008
"C:\WINDOWS\system32\msiexec.exe" = C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup -- (Microsoft Corporation)
"C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe" = C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe:*:Enabled:SweetPacksUpdateManager
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\qBittorrent\qbittorrent.exe" = C:\Program Files\qBittorrent\qbittorrent.exe:*:Enabled:qBittorrent -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{022E2D1B-439D-4AA6-B74E-F644A425CF48}" = iPictDB Windows Live Gallery Plugin
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0E484A60-A429-49A8-982C-D6475F1E80A9}" = HPIZplus450
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{19C989C4-50AE-43A4-B06E-8C70FFFF852F}" = PC-Doctor for Windows
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B343C8C-F170-4829-8481-E163317C5830}" = iTunes
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24FBE9FC-6C0E-4221-AE41-55A40BEFE93F}" = CameraDrivers
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 37
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28CFF19D-B92C-4109-A427-F75505E81688}" = cp_dwSharkTaleAlbums1
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32498B7B-E1F3-4ad5-A23B-F26414E94BE0}" = HP Image Zone Plus 4.8.6
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{36FCD82D-1CED-436d-B33C-874EEC666D68}" = cp_dwSharkTaleCards1
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F9FB449-93DB-4C47-BB5B-7334C4D1736E}" = SD Formatter
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47FBF7F9-FBD3-43EF-823B-7684D56C1962}" = Tabbed Browsing (Windows Live Toolbar)
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar)
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}" = Form Fill (Windows Live Toolbar)
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{55508A44-8225-47AB-9666-1F57A5B5CE2E}" = CP_PLSBusinessFlyers
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{6512B303-F989-4C13-B9F6-A99989E4ED54}" = HP Tunes
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66A7A386-6F35-41A7-A731-101F0C0153C8}" = Popup Blocker (Windows Live Toolbar)
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A62A068-3FD6-495A-9F66-26FE94F32EC9}" = Rhapsody Player Engine
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8D0C57BC-4942-4960-BB6D-142456D6F233}" = HP Image Zone for Media Center PC
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support 4.0
"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{ABA2B37F-AB88-486e-870A-52454A23FEE0}" = HP Photosmart Cameras 4.5
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBACCC0D-7B8B-4C3E-AA96-B6C64DCF19BB}" = LS_HSI
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D8E4A88B-E35A-4F3B-AB60-42E7DB0EC765}" = muvee autoProducer unPlugged - HPD
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic VX
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FC10C922-52E9-4739-ACD0-EB0FF035EE7E}" = muvee autoProducer 4.0
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"“Œ•û’n—ì“a_is1" = “Œ•û’n—ì“a ver 1.00a
"“Œ•û‹Pjé_is1" = “Œ•û‹Pjé ver 1.00a
"0C84A7C5-2762-4932-96BF-44A77202DCC3" = Blasterball 2 Remix from HP Media Center (remove only)
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"1B497FAA-E53E-420D-8408-FFDD3278CD50" = Blasterball 2 Holidays from HP Media Center (remove only)
"1FFA88DF-0AC3-4D9E-9139-5FF98813C12C" = Polar Bowler from HP Media Center (remove only)
"31D6EDEF-1926-4267-A24E-077BFB360F72" = Final Drive Nitro from HP Media Center (remove only)
"3D61540E-C88C-4358-B6A1-DC26648F2A3D" = Crystal Maze from HP Media Center (remove only)
"4C838121-69EC-424A-8FB0-91C15306A758" = Phoenix Assault from HP Media Center (remove only)
"5513-1208-7298-9440" = JDownloader 0.9
"55275778-F7D9-4BA0-95F4-DEFD71ADDFD9" = Polar Golfer from HP Media Center (remove only)
"5DAA9E44-1B31-41CD-88A8-228EDED6E36E" = Bounce Symphony from HP Media Center (remove only)
"600C800C-5985-4E74-AFE7-571001AC3FA4" = Slyder from HP Media Center (remove only)
"758619C0-7C97-42BB-B1E9-775F72FDAD1E" = Blackhawk Striker 2 from HP Media Center (remove only)
"7-Zip" = 7-Zip 9.20
"87D46C3F73EF6B7F5CD27D922EEE14783E1AD3BF" = Windows Driver Package - Sony PSP Type B (11/20/2005 20051120)
"9844050E-4CA4-4901-A53D-A5D14C63789B" = Lexibox Deluxe from HP Media Center (remove only)
"A8B63E91-BB8C-41FF-B530-5BB13C915612" = Overball from HP Media Center (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"ASIO4ALL" = ASIO4ALL
"ATT-PRT22" = ATT-PRT22
"Avira AntiVir Desktop" = Avira Free Antivirus
"B2AA88B1-4920-462B-9F7C-019782B3C4DB" = Shooting Stars Pool from HP Media Center (remove only)
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"B3FF79F4-CDA8-4845-A7C0-9CE017719F36" = Tradewinds from HP Media Center (remove only)
"BackWeb-309731 Uninstaller" = Updates from HP
"BellSouth Application Management" = BellSouth Application Management
"BellSouth Wireless Connection Tool" = BellSouth Wireless Connection Tool
"BellsouthHelpCenter4.0b_is1" = FastAccess® DSL Help Center 4.1
"BitMeterOS" = BitMeter OS
"blstoolbar" = AT&T Toolbar
"CCleaner" = CCleaner
"Collab" = Collab
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"D2DACBCD-E1FE-4C32-A49B-1EB0743D1E79" = Blasterball 2 from HP Media Center (remove only)
"DivX Setup.divx.com" = DivX Setup
"ExplorerXP" = ExplorerXP (remove only)
"FLV Player" = FLV Player 2.0 (build 25)
"Free FLV Converter_is1" = Free FLV Converter V 6.93.0
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"GNU Aspell_is1" = GNU Aspell 0.50-3
"Granado Espada Online_is1" = Granado Espada Online
"GTK 2.0" = GTK+ Runtime 2.12.8 rev a (remove only)
"Help and Support Additions" = Help and Support Additions
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.8.6
"ie8" = Windows Internet Explorer 8
"IL Download Manager" = IL Download Manager
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{19C989C4-50AE-43A4-B06E-8C70FFFF852F}" = PC-Doctor for Windows
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.7.0 (Full)
"LG USB Drivers" = LG USB Drivers
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Money" = Remove Microsoft Money 2005 installer
"Mozilla Firefox 25.0.1 (x86 en-US)" = Mozilla Firefox 25.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSNINST" = MSN
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"MultiBit 0.5.15" = MultiBit 0.5.15
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"NVIDIA Drivers" = NVIDIA Drivers
"PS2" = PS2
"PunkBusterSvc" = PunkBuster Services
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"qbittorrent" = qBittorrent 3.0.9
"Quicken_NUE" = Remove Quicken New User Edition installer
"QuickPar" = QuickPar 0.9
"RadialpointClientGateway_is1" = BellSouth Internet Security - Alert Manager 1.5.11
"RealPlayer 12.0" = RealPlayer
"SMPlayer" = SMPlayer 0.8.6.0
"Softonic-Eng7 Toolbar" = Softonic-Eng7 Toolbar
"SoftwareUpdUtility" = Download Updater (AOL Inc.)
"SP_09b71135" = ContinueToSave 1.74
"Speccy" = Speccy
"SpeedFan" = SpeedFan (remove only)
"StreetPlugin" = Learn2 Player (Uninstall Only)
"TuneUpMedia" = TuneUp 2.4.6.4
"UltraDefrag" = Ultra Defragmenter
"uTorrentControl2 Toolbar" = uTorrentControl2 Toolbar
"Veoh Web Player Beta" = Veoh Web Player
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 2.0.1
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"Wisdom-soft ScreenHunter 5.0 Free" = Wisdom-soft ScreenHunter 5.0 Free

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2436671033-2409518306-1194941226-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"JScreenFix deluxe" = JScreenFix deluxe
"TeamSpeak 3 Client" = TeamSpeak 3 Client

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/6/2013 5:01:52 AM | Computer Name = BAM | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80070015 (converted
to 0x800423f3).

Error - 12/6/2013 5:06:16 AM | Computer Name = BAM | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x800708ca (converted
to 0x800423f4).

Error - 12/6/2013 5:09:19 AM | Computer Name = BAM | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80070015 (converted
to 0x800423f3).

Error - 12/6/2013 5:21:38 AM | Computer Name = BAM | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80070015 (converted
to 0x800423f3).

Error - 12/6/2013 5:26:52 AM | Computer Name = BAM | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80070015 (converted
to 0x800423f3).

Error - 12/6/2013 5:34:42 AM | Computer Name = BAM | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80070015 (converted
to 0x800423f3).

Error - 12/6/2013 5:42:46 AM | Computer Name = BAM | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80070015 (converted
to 0x800423f3).

Error - 12/6/2013 5:55:33 AM | Computer Name = BAM | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80070015 (converted
to 0x800423f3).

Error - 12/6/2013 6:29:49 AM | Computer Name = BAM | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80070015 (converted
to 0x800423f3).

Error - 12/6/2013 6:46:51 AM | Computer Name = BAM | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80070015 (converted
to 0x800423f3).

[ System Events ]
Error - 12/6/2013 5:51:39 PM | Computer Name = BAM | Source = DCOM | ID = 10010
Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
with DCOM within the required timeout.

Error - 12/6/2013 5:53:39 PM | Computer Name = BAM | Source = DCOM | ID = 10010
Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
with DCOM within the required timeout.

Error - 12/7/2013 1:54:48 PM | Computer Name = BAM | Source = m4301a | ID = 1
Description =

Error - 12/7/2013 1:54:54 PM | Computer Name = BAM | Source = m4301a | ID = 1
Description =

Error - 12/7/2013 1:55:09 PM | Computer Name = BAM | Source = m4301a | ID = 1
Description =

Error - 12/7/2013 3:59:26 PM | Computer Name = BAM | Source = Service Control Manager | ID = 7023
Description = The Shell Center service terminated with the following error: %%126

Error - 12/7/2013 3:59:26 PM | Computer Name = BAM | Source = Service Control Manager | ID = 7023
Description = The Boot Server service terminated with the following error: %%126

Error - 12/7/2013 3:59:26 PM | Computer Name = BAM | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%2

Error - 12/7/2013 3:59:26 PM | Computer Name = BAM | Source = Service Control Manager | ID = 7023
Description = The Security System service terminated with the following error: %%126

Error - 12/7/2013 4:01:42 PM | Computer Name = BAM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}


< End of report >
  • 0

#4
Valinorum
Posted 10 December 2013 - 01:08 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Hi SunnySeven, :)

PunkBuster Advice:

There are some issues with infections in relation to PunkBuster...

Your computer has installed gaming tools. Some of these, like Punkbuster, use spyware techniques to engage in the anti-piracy battle.
In the process, they take control of much of your PC, and they actually meet the definition of spyware/malware.
They are sometimes designed to prevent orderly removal or modification, and they have only limited respect for retaining the overall security and integrity of your machine.

My advice would be to download the removal tool from here. Use this to uninstall PunkBuster Services. Then when I give the all clear use it again to reinstall PunkBuster Services if you so wish.

  • Step #1 Uninstall Programs
    I want you to uninstall the following program(s) listed below due to poor reputation we receive about them. To uninstall a program, go to Start > Control Panel > Uninstall a program or Start > Control Panel > Programs and Features. Wait for the list to fill up and double-click on the items I have listed below and follow the on-screen instruction to remove/uninstall them.
  • uTorrentControl2 Toolbar
  • Softonic-Eng7 Toolbar
  • Download Updater (AOL Inc.)
  • qBittorrent 3.0.9
  • Œ•û‹Pjé ver 1.00a

 

  • Step #2 Fix with AdwCleaner
    Download : ADWCleaner to your desktop.

    NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

    Close all programs and click on the AdwCleaner icon.

    Posted Image

    Click on Scan and follow the prompts. Let it run unhindered. You will then be presented with the report. Copy & Paste this report on your next reply.

    The report will be saved in the C:\AdwCleaner folder. as AdwCleaner[R0].txt

 

  • Step #3 Scan with OTL
  • Re-run OTL;
  • Copy and Paste the following code inside the Custom Scans/Fixes box;
    netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT
  • Click the Quick Scan button;
  • After the scan two logs will be produced;
  • Copy and paste the content of the logs in your next reply

 

  • Required Log(s):
  • AdwCleaner Log;
  • OTL.txt

Regards,
Valinorum
  • 0

#5
SunnySeven
Posted 10 December 2013 - 01:46 AM

SunnySeven

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Here's the AdwCleaner Log:


# AdwCleaner v3.014 - Report created 10/12/2013 at 02:24:29
# Updated 01/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : HP_Administrator - BAM
# Running from : C:\Documents and Settings\HP_Administrator\My Documents\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\searchplugins\daemon-search.xml
File Found : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\user.js
Folder Found C:\Documents and Settings\All Users\Application Data\StarApp
Folder Found C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Found C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\Conduit
Folder Found C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\ConduitEngine
Folder Found C:\Documents and Settings\HP_Administrator\Application Data\PriceGong
Folder Found C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Conduit
Folder Found C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\PackageAware
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\continuetosave
Folder Found C:\Program Files\Search Settings
Folder Found C:\Program Files\Viewpoint

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF0118D4-63FF-4138-9327-F3028FB1A578}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\PriceGong
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BF0118D4-63FF-4138-9327-F3028FB1A578}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2405280
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{5F05C28D-DEA9-4AD6-A73A-064175988EAB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{9DDD0B95-1F3E-453E-9F12-EACB0DD6B6CF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C878CD69-85DB-426B-81A3-E71175AAEB91}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{DA64E459-FBF3-4A9C-A3E8-FD0240C4E611}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\CToolbar_UNINSTALL
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_09b71135
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\SP Global
Key Found : HKLM\Software\SProtector
Key Found : HKLM\Software\Uniblue
Key Found : HKLM\Software\Viewpoint
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\nzolvhbi.default\prefs.js ]

Line Found : user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03,{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05,{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07,[email protected]:1.3[...]

[ File : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\prefs.js ]

Line Found : user_pref("CT2405280.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Found : user_pref("CT2405280.CTID", "CT2405280");
Line Found : user_pref("CT2405280.CurrentServerDate", "19-8-2010");
Line Found : user_pref("CT2405280.DialogsAlignMode", "LTR");
Line Found : user_pref("CT2405280.DownloadReferralCookieData", "");
Line Found : user_pref("CT2405280.EMailNotifierPollDate", "Wed Aug 18 2010 22:12:26 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedLastCount1783261708582779529", 1477);
Line Found : user_pref("CT2405280.FeedPollDate129255180392415092", "Wed Aug 18 2010 20:47:25 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392415098", "Wed Aug 18 2010 20:47:25 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392415104", "Wed Aug 18 2010 20:47:25 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392415110", "Wed Aug 18 2010 20:47:25 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392415116", "Wed Aug 18 2010 20:47:25 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392415122", "Wed Aug 18 2010 20:47:25 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392571378", "Wed Aug 18 2010 20:47:25 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392571384", "Wed Aug 18 2010 20:47:25 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392571390", "Wed Aug 18 2010 20:47:26 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392571396", "Wed Aug 18 2010 20:47:26 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392571402", "Wed Aug 18 2010 20:47:26 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392571408", "Wed Aug 18 2010 20:47:26 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392571414", "Wed Aug 18 2010 20:47:26 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392571420", "Wed Aug 18 2010 20:47:30 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392571426", "Wed Aug 18 2010 20:47:30 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392571432", "Wed Aug 18 2010 20:47:30 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392571438", "Wed Aug 18 2010 20:47:30 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392571444", "Wed Aug 18 2010 20:47:30 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392727700", "Wed Aug 18 2010 20:47:30 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392727706", "Wed Aug 18 2010 20:47:30 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392727712", "Wed Aug 18 2010 20:47:30 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392727718", "Wed Aug 18 2010 20:47:30 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392727724", "Wed Aug 18 2010 20:47:30 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392727730", "Wed Aug 18 2010 20:47:30 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392727736", "Wed Aug 18 2010 20:47:30 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392727742", "Wed Aug 18 2010 20:47:30 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392727748", "Wed Aug 18 2010 20:47:30 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392727754", "Wed Aug 18 2010 20:47:30 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392727760", "Wed Aug 18 2010 03:33:45 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392727766", "Wed Aug 18 2010 20:47:30 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392727772", "Wed Aug 18 2010 20:47:31 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392727778", "Wed Aug 18 2010 20:47:31 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392727784", "Wed Aug 18 2010 20:47:31 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392727790", "Wed Aug 18 2010 20:47:31 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392727796", "Wed Aug 18 2010 20:47:31 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392727802", "Wed Aug 18 2010 20:47:31 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392727808", "Wed Aug 18 2010 03:33:46 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392727814", "Wed Aug 18 2010 20:47:31 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392727820", "Wed Aug 18 2010 21:47:28 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392727826", "Wed Aug 18 2010 20:47:31 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392727832", "Wed Aug 18 2010 20:47:33 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392727838", "Wed Aug 18 2010 20:47:33 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392727844", "Wed Aug 18 2010 20:47:33 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392727850", "Wed Aug 18 2010 20:47:33 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392727856", "Wed Aug 18 2010 20:47:33 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392727862", "Wed Aug 18 2010 20:47:33 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392727868", "Wed Aug 18 2010 20:47:33 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392727874", "Wed Aug 18 2010 20:47:33 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392727880", "Wed Aug 18 2010 20:47:31 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392727886", "Wed Aug 18 2010 20:47:31 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392727892", "Wed Aug 18 2010 20:47:31 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedPollDate129255180392727898", "Wed Aug 18 2010 20:47:34 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.FeedTTL129255180392415104", 15);
Line Found : user_pref("CT2405280.FeedTTL129255180392415116", 60);
Line Found : user_pref("CT2405280.FeedTTL129255180392571420", 60);
Line Found : user_pref("CT2405280.FeedTTL129255180392571426", 15);
Line Found : user_pref("CT2405280.FeedTTL129255180392571432", 2);
Line Found : user_pref("CT2405280.FeedTTL129255180392571438", 15);
Line Found : user_pref("CT2405280.FeedTTL129255180392727700", 30);
Line Found : user_pref("CT2405280.FeedTTL129255180392727706", 5);
Line Found : user_pref("CT2405280.FeedTTL129255180392727712", 5);
Line Found : user_pref("CT2405280.FeedTTL129255180392727724", 5);
Line Found : user_pref("CT2405280.FeedTTL129255180392727736", 30);
Line Found : user_pref("CT2405280.FeedTTL129255180392727742", 30);
Line Found : user_pref("CT2405280.FeedTTL129255180392727766", 15);
Line Found : user_pref("CT2405280.FeedTTL129255180392727778", 15);
Line Found : user_pref("CT2405280.FeedTTL129255180392727784", 15);
Line Found : user_pref("CT2405280.FeedTTL129255180392727790", 15);
Line Found : user_pref("CT2405280.FeedTTL129255180392727808", 1440);
Line Found : user_pref("CT2405280.FeedTTL129255180392727838", 10);
Line Found : user_pref("CT2405280.FeedTTL129255180392727856", 5);
Line Found : user_pref("CT2405280.FirstServerDate", "18-8-2010");
Line Found : user_pref("CT2405280.FirstTime", true);
Line Found : user_pref("CT2405280.FirstTimeFF3", true);
Line Found : user_pref("CT2405280.FirstTimeSettingsDone", true);
Line Found : user_pref("CT2405280.FixPageNotFoundErrors", true);
Line Found : user_pref("CT2405280.GroupingServerCheckInterval", 1440);
Line Found : user_pref("CT2405280.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Found : user_pref("CT2405280.Initialize", true);
Line Found : user_pref("CT2405280.InitializeCommonPrefs", true);
Line Found : user_pref("CT2405280.InstallationAndCookieDataSentCount", 3);
Line Found : user_pref("CT2405280.InstallationType", "UnknownIntegration");
Line Found : user_pref("CT2405280.InstalledDate", "Wed Aug 18 2010 03:33:42 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.InvalidateCache", false);
Line Found : user_pref("CT2405280.IsGrouping", false);
Line Found : user_pref("CT2405280.IsMulticommunity", false);
Line Found : user_pref("CT2405280.IsOpenThankYouPage", false);
Line Found : user_pref("CT2405280.IsOpenUninstallPage", true);
Line Found : user_pref("CT2405280.LanguagePackLastCheckTime", "Wed Aug 18 2010 03:33:45 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.LanguagePackReloadIntervalMM", 1440);
Line Found : user_pref("CT2405280.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Found : user_pref("CT2405280.LastLogin_2.7.1.3", "Wed Aug 18 2010 20:47:23 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.LatestVersion", "2.7.2.0");
Line Found : user_pref("CT2405280.Locale", "en-us");
Line Found : user_pref("CT2405280.LoginCache", 4);
Line Found : user_pref("CT2405280.MCDetectTooltipHeight", "83");
Line Found : user_pref("CT2405280.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Found : user_pref("CT2405280.MCDetectTooltipWidth", "295");
Line Found : user_pref("CT2405280.RadioIsPodcast", false);
Line Found : user_pref("CT2405280.RadioLastCheckTime", "Thu Aug 19 2010 03:33:55 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.RadioLastUpdateIPServer", "3");
Line Found : user_pref("CT2405280.RadioLastUpdateServer", "129167775315800000");
Line Found : user_pref("CT2405280.RadioMediaID", "20503713");
Line Found : user_pref("CT2405280.RadioMediaType", "Media Player");
Line Found : user_pref("CT2405280.RadioMenuSelectedID", "EBRadioMenu_CT240528020503713");
Line Found : user_pref("CT2405280.RadioStationName", "Virgin%20Radio%20Classic%20Rock");
Line Found : user_pref("CT2405280.RadioStationURL", "hxxp://www.smgradio.com/core/audio/wmp/live.asx?service=vcbb");
Line Found : user_pref("CT2405280.SearchBoxWidth", 888);
Line Found : user_pref("CT2405280.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2405280&octid=EB_ORIGINAL_CTID&SearchSource=1");
Line Found : user_pref("CT2405280.SearchFromAddressBarIsInit", true);
Line Found : user_pref("CT2405280.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&q=");
Line Found : user_pref("CT2405280.SearchInNewTabEnabled", true);
Line Found : user_pref("CT2405280.SearchInNewTabIntervalMM", 1440);
Line Found : user_pref("CT2405280.SearchInNewTabLastCheckTime", "Thu Aug 19 2010 03:33:44 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT2405280.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT2405280.SettingsCheckIntervalMin", 120);
Line Found : user_pref("CT2405280.SettingsLastCheckTime", "Wed Aug 18 2010 12:47:21 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.SettingsLastUpdate", "1281094364");
Line Found : user_pref("CT2405280.ThirdPartyComponentsInterval", 504);
Line Found : user_pref("CT2405280.ThirdPartyComponentsLastCheck", "Wed Aug 18 2010 03:33:40 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.ThirdPartyComponentsLastUpdate", "1246790578");
Line Found : user_pref("CT2405280.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Line Found : user_pref("CT2405280.UserID", "UN90243065947968243");
Line Found : user_pref("CT2405280.ValidationData_Toolbar", 2);
Line Found : user_pref("CT2405280.WeatherNetwork", "");
Line Found : user_pref("CT2405280.WeatherPollDate", "Wed Aug 18 2010 21:47:44 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2405280.WeatherUnit", "F");
Line Found : user_pref("CT2405280.alertChannelId", "799768");
Line Found : user_pref("CT2405280.clientLogIsEnabled", true);
Line Found : user_pref("CT2405280.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Found : user_pref("CT2405280.myStuffEnabled", true);
Line Found : user_pref("CT2405280.myStuffPublihserMinWidth", 400);
Line Found : user_pref("CT2405280.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Found : user_pref("CT2405280.myStuffServiceIntervalMM", 1440);
Line Found : user_pref("CT2405280.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Found : user_pref("CT2405280.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253", "\"855c0149f6eee656fc46e123af79ec731\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", "\"1336063965\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "G9mW7heT/8xIX1frcduu0A==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "2E1/v7EfCEDbv3VaBQMELg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "UgzXjW7BIkfdx+x39Ruv3w==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "FqddrIU7eyJgaaLyHDeVMQ==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:14d1\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.2.1", "\"0652eeacc6cb1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253", "\"84df7a85bec3b2a3dd055a4bedea5adc\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"21ba1682b5b6825cbfd420592a540476\"");
Line Found : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Line Found : user_pref("CommunityToolbar.EngineOwnerGuid", "[email protected]");
Line Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Line Found : user_pref("CommunityToolbar.IsEngineShown", true);
Line Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Line Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\HP_Administrator\\Application Data\\Mozilla\\Firefox\\Profiles\\91b5e42t.default\\conduitCommon\\modules\\3.13.0.6");
Line Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
Line Found : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Line Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "[email protected]");
Line Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Line Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Line Found : user_pref("CommunityToolbar.ToolbarsList", "CT2405280,ConduitEngine");
Line Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2405280");
Line Found : user_pref("CommunityToolbar.ToolbarsList4", "");
Line Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon Mar 21 2011 13:09:52 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Found : user_pref("CommunityToolbar.alert.locale", "en");
Line Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Mar 21 2011 13:09:50 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291048634");
Line Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Found : user_pref("CommunityToolbar.alert.userId", "26aba618-455a-40d9-baca-ed910013b9e5");
Line Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Aug 19 2010 03:33:46 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CommunityToolbar.globalUserId", "a16b55d9-83ea-46a5-9122-f1a4d592ea56");
Line Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");
Line Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Jun 23 2012 20:29:20 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Line Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Found : user_pref("CommunityToolbar.notifications.locale", "en");
Line Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Jun 23 2012 20:29:17 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Found : user_pref("CommunityToolbar.notifications.userId", "a8549b8f-5cad-48b9-a818-73918fc6c3c7");
Line Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://forecast.weather.gov/MapClick.php?CityName=Phenix+City&state=AL&site=BMX&lat=32.4655&lon=-85.0146");
Line Found : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
Line Found : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Mon Mar 21 2011 13:10:02 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Mon Mar 21 2011 13:09:52 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("ConduitEngine.FirstServerDate", "03/21/2011 19");
Line Found : user_pref("ConduitEngine.FirstTimeFF3", true);
Line Found : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Line Found : user_pref("ConduitEngine.Initialize", true);
Line Found : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Line Found : user_pref("ConduitEngine.InstalledDate", "Mon Mar 21 2011 13:26:24 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("ConduitEngine.IsMulticommunity", false);
Line Found : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Line Found : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Line Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Mon Mar 21 2011 13:09:52 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("ConduitEngine.LastLogin_3.3.2.1", "Mon Mar 21 2011 13:09:52 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Line Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Mon Mar 21 2011 13:09:52 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("ConduitEngine.UserID", "UN88112210765946675");
Line Found : user_pref("ConduitEngine.engineLocale", "en-US");
Line Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Mon Mar 21 2011 13:09:52 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Mon Mar 21 2011 13:09:52 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("ConduitEngine.initDone", true);
Line Found : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Line Found : user_pref("aol_toolbar.default.homepage.check", false);
Line Found : user_pref("aol_toolbar.default.search.check", false);
Line Found : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Found : user_pref("extensions.aniweather.timeShifted", 648905);
Line Found : user_pref("extensions.greasemonkey.scriptvals.hxxp://www.facebook.com/YouTubeCenter/YouTube Center.YouTubeCenterSettings", "{\"hideTicker\":true,\"enableEndscreenAutoplay\":false,\"removeYouTubeTitleS[...]
Line Found : user_pref("network.protocol-handler.external.veoh", false);
Line Found : user_pref("plugin.blocklisted.npviewpoint", true);
Line Found : user_pref("plugin.state.npveohversion", 0);
Line Found : user_pref("plugin.state.npviewpoint", 0);
Line Found : user_pref("plugin.state.npwebplayervideopluginatl", 0);
Line Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Found : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Found : user_pref("sweetim.toolbar.searchguard.enable", "");

*************************

AdwCleaner[R0].txt - [31093 octets] - [10/12/2013 02:24:29]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [31154 octets] ##########




And here's the OTL log:


OTL logfile created on: 12/10/2013 2:31:32 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.49 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 79.72% Memory free
6.07 Gb Paging File | 5.48 Gb Available in Paging File | 90.37% Paging File free
Paging file location(s): C:\pagefile.sys 3820 7640 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.30 Gb Total Space | 62.08 Gb Free Space | 34.82% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 1.43 Gb Free Space | 17.82% Space Free | Partition Type: FAT32

Computer Name: BAM | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\HP_Administrator\My Documents\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Codebox\BitMeterOS\BitMeterCaptureService.exe ()
PRC - C:\Program Files\Codebox\BitMeterOS\BitMeterWebService.exe ()
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\BellSouth\HelpCenter40b\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe (BellSouth)
PRC - C:\Program Files\BellSouthWCC\McciTrayApp.exe (Motive Communications, Inc.)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)
PRC - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe (Hewlett-Packard)
PRC - C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Program Files\Codebox\BitMeterOS\BitMeterCaptureService.exe ()
MOD - C:\Program Files\Codebox\BitMeterOS\BitMeterWebService.exe ()
MOD - C:\WINDOWS\system32\sqlite3.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\bwfiles.dll ()
MOD - C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\FrExt.dll ()
MOD - C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\clntutil.dll ()
MOD - C:\Program Files\Updates from HP\309731\Program\frext-309731.dll ()
MOD - C:\Program Files\Updates from HP\309731\Program\BWfiles-309731.dll ()
MOD - C:\Program Files\Updates from HP\309731\Program\HPClientExt.dll ()
MOD - c:\Program Files\HP\Digital Imaging\bin\HpqUtil.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()


========== Services (SafeList) ==========

SRV - (yhfixnoho) -- C:\WINDOWS\system32\cwlfb.dll File not found
SRV - (kfkya) -- C:\WINDOWS\system32\cwlfb.dll File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (awkxzbde) -- C:\WINDOWS\system32\cwlfb.dll File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (BitMeterCaptureService) -- C:\Program Files\Codebox\BitMeterOS\BitMeterCaptureService.exe ()
SRV - (BitMeterWebService) -- C:\Program Files\Codebox\BitMeterOS\BitMeterWebService.exe ()
SRV - (npggsvc) -- C:\WINDOWS\system32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (XDva405) -- C:\WINDOWS\system32\XDva405.sys File not found
DRV - (XDva402) -- C:\WINDOWS\system32\XDva402.sys File not found
DRV - (XDva401) -- C:\WINDOWS\system32\XDva401.sys File not found
DRV - (XDva399) -- C:\WINDOWS\system32\XDva399.sys File not found
DRV - (XDva398) -- C:\WINDOWS\system32\XDva398.sys File not found
DRV - (XDva351) -- C:\WINDOWS\system32\XDva351.sys File not found
DRV - (XDva288) -- C:\WINDOWS\system32\XDva288.sys File not found
DRV - (XDva279) -- C:\WINDOWS\system32\XDva279.sys File not found
DRV - (XDva275) -- C:\WINDOWS\system32\XDva275.sys File not found
DRV - (XDva190) -- C:\WINDOWS\system32\XDva190.sys File not found
DRV - (XDva164) -- C:\WINDOWS\system32\XDva164.sys File not found
DRV - (XDva090) -- C:\WINDOWS\system32\XDva090.sys File not found
DRV - (WDICA) -- File not found
DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (VMnetAdapter) -- system32\DRIVERS\vmnetadapter.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (npkcrypt) -- C:\Nexon\MapleStory\npkcrypt.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (EagleXNt) -- C:\WINDOWS\system32\drivers\EagleXNt.sys File not found
DRV - (EagleNT) -- C:\WINDOWS\system32\drivers\EagleNT.sys File not found
DRV - (Changer) -- File not found
DRV - (a06b0jo8) -- File not found
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Almico Software)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (PcdrNdisuio) -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys (Windows ® 2000 DDK provider)
DRV - (NPPTNT2) -- C:\WINDOWS\system32\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (MRENDIS5) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
DRV - (MREMPR5) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider)
DRV - (fasttx2k) -- C:\WINDOWS\system32\drivers\Fasttx2k.sys (Promise Technology, Inc.)
DRV - (m4301a) -- C:\WINDOWS\system32\drivers\m4301A.sys (ALinx Corporation)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (USBIO) -- C:\WINDOWS\system32\drivers\usbio.sys (Thesycon GmbH, Germany)
DRV - (dsreader) -- C:\WINDOWS\system32\drivers\dsreader.sys (Thesycon GmbH, Germany)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...arm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...arm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...arm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...arm1=seconduser
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...arm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...arm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...arm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...arm1=seconduser
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...lion&pf=desktop
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...lion&pf=desktop
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\SearchScopes\{07CDF6CF-81A3-473E-A44B-C85FE997E245}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.c...rms}&tbid=60327
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\SearchScopes\{546216CA-FCE2-4483-8CD9-D99C3AB0319E}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-se...q={searchTerms}
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3072253
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://forecast.weat... AL 36869, USA"
FF - prefs.js..extensions.enabledAddons: exportcookies%40aag:1.2
FF - prefs.js..extensions.enabledAddons: translator%40zoli.bod:2.1.0.3
FF - prefs.js..extensions.enabledAddons: %7B600452e8-6851-46db-80fd-fa571b2deaa7%7D:0.7
FF - prefs.js..extensions.enabledAddons: bossknb%40ttt-jl.blogspot.com:3.0
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7B54BB9F3F-07E5-486c-9B39-C7398B99391C%7D:4.1.2013040601
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.2.1
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: %7B4176DFF4-4698-11DE-BEEB-45DA55D89593%7D:0.8.38
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.12
FF - prefs.js..extensions.enabledAddons: %7BFF2FA6A4-B3B1-11DD-B910-6C9A55D89593%7D:0.51
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.8.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: ""
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll (Veoh Networks Inc)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\HP_Administrator\Application Data\nprhapengine.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/11/15 16:08:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/11/15 16:08:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\VideoFinder4 [2008/04/07 20:12:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2009/07/25 15:41:54 | 000,000,000 | ---D | M]

[2008/06/20 23:52:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2013/12/05 02:05:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions
[2013/08/27 13:29:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/10/20 14:03:16 | 000,000,000 | ---D | M] (Bazzacuda Image Saver Plus) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\{FF2FA6A4-B3B1-11DD-B910-6C9A55D89593}
[2013/05/21 02:12:40 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\[email protected]
[2013/02/02 05:57:04 | 000,011,503 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\[email protected]
[2012/11/01 20:12:19 | 000,002,060 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\[email protected]
[2013/10/03 23:05:51 | 000,026,163 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\[email protected]
[2012/10/27 02:18:47 | 000,060,290 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\[email protected]
[2013/09/11 05:48:36 | 000,222,585 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi
[2013/04/13 19:36:40 | 000,307,011 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi
[2011/10/14 10:54:06 | 000,012,128 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\{600452e8-6851-46db-80fd-fa571b2deaa7}.xpi
[2013/12/05 02:05:03 | 000,535,138 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/06/24 12:11:13 | 000,005,490 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\{ab4b5718-3998-4a2c-91ae-18a7c2db513e}.xpi
[2013/10/09 23:05:55 | 000,915,554 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/04/04 04:15:44 | 000,714,654 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/10/01 06:02:25 | 000,282,570 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/05/28 15:04:37 | 000,002,552 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\searchplugins\aol-search.xml
[2009/11/11 12:38:47 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\searchplugins\daemon-search.xml
[2013/11/15 16:08:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/11/15 16:08:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/11/15 16:08:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/11/15 16:08:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/11/15 16:08:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/15 16:08:45 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/12/07 09:18:02 | 000,000,741 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {3049C3E9-B461-)Please wait scanning download directoriesCHINE - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\Toolbar\ShellBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BellSouthAlertManager.exe] C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe (BellSouth)
O4 - HKLM..\Run: [BellSouthWCC_McciTrayApp] C:\Program Files\BellSouthWCC\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [HelpCenter4.1] C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008..\Run: [] File not found
O4 - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = B1 00 00 00 [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = B1 00 00 00 [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O8 - Extra context menu item: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopet...v/GoPetsWeb.cab (GoPetsWeb Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4F10B1A-FB37-460E-AE80-48CD901D475C}: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9674092-538B-4B3A-98C7-144EF052819F}: DhcpNameServer = 192.168.1.254 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\MY DOCUMENTS\PROCESSEXPLORER\PROCEXP.EXE (Sysinternals - www.sysinternals.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/28 09:57:44 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 23:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{489d45bb-311d-11e1-94d1-000f66ef5b22}\Shell\AutoRun\command - "" = M:\setupSNK.exe
O33 - MountPoints2\{a6916568-31c7-11e1-94d2-000f66ef5b22}\Shell\AutoRun\command - "" = L:\setupSNK.exe
O33 - MountPoints2\{c7513a8a-7fba-11dc-8e63-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{c7513a8a-7fba-11dc-8e63-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c7513a8a-7fba-11dc-8e63-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: kfkya - C:\WINDOWS\system32\cwlfb.dll File not found
NetSvcs: awkxzbde - C:\WINDOWS\system32\cwlfb.dll File not found
NetSvcs: yhfixnoho - C:\WINDOWS\system32\cwlfb.dll File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/12/10 02:23:37 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/10 02:16:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\PriceGong
[2013/12/06 23:36:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\tdsskiller
[2013/12/06 23:31:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\OTL.exe
[2013/12/06 23:22:58 | 000,398,752 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\HP_Administrator\My Documents\unhide.exe
[2013/12/06 21:34:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\RK_Quarantine
[2013/12/05 01:54:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Recent
[2013/11/29 22:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Python 2.2
[2013/11/29 17:07:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\MultiBit
[2013/11/29 17:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\MultiBit-0.5.15
[2013/11/29 17:06:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MultiBit
[2013/11/15 16:08:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2006/09/24 20:01:22 | 000,014,336 | ---- | C] (Valhalla Legends) -- C:\Program Files\DxWnd.exe
[2006/09/24 20:01:18 | 000,041,472 | ---- | C] (Valhalla Legends) -- C:\Program Files\Standard.dxw
[2006/09/24 20:01:16 | 000,012,288 | ---- | C] (Valhalla Legends) -- C:\Program Files\IpBind.dxw
[2006/09/24 20:01:14 | 000,041,984 | ---- | C] (Valhalla Legends) -- C:\Program Files\DxWndSrv.dll
[2004/02/10 22:59:12 | 000,026,624 | ---- | C] (Valhalla Legends) -- C:\Program Files\ScWnd.hdl
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/10 02:23:12 | 001,110,034 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\AdwCleaner.exe
[2013/12/10 02:21:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/10 02:12:39 | 000,840,264 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\pbsvc.exe
[2013/12/09 15:21:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/09 12:54:45 | 000,000,189 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2013/12/09 12:48:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/09 12:48:48 | 2675,298,304 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/07 06:49:48 | 000,000,026 | ---- | M] () -- C:\WINDOWS\ExplorerXP.INI
[2013/12/07 02:50:21 | 000,140,288 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/12/06 23:31:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\OTL.exe
[2013/12/06 23:22:55 | 000,398,752 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\HP_Administrator\My Documents\unhide.exe
[2013/12/06 21:33:38 | 003,580,416 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\RogueKiller.exe
[2013/12/05 14:41:04 | 000,090,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013/12/05 01:21:47 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/12/03 14:55:51 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/29 17:06:59 | 000,001,451 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MultiBit 0.5.15.lnk
[2013/11/29 17:05:42 | 009,265,368 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\multibit-0.5.15-windows-setup.exe
[2013/11/26 01:16:21 | 000,137,208 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013/11/26 01:16:21 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/10 02:23:13 | 001,110,034 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\AdwCleaner.exe
[2013/12/10 02:12:45 | 000,840,264 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\pbsvc.exe
[2013/12/06 21:33:28 | 003,580,416 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\RogueKiller.exe
[2013/12/01 15:16:47 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/01 15:16:46 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/29 17:06:59 | 000,001,451 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MultiBit 0.5.15.lnk
[2013/11/29 17:04:03 | 009,265,368 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\multibit-0.5.15-windows-setup.exe
[2013/09/10 23:42:18 | 000,000,754 | ---- | C] () -- C:\WINDOWS\wordpad.INI
[2013/05/17 02:12:18 | 000,125,440 | ---- | C] () -- C:\WINDOWS\System32\lua5.1a.dll
[2013/04/14 05:15:47 | 000,205,064 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/12/11 09:22:22 | 000,000,101 | ---- | C] () -- C:\WINDOWS\System32\ud-boot-time.ini
[2011/01/07 16:23:58 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PnkBstrK.sys
[2008/11/11 22:57:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\~gep2~
[2007/10/22 16:48:52 | 000,140,288 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/21 04:59:10 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2006/09/24 20:01:20 | 000,007,168 | ---- | C] () -- C:\Program Files\Starcraft.dxw

========== ZeroAccess Check ==========

[2005/01/28 04:37:18 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/03/02 18:04:03 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2005/04/28 09:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterMute
[2005/04/28 09:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2007/10/21 15:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BellSouth
[2013/12/10 02:31:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitMeterOS
[2009/11/11 12:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/11/11 13:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2013/05/28 15:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2010/10/24 01:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2012/03/16 22:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2013/05/28 15:03:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\StarApp
[2008/08/06 22:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/08/21 20:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia
[2007/11/16 22:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/04/04 22:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/23 23:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/13 13:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/12 01:45:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2005/04/28 09:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterMute
[2005/04/28 09:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/13 19:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/13 19:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2008/04/13 19:11:50 | 000,077,824 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/13 19:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 19:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2008/04/13 19:11:52 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/13 19:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2008/04/13 19:12:05 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/13 19:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2008/04/13 19:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 19:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 19:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 19:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/13 19:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2008/04/13 19:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 19:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 19:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 19:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/13 19:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2008/04/13 19:12:07 | 000,096,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2008/04/13 19:12:05 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/13 19:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 19:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 19:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2008/04/13 19:12:05 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/13 19:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/13 19:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/13 19:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/13 19:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/05/19 01:57:42 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/13 19:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 07:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/13 19:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/13 19:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2008/04/13 19:12:09 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/10 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SERVICES >
[2004/08/10 13:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES._ >
[2004/08/10 07:00:00 | 000,001,989 | ---- | M] () MD5=29BB3BBBE3D49156A42BFB3DD000F554 -- C:\WINDOWS\I386\SERVICES._

< MD5 for: SERVICES.EX_ >
[2004/08/10 07:00:00 | 000,049,955 | ---- | M] () MD5=85A738BA493104ED103B26CADEB8B543 -- C:\WINDOWS\I386\SERVICES.EX_

< MD5 for: SERVICES.EXE >
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/10 07:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SERVICES.JSM >
[2012/03/10 18:30:24 | 000,006,317 | ---- | M] () MD5=C698274FE1590498B56DEDB947AEFF16 -- C:\Program Files\TuneUpMedia\xre\modules\Services.jsm

< MD5 for: SERVICES.LNK >
[2009/06/28 05:17:51 | 000,001,613 | ---- | M] () MD5=F0DEEED3DA9606C46F39E6602500DADF -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MS_ >
[2004/08/10 07:00:00 | 000,003,649 | ---- | M] () MD5=64E9F61D2ED093C361862DE36433B5E1 -- C:\WINDOWS\I386\SERVICES.MS_

< MD5 for: SERVICES.MSC >
[2004/08/10 07:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/10 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/10 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/10 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 498 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF

< End of report >
  • 0

#6
Valinorum
Posted 10 December 2013 - 10:31 PM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Hi SunnySeven, :)

Pando Media Booster Advice:

I see you Pando Media Booster installed, maybe intentionally and or came with one of your installed games for example. Technically this type of software is based upon peer to peer technology and you can never really be sure what it is purportedly downloading is always safe. Plus it does not always make that much of a improvement with downloading.

My friendly advice is if you do not really use it, merely uninstall. However this is choice to do so or not and end of the day I respect whomever I assist with what they wish to have installed on their respective machines.

Avira Anti-virus Advice:
I see you have Avira Anti-virus in your system. Recently it comes bundled with Ask adware which is unwanted for a system. I would counsel you to migrate to another anti-virus for example avast! but do note that it is at your sole discretion whether you want the change or not.
A re-scan with AdwCleaner may render certain aspects inoperable and necessitate either a repair/reinstall of the software. If such thing occur, we will address the situation in due course.

 

  • Step #3 Fix with AdwCleaner
    Re-run AdwCleaner. The software has been updated recently and if an update prompt is shown please update it.

    Click on Scan and follow the prompts. Let it run unhindered. When done,click on the Clean button, and follow the prompts.
    Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

    The report will be saved in the C:\AdwCleaner folder. as AdwCleaner[S1].txt

 

Re-run OTL and click Quick Scan and post the log.

 

  • Required Log(s):
  • AdwCleaner Fix Log;
  • OTL.txt

Regards,
Valinorum
  • 0

#7
SunnySeven
Posted 11 December 2013 - 02:07 AM

SunnySeven

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Hello, I'm not sure what or even where Pando Media Booster is. If I find it I'll uninstall it. I'll look into Avast if something else comes up.

Heres the AdwCleaner logs after the clean:


# AdwCleaner v3.015 - Report created 11/12/2013 at 02:29:15
# Updated 10/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : HP_Administrator - BAM
# Running from : C:\Documents and Settings\HP_Administrator\My Documents\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\StarApp
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\continuetosave
Folder Deleted : C:\Program Files\Search Settings
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\Conduit
Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\ConduitEngine
File Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\searchplugins\daemon-search.xml
File Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_09b71135
Key Deleted : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2405280
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF0118D4-63FF-4138-9327-F3028FB1A578}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF0118D4-63FF-4138-9327-F3028FB1A578}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\dt soft\daemon tools toolbar
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{5F05C28D-DEA9-4AD6-A73A-064175988EAB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{9DDD0B95-1F3E-453E-9F12-EACB0DD6B6CF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C878CD69-85DB-426B-81A3-E71175AAEB91}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{DA64E459-FBF3-4A9C-A3E8-FD0240C4E611}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\CToolbar_UNINSTALL
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\nzolvhbi.default\prefs.js ]

Line Deleted : user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03,{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05,{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07,[email protected]:1.3[...]

[ File : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\prefs.js ]

Line Deleted : user_pref("CT2405280.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2405280.CTID", "CT2405280");
Line Deleted : user_pref("CT2405280.CurrentServerDate", "19-8-2010");
Line Deleted : user_pref("CT2405280.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2405280.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2405280.EMailNotifierPollDate", "Wed Aug 18 2010 22:12:26 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedLastCount1783261708582779529", 1477);
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392415092", "Wed Aug 18 2010 20:47:25 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392415098", "Wed Aug 18 2010 20:47:25 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392415104", "Wed Aug 18 2010 20:47:25 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392415110", "Wed Aug 18 2010 20:47:25 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392415116", "Wed Aug 18 2010 20:47:25 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392415122", "Wed Aug 18 2010 20:47:25 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392571378", "Wed Aug 18 2010 20:47:25 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392571384", "Wed Aug 18 2010 20:47:25 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392571390", "Wed Aug 18 2010 20:47:26 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392571396", "Wed Aug 18 2010 20:47:26 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392571402", "Wed Aug 18 2010 20:47:26 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392571408", "Wed Aug 18 2010 20:47:26 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392571414", "Wed Aug 18 2010 20:47:26 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392571420", "Wed Aug 18 2010 20:47:30 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392571426", "Wed Aug 18 2010 20:47:30 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392571432", "Wed Aug 18 2010 20:47:30 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392571438", "Wed Aug 18 2010 20:47:30 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392571444", "Wed Aug 18 2010 20:47:30 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392727700", "Wed Aug 18 2010 20:47:30 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392727706", "Wed Aug 18 2010 20:47:30 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392727712", "Wed Aug 18 2010 20:47:30 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392727718", "Wed Aug 18 2010 20:47:30 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392727724", "Wed Aug 18 2010 20:47:30 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392727730", "Wed Aug 18 2010 20:47:30 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392727736", "Wed Aug 18 2010 20:47:30 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392727742", "Wed Aug 18 2010 20:47:30 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392727748", "Wed Aug 18 2010 20:47:30 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392727754", "Wed Aug 18 2010 20:47:30 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392727760", "Wed Aug 18 2010 03:33:45 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392727766", "Wed Aug 18 2010 20:47:30 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392727772", "Wed Aug 18 2010 20:47:31 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392727778", "Wed Aug 18 2010 20:47:31 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392727784", "Wed Aug 18 2010 20:47:31 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392727790", "Wed Aug 18 2010 20:47:31 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392727796", "Wed Aug 18 2010 20:47:31 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392727802", "Wed Aug 18 2010 20:47:31 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392727808", "Wed Aug 18 2010 03:33:46 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392727814", "Wed Aug 18 2010 20:47:31 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392727820", "Wed Aug 18 2010 21:47:28 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392727826", "Wed Aug 18 2010 20:47:31 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392727832", "Wed Aug 18 2010 20:47:33 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392727838", "Wed Aug 18 2010 20:47:33 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392727844", "Wed Aug 18 2010 20:47:33 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392727850", "Wed Aug 18 2010 20:47:33 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392727856", "Wed Aug 18 2010 20:47:33 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392727862", "Wed Aug 18 2010 20:47:33 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392727868", "Wed Aug 18 2010 20:47:33 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392727874", "Wed Aug 18 2010 20:47:33 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392727880", "Wed Aug 18 2010 20:47:31 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392727886", "Wed Aug 18 2010 20:47:31 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392727892", "Wed Aug 18 2010 20:47:31 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedPollDate129255180392727898", "Wed Aug 18 2010 20:47:34 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.FeedTTL129255180392415104", 15);
Line Deleted : user_pref("CT2405280.FeedTTL129255180392415116", 60);
Line Deleted : user_pref("CT2405280.FeedTTL129255180392571420", 60);
Line Deleted : user_pref("CT2405280.FeedTTL129255180392571426", 15);
Line Deleted : user_pref("CT2405280.FeedTTL129255180392571432", 2);
Line Deleted : user_pref("CT2405280.FeedTTL129255180392571438", 15);
Line Deleted : user_pref("CT2405280.FeedTTL129255180392727700", 30);
Line Deleted : user_pref("CT2405280.FeedTTL129255180392727706", 5);
Line Deleted : user_pref("CT2405280.FeedTTL129255180392727712", 5);
Line Deleted : user_pref("CT2405280.FeedTTL129255180392727724", 5);
Line Deleted : user_pref("CT2405280.FeedTTL129255180392727736", 30);
Line Deleted : user_pref("CT2405280.FeedTTL129255180392727742", 30);
Line Deleted : user_pref("CT2405280.FeedTTL129255180392727766", 15);
Line Deleted : user_pref("CT2405280.FeedTTL129255180392727778", 15);
Line Deleted : user_pref("CT2405280.FeedTTL129255180392727784", 15);
Line Deleted : user_pref("CT2405280.FeedTTL129255180392727790", 15);
Line Deleted : user_pref("CT2405280.FeedTTL129255180392727808", 1440);
Line Deleted : user_pref("CT2405280.FeedTTL129255180392727838", 10);
Line Deleted : user_pref("CT2405280.FeedTTL129255180392727856", 5);
Line Deleted : user_pref("CT2405280.FirstServerDate", "18-8-2010");
Line Deleted : user_pref("CT2405280.FirstTime", true);
Line Deleted : user_pref("CT2405280.FirstTimeFF3", true);
Line Deleted : user_pref("CT2405280.FirstTimeSettingsDone", true);
Line Deleted : user_pref("CT2405280.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2405280.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2405280.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2405280.Initialize", true);
Line Deleted : user_pref("CT2405280.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2405280.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2405280.InstallationType", "UnknownIntegration");
Line Deleted : user_pref("CT2405280.InstalledDate", "Wed Aug 18 2010 03:33:42 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.InvalidateCache", false);
Line Deleted : user_pref("CT2405280.IsGrouping", false);
Line Deleted : user_pref("CT2405280.IsMulticommunity", false);
Line Deleted : user_pref("CT2405280.IsOpenThankYouPage", false);
Line Deleted : user_pref("CT2405280.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2405280.LanguagePackLastCheckTime", "Wed Aug 18 2010 03:33:45 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2405280.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2405280.LastLogin_2.7.1.3", "Wed Aug 18 2010 20:47:23 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.LatestVersion", "2.7.2.0");
Line Deleted : user_pref("CT2405280.Locale", "en-us");
Line Deleted : user_pref("CT2405280.LoginCache", 4);
Line Deleted : user_pref("CT2405280.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2405280.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2405280.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2405280.RadioIsPodcast", false);
Line Deleted : user_pref("CT2405280.RadioLastCheckTime", "Thu Aug 19 2010 03:33:55 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.RadioLastUpdateIPServer", "3");
Line Deleted : user_pref("CT2405280.RadioLastUpdateServer", "129167775315800000");
Line Deleted : user_pref("CT2405280.RadioMediaID", "20503713");
Line Deleted : user_pref("CT2405280.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT2405280.RadioMenuSelectedID", "EBRadioMenu_CT240528020503713");
Line Deleted : user_pref("CT2405280.RadioStationName", "Virgin%20Radio%20Classic%20Rock");
Line Deleted : user_pref("CT2405280.RadioStationURL", "hxxp://www.smgradio.com/core/audio/wmp/live.asx?service=vcbb");
Line Deleted : user_pref("CT2405280.SearchBoxWidth", 888);
Line Deleted : user_pref("CT2405280.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2405280&octid=EB_ORIGINAL_CTID&SearchSource=1");
Line Deleted : user_pref("CT2405280.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2405280.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&q=");
Line Deleted : user_pref("CT2405280.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2405280.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2405280.SearchInNewTabLastCheckTime", "Thu Aug 19 2010 03:33:44 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2405280.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2405280.SettingsCheckIntervalMin", 120);
Line Deleted : user_pref("CT2405280.SettingsLastCheckTime", "Wed Aug 18 2010 12:47:21 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.SettingsLastUpdate", "1281094364");
Line Deleted : user_pref("CT2405280.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2405280.ThirdPartyComponentsLastCheck", "Wed Aug 18 2010 03:33:40 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.ThirdPartyComponentsLastUpdate", "1246790578");
Line Deleted : user_pref("CT2405280.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Line Deleted : user_pref("CT2405280.UserID", "UN90243065947968243");
Line Deleted : user_pref("CT2405280.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT2405280.WeatherNetwork", "");
Line Deleted : user_pref("CT2405280.WeatherPollDate", "Wed Aug 18 2010 21:47:44 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2405280.WeatherUnit", "F");
Line Deleted : user_pref("CT2405280.alertChannelId", "799768");
Line Deleted : user_pref("CT2405280.clientLogIsEnabled", true);
Line Deleted : user_pref("CT2405280.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2405280.myStuffEnabled", true);
Line Deleted : user_pref("CT2405280.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2405280.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2405280.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2405280.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2405280.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253", "\"855c0149f6eee656fc46e123af79ec731\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", "\"1336063965\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "G9mW7heT/8xIX1frcduu0A==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "2E1/v7EfCEDbv3VaBQMELg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "UgzXjW7BIkfdx+x39Ruv3w==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "FqddrIU7eyJgaaLyHDeVMQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:14d1\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.2.1", "\"0652eeacc6cb1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253", "\"84df7a85bec3b2a3dd055a4bedea5adc\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"21ba1682b5b6825cbfd420592a540476\"");
Line Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "[email protected]");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Line Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Line Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\HP_Administrator\\Application Data\\Mozilla\\Firefox\\Profiles\\91b5e42t.default\\conduitCommon\\modules\\3.13.0.6");
Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "[email protected]");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2405280,ConduitEngine");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2405280");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "");
Line Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon Mar 21 2011 13:09:52 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Mar 21 2011 13:09:50 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291048634");
Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.alert.userId", "26aba618-455a-40d9-baca-ed910013b9e5");
Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Aug 19 2010 03:33:46 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "a16b55d9-83ea-46a5-9122-f1a4d592ea56");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");
Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Jun 23 2012 20:29:20 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Jun 23 2012 20:29:17 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.notifications.userId", "a8549b8f-5cad-48b9-a818-73918fc6c3c7");
Line Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://forecast.weather.gov/MapClick.php?CityName=Phenix+City&state=AL&site=BMX&lat=32.4655&lon=-85.0146");
Line Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Mon Mar 21 2011 13:10:02 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Mon Mar 21 2011 13:09:52 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("ConduitEngine.FirstServerDate", "03/21/2011 19");
Line Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Line Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Line Deleted : user_pref("ConduitEngine.Initialize", true);
Line Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Line Deleted : user_pref("ConduitEngine.InstalledDate", "Mon Mar 21 2011 13:26:24 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Line Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Line Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Line Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Mon Mar 21 2011 13:09:52 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("ConduitEngine.LastLogin_3.3.2.1", "Mon Mar 21 2011 13:09:52 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Mon Mar 21 2011 13:09:52 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("ConduitEngine.UserID", "UN88112210765946675");
Line Deleted : user_pref("ConduitEngine.engineLocale", "en-US");
Line Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Mon Mar 21 2011 13:09:52 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Mon Mar 21 2011 13:09:52 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("ConduitEngine.initDone", true);
Line Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("extensions.aniweather.timeShifted", 648905);
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://www.facebook.com/YouTubeCenter/YouTube Center.YouTubeCenterSettings", "{\"hideTicker\":true,\"enableEndscreenAutoplay\":false,\"removeYouTubeTitleS[...]
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.userscripts.org/YouTube Link Title.cache", "{\"yt8wW7c58nMI4\":\"Odessa Girls - Ukraine\",\"ytkBoesEFWZnM\":\"NOTHING\",\"ytzH3Vkr2NTlM\":\"?Pizuya's Ce[...]
Line Deleted : user_pref("network.protocol-handler.external.veoh", false);
Line Deleted : user_pref("plugin.blocklisted.npviewpoint", true);
Line Deleted : user_pref("plugin.state.npveohversion", 0);
Line Deleted : user_pref("plugin.state.npviewpoint", 0);
Line Deleted : user_pref("plugin.state.npwebplayervideopluginatl", 0);
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

*************************

AdwCleaner[R0].txt - [31235 octets] - [10/12/2013 02:24:29]
AdwCleaner[R1].txt - [31834 octets] - [11/12/2013 02:27:06]
AdwCleaner[S0].txt - [32410 octets] - [11/12/2013 02:29:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [32471 octets] ##########







For the OTL logs I wasn't sure if you wanted the custom scans again so I went and adding them anyways:



OTL logfile created on: 12/11/2013 2:55:08 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.49 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 70.71% Memory free
6.07 Gb Paging File | 5.22 Gb Available in Paging File | 86.01% Paging File free
Paging file location(s): C:\pagefile.sys 3820 7640 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.30 Gb Total Space | 62.40 Gb Free Space | 35.00% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 1.43 Gb Free Space | 17.82% Space Free | Partition Type: FAT32

Computer Name: BAM | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\HP_Administrator\My Documents\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Codebox\BitMeterOS\BitMeterCaptureService.exe ()
PRC - C:\Program Files\Codebox\BitMeterOS\BitMeterWebService.exe ()
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\BellSouth\HelpCenter40b\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe (BellSouth)
PRC - C:\Program Files\BellSouthWCC\McciTrayApp.exe (Motive Communications, Inc.)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)
PRC - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe (Hewlett-Packard)
PRC - C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Program Files\Codebox\BitMeterOS\BitMeterCaptureService.exe ()
MOD - C:\Program Files\Codebox\BitMeterOS\BitMeterWebService.exe ()
MOD - C:\WINDOWS\system32\sqlite3.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\bwfiles.dll ()
MOD - C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\FrExt.dll ()
MOD - C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\clntutil.dll ()
MOD - C:\Program Files\Updates from HP\309731\Program\frext-309731.dll ()
MOD - C:\Program Files\Updates from HP\309731\Program\BWfiles-309731.dll ()
MOD - C:\Program Files\Updates from HP\309731\Program\HPClientExt.dll ()
MOD - c:\Program Files\HP\Digital Imaging\bin\HpqUtil.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()


========== Services (SafeList) ==========

SRV - (yhfixnoho) -- C:\WINDOWS\system32\cwlfb.dll File not found
SRV - (kfkya) -- C:\WINDOWS\system32\cwlfb.dll File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (awkxzbde) -- C:\WINDOWS\system32\cwlfb.dll File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (BitMeterCaptureService) -- C:\Program Files\Codebox\BitMeterOS\BitMeterCaptureService.exe ()
SRV - (BitMeterWebService) -- C:\Program Files\Codebox\BitMeterOS\BitMeterWebService.exe ()
SRV - (npggsvc) -- C:\WINDOWS\system32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (XDva405) -- C:\WINDOWS\system32\XDva405.sys File not found
DRV - (XDva402) -- C:\WINDOWS\system32\XDva402.sys File not found
DRV - (XDva401) -- C:\WINDOWS\system32\XDva401.sys File not found
DRV - (XDva399) -- C:\WINDOWS\system32\XDva399.sys File not found
DRV - (XDva398) -- C:\WINDOWS\system32\XDva398.sys File not found
DRV - (XDva351) -- C:\WINDOWS\system32\XDva351.sys File not found
DRV - (XDva288) -- C:\WINDOWS\system32\XDva288.sys File not found
DRV - (XDva279) -- C:\WINDOWS\system32\XDva279.sys File not found
DRV - (XDva275) -- C:\WINDOWS\system32\XDva275.sys File not found
DRV - (XDva190) -- C:\WINDOWS\system32\XDva190.sys File not found
DRV - (XDva164) -- C:\WINDOWS\system32\XDva164.sys File not found
DRV - (XDva090) -- C:\WINDOWS\system32\XDva090.sys File not found
DRV - (WDICA) -- File not found
DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (VMnetAdapter) -- system32\DRIVERS\vmnetadapter.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (npkcrypt) -- C:\Nexon\MapleStory\npkcrypt.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (EagleXNt) -- C:\WINDOWS\system32\drivers\EagleXNt.sys File not found
DRV - (EagleNT) -- C:\WINDOWS\system32\drivers\EagleNT.sys File not found
DRV - (Changer) -- File not found
DRV - (a5wutgbo) -- File not found
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Almico Software)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (PcdrNdisuio) -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys (Windows ® 2000 DDK provider)
DRV - (NPPTNT2) -- C:\WINDOWS\system32\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (MRENDIS5) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
DRV - (MREMPR5) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider)
DRV - (fasttx2k) -- C:\WINDOWS\system32\drivers\Fasttx2k.sys (Promise Technology, Inc.)
DRV - (m4301a) -- C:\WINDOWS\system32\drivers\m4301A.sys (ALinx Corporation)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (USBIO) -- C:\WINDOWS\system32\drivers\usbio.sys (Thesycon GmbH, Germany)
DRV - (dsreader) -- C:\WINDOWS\system32\drivers\dsreader.sys (Thesycon GmbH, Germany)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...arm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...arm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...arm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...arm1=seconduser
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...arm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...arm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...arm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...arm1=seconduser
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...lion&pf=desktop
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...lion&pf=desktop
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\SearchScopes\{07CDF6CF-81A3-473E-A44B-C85FE997E245}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\SearchScopes\{546216CA-FCE2-4483-8CD9-D99C3AB0319E}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://forecast.weat... AL 36869, USA"
FF - prefs.js..extensions.enabledAddons: exportcookies%40aag:1.2
FF - prefs.js..extensions.enabledAddons: translator%40zoli.bod:2.1.0.3
FF - prefs.js..extensions.enabledAddons: %7B600452e8-6851-46db-80fd-fa571b2deaa7%7D:0.7
FF - prefs.js..extensions.enabledAddons: bossknb%40ttt-jl.blogspot.com:3.0
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7B54BB9F3F-07E5-486c-9B39-C7398B99391C%7D:4.1.2013040601
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.2.1
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: %7B4176DFF4-4698-11DE-BEEB-45DA55D89593%7D:0.8.38
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.12
FF - prefs.js..extensions.enabledAddons: %7BFF2FA6A4-B3B1-11DD-B910-6C9A55D89593%7D:0.51
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.8.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: ""
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll (Veoh Networks Inc)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\HP_Administrator\Application Data\nprhapengine.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/11/15 16:08:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/11/15 16:08:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\VideoFinder4 [2008/04/07 20:12:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2009/07/25 15:41:54 | 000,000,000 | ---D | M]

[2008/06/20 23:52:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2013/12/05 02:05:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions
[2013/08/27 13:29:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/10/20 14:03:16 | 000,000,000 | ---D | M] (Bazzacuda Image Saver Plus) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\{FF2FA6A4-B3B1-11DD-B910-6C9A55D89593}
[2013/05/21 02:12:40 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\[email protected]
[2013/02/02 05:57:04 | 000,011,503 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\[email protected]
[2012/11/01 20:12:19 | 000,002,060 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\[email protected]
[2013/10/03 23:05:51 | 000,026,163 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\[email protected]
[2012/10/27 02:18:47 | 000,060,290 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\[email protected]
[2013/09/11 05:48:36 | 000,222,585 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi
[2013/04/13 19:36:40 | 000,307,011 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi
[2011/10/14 10:54:06 | 000,012,128 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\{600452e8-6851-46db-80fd-fa571b2deaa7}.xpi
[2013/12/05 02:05:03 | 000,535,138 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/06/24 12:11:13 | 000,005,490 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\{ab4b5718-3998-4a2c-91ae-18a7c2db513e}.xpi
[2013/10/09 23:05:55 | 000,915,554 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/04/04 04:15:44 | 000,714,654 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/10/01 06:02:25 | 000,282,570 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/05/28 15:04:37 | 000,002,552 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\searchplugins\aol-search.xml
[2013/11/15 16:08:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/11/15 16:08:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/11/15 16:08:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/11/15 16:08:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/11/15 16:08:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/15 16:08:45 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/12/07 09:18:02 | 000,000,741 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {3049C3E9-B461-)Please wait scanning download directoriesCHINE - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\Toolbar\ShellBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BellSouthAlertManager.exe] C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe (BellSouth)
O4 - HKLM..\Run: [BellSouthWCC_McciTrayApp] C:\Program Files\BellSouthWCC\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [HelpCenter4.1] C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008..\Run: [] File not found
O4 - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = B1 00 00 00 [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = B1 00 00 00 [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O8 - Extra context menu item: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopet...v/GoPetsWeb.cab (GoPetsWeb Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4F10B1A-FB37-460E-AE80-48CD901D475C}: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9674092-538B-4B3A-98C7-144EF052819F}: DhcpNameServer = 192.168.1.254 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\MY DOCUMENTS\PROCESSEXPLORER\PROCEXP.EXE (Sysinternals - www.sysinternals.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/28 09:57:44 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 23:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{489d45bb-311d-11e1-94d1-000f66ef5b22}\Shell\AutoRun\command - "" = M:\setupSNK.exe
O33 - MountPoints2\{a6916568-31c7-11e1-94d2-000f66ef5b22}\Shell\AutoRun\command - "" = L:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: kfkya - C:\WINDOWS\system32\cwlfb.dll File not found
NetSvcs: awkxzbde - C:\WINDOWS\system32\cwlfb.dll File not found
NetSvcs: yhfixnoho - C:\WINDOWS\system32\cwlfb.dll File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/12/10 02:23:37 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/06 23:36:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\tdsskiller
[2013/12/06 23:31:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\OTL.exe
[2013/12/06 23:22:58 | 000,398,752 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\HP_Administrator\My Documents\unhide.exe
[2013/12/06 21:34:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\RK_Quarantine
[2013/12/05 01:54:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Recent
[2013/11/29 22:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Python 2.2
[2013/11/29 17:07:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\MultiBit
[2013/11/29 17:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\MultiBit-0.5.15
[2013/11/29 17:06:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MultiBit
[2013/11/15 16:08:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2006/09/24 20:01:22 | 000,014,336 | ---- | C] (Valhalla Legends) -- C:\Program Files\DxWnd.exe
[2006/09/24 20:01:18 | 000,041,472 | ---- | C] (Valhalla Legends) -- C:\Program Files\Standard.dxw
[2006/09/24 20:01:16 | 000,012,288 | ---- | C] (Valhalla Legends) -- C:\Program Files\IpBind.dxw
[2006/09/24 20:01:14 | 000,041,984 | ---- | C] (Valhalla Legends) -- C:\Program Files\DxWndSrv.dll
[2004/02/10 22:59:12 | 000,026,624 | ---- | C] (Valhalla Legends) -- C:\Program Files\ScWnd.hdl
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/11 02:37:19 | 000,000,189 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2013/12/11 02:32:54 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/11 02:31:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/11 02:31:48 | 2675,298,304 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/11 02:26:04 | 001,226,802 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\adwcleaner.exe
[2013/12/11 02:21:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/10 06:56:57 | 000,144,896 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/12/10 02:12:39 | 000,840,264 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\pbsvc.exe
[2013/12/07 06:49:48 | 000,000,026 | ---- | M] () -- C:\WINDOWS\ExplorerXP.INI
[2013/12/06 23:31:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\OTL.exe
[2013/12/06 23:22:55 | 000,398,752 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\HP_Administrator\My Documents\unhide.exe
[2013/12/06 21:33:38 | 003,580,416 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\RogueKiller.exe
[2013/12/05 14:41:04 | 000,090,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013/12/05 01:21:47 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/12/03 14:55:51 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/29 17:06:59 | 000,001,451 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MultiBit 0.5.15.lnk
[2013/11/29 17:05:42 | 009,265,368 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\multibit-0.5.15-windows-setup.exe
[2013/11/26 01:16:21 | 000,137,208 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013/11/26 01:16:21 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/11 02:26:01 | 001,226,802 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\adwcleaner.exe
[2013/12/10 02:12:45 | 000,840,264 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\pbsvc.exe
[2013/12/06 21:33:28 | 003,580,416 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\RogueKiller.exe
[2013/12/01 15:16:47 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/01 15:16:46 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/29 17:06:59 | 000,001,451 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MultiBit 0.5.15.lnk
[2013/11/29 17:04:03 | 009,265,368 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\multibit-0.5.15-windows-setup.exe
[2013/09/10 23:42:18 | 000,000,754 | ---- | C] () -- C:\WINDOWS\wordpad.INI
[2013/05/17 02:12:18 | 000,125,440 | ---- | C] () -- C:\WINDOWS\System32\lua5.1a.dll
[2013/04/14 05:15:47 | 000,205,064 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/07 16:23:58 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PnkBstrK.sys
[2008/11/11 22:57:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\~gep2~
[2007/10/22 16:48:52 | 000,144,896 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/21 04:59:10 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2006/09/24 20:01:20 | 000,007,168 | ---- | C] () -- C:\Program Files\Starcraft.dxw

========== ZeroAccess Check ==========

[2005/01/28 04:37:18 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/03/02 18:04:03 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2005/04/28 09:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterMute
[2005/04/28 09:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2007/10/21 15:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BellSouth
[2013/12/11 02:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitMeterOS
[2009/11/11 12:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/11/11 13:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2013/05/28 15:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2010/10/24 01:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2012/03/16 22:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2008/08/06 22:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/08/21 20:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia
[2009/04/04 22:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/23 23:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/13 13:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/12 01:45:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2005/04/28 09:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterMute
[2005/04/28 09:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/13 19:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/13 19:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2008/04/13 19:11:50 | 000,077,824 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/13 19:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 19:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2008/04/13 19:11:52 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/13 19:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2008/04/13 19:12:05 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/13 19:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2008/04/13 19:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 19:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 19:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 19:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/13 19:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2008/04/13 19:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 19:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 19:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 19:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/13 19:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2008/04/13 19:12:07 | 000,096,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2008/04/13 19:12:05 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/13 19:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 19:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 19:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2008/04/13 19:12:05 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/13 19:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/13 19:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/13 19:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/13 19:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/05/19 01:57:42 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/13 19:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 07:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/13 19:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/13 19:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2008/04/13 19:12:09 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/10 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SERVICES >
[2004/08/10 13:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES._ >
[2004/08/10 07:00:00 | 000,001,989 | ---- | M] () MD5=29BB3BBBE3D49156A42BFB3DD000F554 -- C:\WINDOWS\I386\SERVICES._

< MD5 for: SERVICES.EX_ >
[2004/08/10 07:00:00 | 000,049,955 | ---- | M] () MD5=85A738BA493104ED103B26CADEB8B543 -- C:\WINDOWS\I386\SERVICES.EX_

< MD5 for: SERVICES.EXE >
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/10 07:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SERVICES.JSM >
[2012/03/10 18:30:24 | 000,006,317 | ---- | M] () MD5=C698274FE1590498B56DEDB947AEFF16 -- C:\Program Files\TuneUpMedia\xre\modules\Services.jsm

< MD5 for: SERVICES.LNK >
[2009/06/28 05:17:51 | 000,001,613 | ---- | M] () MD5=F0DEEED3DA9606C46F39E6602500DADF -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MS_ >
[2004/08/10 07:00:00 | 000,003,649 | ---- | M] () MD5=64E9F61D2ED093C361862DE36433B5E1 -- C:\WINDOWS\I386\SERVICES.MS_

< MD5 for: SERVICES.MSC >
[2004/08/10 07:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/10 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/10 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/10 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 498 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF

< End of report >
  • 0

#8
Valinorum
Posted 12 December 2013 - 05:00 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Hi SunnySeven, :)

  • Step #4 Fix with OTL
  • Re-run OTL by right clicking and choosing Run as administrator;
  • Under the Custom Scans/Fixes Box copy and paste the following contents inside the quote box. (Do not include the word 'quote').

    :Commands
    [createrestorepoint]

    :OTL
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    O2 - BHO: (no name) - {3049C3E9-B461-)Please wait scanning download directoriesCHINE - No CLSID value found.
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found
    O3 - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\Toolbar\ShellBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
    O4 - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008..\Run: [] File not found
    O4 - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
    O15 - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
    O32 - AutoRun File - [2004/04/30 23:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
    O33 - MountPoints2\{489d45bb-311d-11e1-94d1-000f66ef5b22}\Shell\AutoRun\command - "" = M:\setupSNK.exe
    O33 - MountPoints2\{a6916568-31c7-11e1-94d2-000f66ef5b22}\Shell\AutoRun\command - "" = L:\setupSNK.exe
    @Alternate Data Stream - 498 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF

    :Files
    C:\Program Files\Pando Networks

    :Commands
    [emptytemp]

  • Click on "Run Fix" and let the program run unhindered;
  • Your PC will reboot automatically and a log will be opened;
  • Please post it in your next reply.

 

  • Step #5 Scan with RogueKillerDownload link for 64 bit system
  • Let the pre-scan finish. After that click on Scan;
  • The scan won't take long;
  • A log has been created on your Desktop;
  • Copy and paste the content of the log in your next reply.

 

How is your system running?

  • Required Log(s):
  • OTL Fix Log;
  • RogueKiller Report

Regards,
Valinorum
  • 0

#9
SunnySeven
Posted 12 December 2013 - 06:25 AM

SunnySeven

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Welp, my system seems to be running the same, don't see any changes yet. Only way to test it if I go idle for a bit. So I'm gunna run a full Malwarebytes scan and see if anything comes up from Avira and maybe a full Avira scan too.


Here's the OTL logs:


OTL logfile created on: 12/12/2013 6:49:05 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.49 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 72.98% Memory free
6.07 Gb Paging File | 5.50 Gb Available in Paging File | 90.68% Paging File free
Paging file location(s): C:\pagefile.sys 3820 7640 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.30 Gb Total Space | 62.65 Gb Free Space | 35.14% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 1.43 Gb Free Space | 17.82% Space Free | Partition Type: FAT32

Computer Name: BAM | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\HP_Administrator\My Documents\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Codebox\BitMeterOS\BitMeterCaptureService.exe ()
PRC - C:\Program Files\Codebox\BitMeterOS\BitMeterWebService.exe ()
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\BellSouth\HelpCenter40b\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe (BellSouth)
PRC - C:\Program Files\BellSouthWCC\McciTrayApp.exe (Motive Communications, Inc.)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)
PRC - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe (Hewlett-Packard)
PRC - C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Program Files\Codebox\BitMeterOS\BitMeterCaptureService.exe ()
MOD - C:\Program Files\Codebox\BitMeterOS\BitMeterWebService.exe ()
MOD - C:\WINDOWS\system32\sqlite3.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\bwfiles.dll ()
MOD - C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\FrExt.dll ()
MOD - C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\clntutil.dll ()
MOD - C:\Program Files\Updates from HP\309731\Program\frext-309731.dll ()
MOD - C:\Program Files\Updates from HP\309731\Program\BWfiles-309731.dll ()
MOD - C:\Program Files\Updates from HP\309731\Program\HPClientExt.dll ()
MOD - c:\Program Files\HP\Digital Imaging\bin\HpqUtil.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()


========== Services (SafeList) ==========

SRV - (yhfixnoho) -- C:\WINDOWS\system32\cwlfb.dll File not found
SRV - (kfkya) -- C:\WINDOWS\system32\cwlfb.dll File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (awkxzbde) -- C:\WINDOWS\system32\cwlfb.dll File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (BitMeterCaptureService) -- C:\Program Files\Codebox\BitMeterOS\BitMeterCaptureService.exe ()
SRV - (BitMeterWebService) -- C:\Program Files\Codebox\BitMeterOS\BitMeterWebService.exe ()
SRV - (npggsvc) -- C:\WINDOWS\system32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (XDva405) -- C:\WINDOWS\system32\XDva405.sys File not found
DRV - (XDva402) -- C:\WINDOWS\system32\XDva402.sys File not found
DRV - (XDva401) -- C:\WINDOWS\system32\XDva401.sys File not found
DRV - (XDva399) -- C:\WINDOWS\system32\XDva399.sys File not found
DRV - (XDva398) -- C:\WINDOWS\system32\XDva398.sys File not found
DRV - (XDva351) -- C:\WINDOWS\system32\XDva351.sys File not found
DRV - (XDva288) -- C:\WINDOWS\system32\XDva288.sys File not found
DRV - (XDva279) -- C:\WINDOWS\system32\XDva279.sys File not found
DRV - (XDva275) -- C:\WINDOWS\system32\XDva275.sys File not found
DRV - (XDva190) -- C:\WINDOWS\system32\XDva190.sys File not found
DRV - (XDva164) -- C:\WINDOWS\system32\XDva164.sys File not found
DRV - (XDva090) -- C:\WINDOWS\system32\XDva090.sys File not found
DRV - (WDICA) -- File not found
DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (VMnetAdapter) -- system32\DRIVERS\vmnetadapter.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (npkcrypt) -- C:\Nexon\MapleStory\npkcrypt.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (EagleXNt) -- C:\WINDOWS\system32\drivers\EagleXNt.sys File not found
DRV - (EagleNT) -- C:\WINDOWS\system32\drivers\EagleNT.sys File not found
DRV - (Changer) -- File not found
DRV - (a22l6ahq) -- File not found
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Almico Software)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (PcdrNdisuio) -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys (Windows ® 2000 DDK provider)
DRV - (NPPTNT2) -- C:\WINDOWS\system32\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (MRENDIS5) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
DRV - (MREMPR5) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider)
DRV - (fasttx2k) -- C:\WINDOWS\system32\drivers\Fasttx2k.sys (Promise Technology, Inc.)
DRV - (m4301a) -- C:\WINDOWS\system32\drivers\m4301A.sys (ALinx Corporation)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (USBIO) -- C:\WINDOWS\system32\drivers\usbio.sys (Thesycon GmbH, Germany)
DRV - (dsreader) -- C:\WINDOWS\system32\drivers\dsreader.sys (Thesycon GmbH, Germany)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...arm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...arm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...arm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...arm1=seconduser
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...arm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...arm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...arm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...arm1=seconduser
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...lion&pf=desktop
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...lion&pf=desktop
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\SearchScopes\{07CDF6CF-81A3-473E-A44B-C85FE997E245}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\SearchScopes\{546216CA-FCE2-4483-8CD9-D99C3AB0319E}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://forecast.weat... AL 36869, USA"
FF - prefs.js..extensions.enabledAddons: exportcookies%40aag:1.2
FF - prefs.js..extensions.enabledAddons: translator%40zoli.bod:2.1.0.3
FF - prefs.js..extensions.enabledAddons: %7B600452e8-6851-46db-80fd-fa571b2deaa7%7D:0.7
FF - prefs.js..extensions.enabledAddons: bossknb%40ttt-jl.blogspot.com:3.0
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7B54BB9F3F-07E5-486c-9B39-C7398B99391C%7D:4.1.2013040601
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.2.1
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: %7B4176DFF4-4698-11DE-BEEB-45DA55D89593%7D:0.8.38
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.12
FF - prefs.js..extensions.enabledAddons: %7BFF2FA6A4-B3B1-11DD-B910-6C9A55D89593%7D:0.51
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.8.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: ""
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll (Veoh Networks Inc)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\HP_Administrator\Application Data\nprhapengine.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/11/15 16:08:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/11/15 16:08:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\VideoFinder4 [2008/04/07 20:12:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2009/07/25 15:41:54 | 000,000,000 | ---D | M]

[2008/06/20 23:52:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2013/12/05 02:05:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions
[2013/08/27 13:29:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/10/20 14:03:16 | 000,000,000 | ---D | M] (Bazzacuda Image Saver Plus) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\{FF2FA6A4-B3B1-11DD-B910-6C9A55D89593}
[2013/05/21 02:12:40 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\[email protected]
[2013/02/02 05:57:04 | 000,011,503 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\[email protected]
[2012/11/01 20:12:19 | 000,002,060 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\[email protected]
[2013/10/03 23:05:51 | 000,026,163 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\[email protected]
[2012/10/27 02:18:47 | 000,060,290 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\[email protected]
[2013/09/11 05:48:36 | 000,222,585 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi
[2013/04/13 19:36:40 | 000,307,011 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi
[2011/10/14 10:54:06 | 000,012,128 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\{600452e8-6851-46db-80fd-fa571b2deaa7}.xpi
[2013/12/05 02:05:03 | 000,535,138 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/06/24 12:11:13 | 000,005,490 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\{ab4b5718-3998-4a2c-91ae-18a7c2db513e}.xpi
[2013/10/09 23:05:55 | 000,915,554 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/04/04 04:15:44 | 000,714,654 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/10/01 06:02:25 | 000,282,570 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/05/28 15:04:37 | 000,002,552 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\searchplugins\aol-search.xml
[2013/11/15 16:08:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/11/15 16:08:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/11/15 16:08:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/11/15 16:08:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/11/15 16:08:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/15 16:08:45 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/12/07 09:18:02 | 000,000,741 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {3049C3E9-B461-)Please wait scanning download directoriesCHINE - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\Toolbar\ShellBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BellSouthAlertManager.exe] C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe (BellSouth)
O4 - HKLM..\Run: [BellSouthWCC_McciTrayApp] C:\Program Files\BellSouthWCC\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [HelpCenter4.1] C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008..\Run: [] File not found
O4 - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = B1 00 00 00 [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = B1 00 00 00 [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O8 - Extra context menu item: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2436671033-2409518306-1194941226-1008\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopet...v/GoPetsWeb.cab (GoPetsWeb Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4F10B1A-FB37-460E-AE80-48CD901D475C}: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9674092-538B-4B3A-98C7-144EF052819F}: DhcpNameServer = 192.168.1.254 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\MY DOCUMENTS\PROCESSEXPLORER\PROCEXP.EXE (Sysinternals - www.sysinternals.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/28 09:57:44 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{489d45bb-311d-11e1-94d1-000f66ef5b22}\Shell\AutoRun\command - "" = M:\setupSNK.exe
O33 - MountPoints2\{a6916568-31c7-11e1-94d2-000f66ef5b22}\Shell\AutoRun\command - "" = L:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/12 06:33:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/12/10 02:23:37 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/06 23:36:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\tdsskiller
[2013/12/06 23:31:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\OTL.exe
[2013/12/06 23:22:58 | 000,398,752 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\HP_Administrator\My Documents\unhide.exe
[2013/12/06 21:34:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\RK_Quarantine
[2013/12/05 01:54:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Recent
[2013/11/29 22:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Python 2.2
[2013/11/29 17:07:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\MultiBit
[2013/11/29 17:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\MultiBit-0.5.15
[2013/11/29 17:06:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MultiBit
[2013/11/15 16:08:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2006/09/24 20:01:22 | 000,014,336 | ---- | C] (Valhalla Legends) -- C:\Program Files\DxWnd.exe
[2006/09/24 20:01:18 | 000,041,472 | ---- | C] (Valhalla Legends) -- C:\Program Files\Standard.dxw
[2006/09/24 20:01:16 | 000,012,288 | ---- | C] (Valhalla Legends) -- C:\Program Files\IpBind.dxw
[2006/09/24 20:01:14 | 000,041,984 | ---- | C] (Valhalla Legends) -- C:\Program Files\DxWndSrv.dll
[2004/02/10 22:59:12 | 000,026,624 | ---- | C] (Valhalla Legends) -- C:\Program Files\ScWnd.hdl
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/12 06:45:15 | 000,000,189 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2013/12/12 06:41:03 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/12 06:40:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/12 06:40:25 | 2675,298,304 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/12 06:21:52 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/11 02:26:04 | 001,226,802 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\adwcleaner.exe
[2013/12/10 06:56:57 | 000,144,896 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/12/10 02:12:39 | 000,840,264 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\pbsvc.exe
[2013/12/07 06:49:48 | 000,000,026 | ---- | M] () -- C:\WINDOWS\ExplorerXP.INI
[2013/12/06 23:31:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\OTL.exe
[2013/12/06 23:22:55 | 000,398,752 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\HP_Administrator\My Documents\unhide.exe
[2013/12/06 21:33:38 | 003,580,416 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\RogueKiller.exe
[2013/12/05 14:41:04 | 000,090,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013/12/05 01:21:47 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/12/03 14:55:51 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/29 17:06:59 | 000,001,451 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MultiBit 0.5.15.lnk
[2013/11/29 17:05:42 | 009,265,368 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\multibit-0.5.15-windows-setup.exe
[2013/11/26 01:16:21 | 000,137,208 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013/11/26 01:16:21 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/11 02:26:01 | 001,226,802 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\adwcleaner.exe
[2013/12/10 02:12:45 | 000,840,264 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\pbsvc.exe
[2013/12/06 21:33:28 | 003,580,416 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\RogueKiller.exe
[2013/12/01 15:16:47 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/01 15:16:46 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/29 17:06:59 | 000,001,451 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MultiBit 0.5.15.lnk
[2013/11/29 17:04:03 | 009,265,368 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\multibit-0.5.15-windows-setup.exe
[2013/09/10 23:42:18 | 000,000,754 | ---- | C] () -- C:\WINDOWS\wordpad.INI
[2013/05/17 02:12:18 | 000,125,440 | ---- | C] () -- C:\WINDOWS\System32\lua5.1a.dll
[2013/04/14 05:15:47 | 000,205,064 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/07 16:23:58 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PnkBstrK.sys
[2008/11/11 22:57:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\~gep2~
[2007/10/22 16:48:52 | 000,144,896 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/21 04:59:10 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2006/09/24 20:01:20 | 000,007,168 | ---- | C] () -- C:\Program Files\Starcraft.dxw

========== ZeroAccess Check ==========

[2005/01/28 04:37:18 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/03/02 18:04:03 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2005/04/28 09:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterMute
[2005/04/28 09:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2007/10/21 15:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BellSouth
[2013/12/12 06:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitMeterOS
[2009/11/11 12:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/11/11 13:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2013/05/28 15:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2010/10/24 01:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2012/03/16 22:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2008/08/06 22:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/08/21 20:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia
[2009/04/04 22:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/23 23:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/13 13:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/12 01:45:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2005/04/28 09:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterMute
[2005/04/28 09:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 498 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF

< End of report >





And here's the RogueKiller logs:



RogueKiller V8.7.11 [Dec 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : HP_Administrator [Admin rights]
Mode : Scan -- Date : 12/12/2013 06:47:16
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] ALCWZRD.EXE -- C:\WINDOWS\ALCWZRD.EXE [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[41] : NtCreateKey @ 0x8061A330 -> HOOKED (Unknown @ 0xBAF31CFE)
[Address] SSDT[50] : NtCreateSection @ 0x805A076C -> HOOKED (Unknown @ 0xBAF31D4E)
[Address] SSDT[53] : NtCreateThread @ 0x805C7294 -> HOOKED (Unknown @ 0xBAF31CF4)
[Address] SSDT[63] : NtDeleteKey @ 0x8061A7C0 -> HOOKED (Unknown @ 0xBAF31D03)
[Address] SSDT[65] : NtDeleteValueKey @ 0x8061A990 -> HOOKED (Unknown @ 0xBAF31D0D)
[Address] SSDT[98] : NtLoadKey @ 0x8061C52C -> HOOKED (Unknown @ 0xBAF31D12)
[Address] SSDT[122] : NtOpenProcess @ 0x805C1322 -> HOOKED (Unknown @ 0xBAF31CE0)
[Address] SSDT[128] : NtOpenThread @ 0x805C15AE -> HOOKED (Unknown @ 0xBAF31CE5)
[Address] SSDT[193] : NtReplaceKey @ 0x8061C3DC -> HOOKED (Unknown @ 0xBAF31D1C)
[Address] SSDT[204] : NtRestoreKey @ 0x8061BCE8 -> HOOKED (Unknown @ 0xBAF31D17)
[Address] SSDT[247] : NtSetValueKey @ 0x806188B6 -> HOOKED (Unknown @ 0xBAF31D08)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3200822AS +++++
--- User ---
[MBR] b7ed535f510e2322b581a5a9a100d7fd
[BSP] 8a7884da59e414827f91c43dcf324e78 : Toshiba MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 8202 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16798320 | Size: 182576 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_12122013_064716.txt >>
  • 0

#10
Valinorum
Posted 12 December 2013 - 06:40 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
I need the OTL Fix Log. It is located in C:\_OTL\Moved Files\logname.log. Please post that as well. Are you facing any issue?
  • 0

Advertisements

#11
SunnySeven
Posted 12 December 2013 - 02:58 PM

SunnySeven

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Avria still keeps saying TR/Cytpt.XPACK.Gen8 is showing up. MalwareBytes never seems to find anything, I think do to Avria keeps getting rid of it before MalwareBytes finds anything. TR/Cytpt.XPACK.Gen8 seems to come up every hour or so of idle time and also 2 during a MalwareBytes scan. Other than that though I haven't seen any PUP.Optional in awhile now.


I think this is the fix logs:


All processes killed
========== COMMANDS ==========
System Restore Service not available.
========== OTL ==========
Registry delete failed. HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ scheduled to be deleted on reboot.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-)Please wait scanning download directoriesCHINE\ scheduled to be deleted on reboot.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3049C3E9-B461-)Please wait scanning download directoriesCHINE\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E}\ scheduled to be deleted on reboot.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ scheduled to be deleted on reboot.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ scheduled to be deleted on reboot.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Registry delete failed. HKEY_USERS\S-1-5-21-2436671033-2409518306-1194941226-1008\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} scheduled to be deleted on reboot.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry delete failed. HKEY_USERS\S-1-5-21-2436671033-2409518306-1194941226-1008\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} scheduled to be deleted on reboot.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
Registry delete failed. HKEY_USERS\S-1-5-21-2436671033-2409518306-1194941226-1008\Software\Microsoft\Windows\CurrentVersion\Run\\ scheduled to be deleted on reboot.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Registry delete failed. HKEY_USERS\S-1-5-21-2436671033-2409518306-1194941226-1008\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite scheduled to be deleted on reboot.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
File move failed. C:\Program Files\DAEMON Tools Lite\DTLite.exe scheduled to be moved on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck scheduled to be deleted on reboot.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
File move failed. C:\WINDOWS\Downloaded Program Files\erma.inf scheduled to be moved on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ scheduled to be deleted on reboot.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry delete failed. HKEY_USERS\S-1-5-21-2436671033-2409518306-1194941226-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ scheduled to be deleted on reboot.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
D:\AUTOEXEC.BAT moved successfully.
D:\Autorun.inf moved successfully.
Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{489d45bb-311d-11e1-94d1-000f66ef5b22}\ scheduled to be deleted on reboot.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{489d45bb-311d-11e1-94d1-000f66ef5b22}\ not found.
File M:\setupSNK.exe not found.
Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6916568-31c7-11e1-94d2-000f66ef5b22}\ scheduled to be deleted on reboot.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6916568-31c7-11e1-94d2-000f66ef5b22}\ not found.
File L:\setupSNK.exe not found.
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF .
========== FILES ==========
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Folder move failed. C:\Program Files\Pando Networks scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
->Temp folder emptied: 18090 bytes
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: Default User
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
->Temp folder emptied: 18090 bytes
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
->Temporary Internet Files folder emptied: 32902 bytes

User: HP_Administrator

User: LocalService
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
->Temp folder emptied: 65984 bytes
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
->Temporary Internet Files folder emptied: 12937133 bytes
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
->FireFox cache emptied: 3781175 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
->Temporary Internet Files folder emptied: 1244766155 bytes

%systemdrive% .tmp files removed: 0 bytes
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
%systemroot% .tmp files removed: 0 bytes
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Windows Temp folder emptied: 105757907 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,304.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12122013_063309
  • 0

#12
Valinorum
Posted 14 December 2013 - 08:10 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Disable your anti-virus to avoid potential conflicts. For more information please acknowledge yourself this article.
After that redo Step# 4 and post only the OTL Fix Log. Re-enable your anti-virus after that.
  • 0

#13
SunnySeven
Posted 14 December 2013 - 01:34 PM

SunnySeven

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Hello, I'm still getting the exact same logs even with my antivirus turned off. When OTL finishes and saids, "click ok to reboot", it doesn't reboot automatically. Should I just go ahead and uninstall Avria? Or maybe kill all avira realated processes?

Edited by SunnySeven, 14 December 2013 - 02:34 PM.

  • 0

#14
Valinorum
Posted 14 December 2013 - 10:44 PM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Hi SunnySeven, :)

Let's take a different approach.

  • Step #6 Scan with Farbar Recovery Scan Tool
    • Please download Farbar Recovery Scan Tool by Farbar to your Desktop from the link below.
      Download link for 32 bit system
      Download link for 64 bit system
    • Right-click on the program and choose Run as administrator;
    • Put tick-mark on all boxes under Whitelist and Optional Scan;
    • Click on Scan;
    • After the scan two notepad files will be opened --
    • FRST.txt;
    • Addition.txt
  • Copy and Paste the contents of the logs in your next reply.

 

  • Required Log(s):
  • Farbar Recovery Scan Tool Log(s) --
  • FRST.txt;
  • Addition.txt
[/list]
Regards,
Valinorum
  • 0

#15
SunnySeven
Posted 15 December 2013 - 01:51 AM

SunnySeven

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Hey, so when I tried to run Farbar Recovery Scan Tool as administrator I got an error saying, "Unable to open script file", so I had to open it the normal way.

Here's the FRST logs:



Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-12-2013 01
Ran by HP_Administrator (administrator) on BAM on 15-12-2013 02:41:50
Running from C:\Documents and Settings\HP_Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\Codebox\BitMeterOS\BitMeterCaptureService.exe
() C:\Program Files\Codebox\BitMeterOS\BitMeterWebService.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehRecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Motive Communications, Inc.) C:\Program Files\BellSouthWCC\McciTrayApp.exe
(BellSouth) C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe
(SupportSoft, Inc.) C:\Program Files\BellSouth\HelpCenter40b\bin\sprtcmd.exe
(Hewlett-Packard) C:\WINDOWS\system32\hphmon06.exe
(RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTLite.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
(WinZip Computing LP) C:\Program Files\WinZip\WZQKPICK.EXE
(Hewlett-Packard Company) C:\hp\KBD\KBD.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(Realtek Semiconductor Corp.) C:\WINDOWS\ALCMTR.EXE
(RealTek Semicoductor Corp.) C:\WINDOWS\ALCWZRD.EXE
(Agere Systems) C:\WINDOWS\AGRSMMSG.exe
(Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ehTray] - C:\WINDOWS\ehome\ehtray.exe [59392 2004-08-10] (Microsoft Corporation)
HKLM\...\Run: [High Definition Audio Property Page Shortcut] - C:\WINDOWS\system32\Hdaudpropshortcut.exe [61952 2004-03-18] (Windows ® Server 2003 DDK provider)
HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [HPBootOp] - C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [245760 2005-02-26] (Hewlett-Packard Company)
HKLM\...\Run: [LSBWatcher] - C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe [253952 2004-10-14] (Hewlett-Packard Company)
HKLM\...\Run: [BellSouthWCC_McciTrayApp] - C:\Program Files\BellSouthWCC\McciTrayApp.exe [543232 2005-11-17] (Motive Communications, Inc.)
HKLM\...\Run: [BellSouthAlertManager.exe] - C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe [2061816 2007-01-28] (BellSouth)
HKLM\...\Run: [HelpCenter4.1] - C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1
HKLM\...\Run: [HPHmon06] - C:\WINDOWS\system32\hphmon06.exe [659456 2004-06-07] (Hewlett-Packard)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47392 2010-03-16] (Apple Inc.)
HKLM\...\Run: [fssui] - C:\Program Files\Windows Live\Family Safety\fsui.exe [647528 2010-04-28] (Microsoft Corporation)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [TkBellExe] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe [198160 2009-09-13] (RealNetworks, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [IMJPMIG8.1] - C:\WINDOWS\ime\imjp8_1\imjpmig.exe [208952 2004-08-03] (Microsoft Corporation)
HKLM\...\Run: [IMEKRMIG6.1] - C:\WINDOWS\ime\imkr6_1\imekrmig.exe [44032 2004-08-10] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] - C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE [59392 2004-08-03] ()
HKLM\...\Run: [PHIME2002ASync] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-03] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-03] (Microsoft Corporation)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-26] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxsrvc.dll (Intel Corporation)
HKCU\...\Run: [] - [x]
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [369200 2009-10-30] (DT Soft Ltd)
MountPoints2: {489d45bb-311d-11e1-94d1-000f66ef5b22} - M:\setupSNK.exe
MountPoints2: {a6916568-31c7-11e1-94d2-000f66ef5b22} - L:\setupSNK.exe
IFEO\taskmgr.exe: [Debugger] "C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\MY DOCUMENTS\PROCESSEXPLORER\PROCEXP.EXE"
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
ShortcutTarget: Updates from HP.lnk -> C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe (Hewlett-Packard)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)
BootExecute: autocheck autochk *

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...lion&pf=desktop
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...lion&pf=desktop
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...lion&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...lion&pf=desktop
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {07CDF6CF-81A3-473E-A44B-C85FE997E245} URL = http://search.yahoo....p={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
BHO: No Name - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
Toolbar: HKLM - Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
Toolbar: HKLM - Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopet...v/GoPetsWeb.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default
FF NewTab: user_pref("browser.newtab.url", "");
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF SelectedSearchEngine: Google
FF Homepage: hxxp://forecast.weather.gov/MapClick.php?lat=32.41745100000001&lon=-85.04413039999997&site=all&smap=1&searchresult=Phenix%20City%2C%20AL%2036869%2C%20USA
FF Keyword.URL: user_pref("keyword.URL", "");
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @java.com/DTPlugin,version=1.6.0_37 - C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin: @nexon.net/NxGame - C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @real.com/nppl3260;version=6.0.12.448 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.448 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veoh.com/VeohPlayer - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll (Veoh Networks Inc)
FF Plugin: @veoh.com/VeohTVPlugin - C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll No File
FF Plugin: @veoh.com/VeohWebPlayer - C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF Plugin HKCU: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin HKCU: @real.com/RhapsodyPlayerEngine - C:\Documents and Settings\HP_Administrator\Application Data\nprhapengine.dll No File
FF SearchPlugin: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\searchplugins\aol-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: Xmarks - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\Extensions\[email protected]
FF Extension: No Name - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\Extensions\staged
FF Extension: DownloadHelper - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: Bazzacuda Image Saver Plus - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\Extensions\{FF2FA6A4-B3B1-11DD-B910-6C9A55D89593}
FF Extension: bossknb - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\Extensions\[email protected]
FF Extension: exportcookies - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\Extensions\[email protected]
FF Extension: olddefaultimagestyle - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\Extensions\[email protected]
FF Extension: translator - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\Extensions\[email protected]
FF Extension: aniweatherdefault - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\Extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi
FF Extension: textlink - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\Extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi
FF Extension: pref - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\Extensions\{600452e8-6851-46db-80fd-fa571b2deaa7}.xpi
FF Extension: noscript - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\Extensions\{ab4b5718-3998-4a2c-91ae-18a7c2db513e}.xpi
FF Extension: Adblock Plus - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: dta - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF Extension: greasemonkey - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\91b5e42t.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - c:\program files\real\realplayer\browserrecord\firefox\ext
FF Extension: RealPlayer Browser Record Plugin - c:\program files\real\realplayer\browserrecord\firefox\ext
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\VideoFinder4
FF Extension: Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\VideoFinder4
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder
FF Extension: Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 BitMeterCaptureService; C:\Program Files\Codebox\BitMeterOS\BitMeterCaptureService.exe [85435 2011-11-19] ()
R2 BitMeterWebService; C:\Program Files\Codebox\BitMeterOS\BitMeterWebService.exe [141466 2011-11-19] ()
S4 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [38912 2005-03-17] ()
S3 npggsvc; C:\WINDOWS\system32\GameMon.des [3804120 2011-08-07] (INCA Internet Co., Ltd.)
S3 usprserv; C:\Windows\System32\svchost.exe [14336 2008-04-13] (Microsoft Corporation)
S2 awkxzbde; C:\WINDOWS\system32\cwlfb.dll [x]
R2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
S2 kfkya; C:\WINDOWS\system32\cwlfb.dll [x]
S2 yhfixnoho; C:\WINDOWS\system32\cwlfb.dll [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-11-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-26] (Avira Operations GmbH & Co. KG)
S3 dsreader; C:\Windows\System32\Drivers\dsreader.sys [19677 2001-01-02] (Thesycon GmbH, Germany)
R0 fasttx2k; C:\Windows\System32\DRIVERS\fasttx2k.sys [142336 2003-12-02] (Promise Technology, Inc.)
R2 fssfltr; C:\Windows\System32\DRIVERS\fssfltr_tdi.sys [54760 2010-04-28] (Microsoft Corporation)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [113664 2004-03-18] (Windows ® Server 2003 DDK provider)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [29184 2006-05-30] (http://libusb-win32.sourceforge.net)
R3 m4301a; C:\Windows\System32\DRIVERS\m4301A.sys [83552 2003-08-05] (ALinx Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMPR5; C:\Program Files\Common Files\Motive\MREMPR5.sys [19345 2004-11-22] (Motive, Inc.)
S3 MRENDIS5; C:\Program Files\Common Files\Motive\MRENDIS5.sys [18003 2004-11-22] (Motive, Inc.)
R3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA))
S3 NPPTNT2; C:\WINDOWS\system32\npptNT2.sys [4682 2005-01-04] (INCA Internet Co., Ltd.)
S3 PcdrNdisuio; C:\Windows\System32\DRIVERS\pcdrndisuio.sys [12416 2005-01-19] (Windows ® 2000 DDK provider)
R3 RTL8023xp; C:\Windows\System32\DRIVERS\Rtlnicxp.sys [71168 2004-10-15] (Realtek Semiconductor Corporation )
S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2009-11-11] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
U3 aiv5yitt; C:\Windows\System32\Drivers\aiv5yitt.sys [0 ] (Microsoft Corporation)
S3 EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [x]
S3 EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys [x]
S2 npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [x]
S3 wanatw; system32\DRIVERS\wanatw4.sys [x]
S3 XDva090; \??\C:\WINDOWS\system32\XDva090.sys [x]
S3 XDva164; \??\C:\WINDOWS\system32\XDva164.sys [x]
S3 XDva190; \??\C:\WINDOWS\system32\XDva190.sys [x]
S3 XDva275; \??\C:\WINDOWS\system32\XDva275.sys [x]
S3 XDva279; \??\C:\WINDOWS\system32\XDva279.sys [x]
S3 XDva288; \??\C:\WINDOWS\system32\XDva288.sys [x]
S3 XDva351; \??\C:\WINDOWS\system32\XDva351.sys [x]
S3 XDva398; \??\C:\WINDOWS\system32\XDva398.sys [x]
S3 XDva399; \??\C:\WINDOWS\system32\XDva399.sys [x]
S3 XDva401; \??\C:\WINDOWS\system32\XDva401.sys [x]
S3 XDva402; \??\C:\WINDOWS\system32\XDva402.sys [x]
S3 XDva405; \??\C:\WINDOWS\system32\XDva405.sys [x]

========================== Drivers MD5 =======================

C:\Windows\System32\DRIVERS\ACPI.sys 8FD99680A539792A30E97944FDAECF17
C:\Windows\System32\Drivers\ACPIEC.sys 9859C0F6936E723E4892D7141B1327D5
C:\Windows\System32\drivers\aec.sys 8BED39E3C35D6A489438B8141717A557
C:\Windows\System32\drivers\afd.sys 7E775010EF291DA96AD17CA4B17137D7
C:\Windows\System32\DRIVERS\AGRSM.sys 593AEFC67283D409F34CC1245D00A509
C:\Windows\System32\DRIVERS\arp1394.sys B5B8A80875C1DEDEDA8B02765642C32F
C:\Windows\System32\DRIVERS\asyncmac.sys B153AFFAC761E7F5FCFA822B9C4E97BC
C:\Windows\System32\DRIVERS\atapi.sys 9F3A2F5AA6875C72BF062C712CFA2674
C:\Windows\System32\DRIVERS\atmarpc.sys 9916C1225104BA14794209CFA8012159
C:\Windows\System32\DRIVERS\audstub.sys D9F724AA26C010A217C97606B160ED68
C:\Windows\System32\DRIVERS\avgntflt.sys 6B4362EDB2EB956DF594D9168D179972
C:\Windows\System32\DRIVERS\avipbb.sys C0F13672DEA7BDB40A89414AB0411705
C:\Windows\System32\DRIVERS\avkmgr.sys D8C712305F73CD34D1B344810E522728
C:\Windows\System32\Drivers\Beep.sys DA1F27D85E0D1525F6621372E7B685E9
C:\Windows\System32\Drivers\cbidf2k.sys 90A673FC8E12A79AFBED2576F6A7AAF9
C:\Windows\System32\Drivers\Cdaudio.sys C1B486A7658353D33A10CC15211A873B
C:\Windows\System32\Drivers\Cdfs.sys C885B02847F5D2FD45A24E219ED93B32
C:\Windows\System32\DRIVERS\cdrom.sys 1F4260CC5B42272D71F79E570A27A4FE
C:\Windows\System32\DRIVERS\disk.sys 044452051F3E02E7963599FC8F4F3E25
C:\Windows\System32\drivers\dmboot.sys D992FE1274BDE0F84AD826ACAE022A41
C:\Windows\System32\drivers\dmio.sys 7C824CF7BBDE77D95C08005717A95F6F
C:\Windows\System32\drivers\dmload.sys E9317282A63CA4D188C0DF5E09C6AC5F
C:\Windows\System32\drivers\DMusic.sys 8A208DFCF89792A484E76C40E5F50B45
C:\Windows\System32\drivers\drmkaud.sys 8F5FCFF8E8848AFAC920905FBD9D33C8
C:\Windows\System32\Drivers\dsreader.sys 05A74D2BE6F493C65D7221D1D0E8A23C
C:\Windows\System32\Drivers\Fastfat.sys 38D332A6D56AF32635675F132548343E
C:\Windows\System32\DRIVERS\fasttx2k.sys 1E580770BDECE924494B368AC980749E
C:\Windows\System32\DRIVERS\fdc.sys 92CDD60B6730B9F50F6A1A0C1F8CDC81
C:\Windows\System32\Drivers\Fips.sys D45926117EB9FA946A6AF572FBE1CAA3
C:\Windows\System32\DRIVERS\flpydisk.sys 9D27E7B80BFCDF1CDD9B555862D5E7F0
C:\Windows\System32\drivers\fltmgr.sys B2CF4B0786F8212CB92ED2B50C6DB6B0
C:\Windows\System32\DRIVERS\fssfltr_tdi.sys E0087225B137E57239FF40F8AE82059B
C:\Windows\System32\Drivers\Fs_Rec.sys 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A
C:\Windows\System32\DRIVERS\ftdisk.sys 6AC26732762483366C3969C9E4D2259D
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys ==> MD5 is legit
C:\Windows\System32\giveio.sys 77EBF3E9386DAA51551AF429052D88D0
C:\Windows\System32\DRIVERS\msgpc.sys 0A02C63C8B144BD8C86B103DEE7C86A2
C:\Windows\System32\drivers\HdAudio.sys 160B24FD894E79E71C983EA403A6E6E7
C:\Windows\System32\DRIVERS\HDAudBus.sys 573C7D0A32852B48F3058CFD8026F511
C:\Windows\System32\Drivers\HTTP.sys F6AACF5BCE2893E0C1754AFEB672E5C9
C:\Windows\System32\DRIVERS\i8042prt.sys 4A0B06AA8943C1E332520F7440C0AA30
C:\Windows\System32\DRIVERS\ialmnt5.sys 7C7560001937DD47FE933DE2181227F2
C:\Windows\System32\DRIVERS\imapi.sys 083A052659F5310DD8B6A6CB05EDCF8E
C:\Windows\System32\drivers\RtkHDAud.sys 44792CCBC7B41B42EC068C6416D17DE1
C:\Windows\System32\DRIVERS\intelide.sys B5466A9250342A7AA0CD1FBA13420678
C:\Windows\System32\DRIVERS\intelppm.sys 8C953733D8F36EB2133F5BB58808B66B
C:\Windows\System32\drivers\ip6fw.sys 3BB22519A194418D5FEC05D800A19AD0
C:\Windows\System32\DRIVERS\ipfltdrv.sys 731F22BA402EE4B62748ADAF6363C182
C:\Windows\System32\DRIVERS\ipinip.sys B87AB476DCF76E72010632B5550955F5
C:\Windows\System32\DRIVERS\ipnat.sys CC748EA12C6EFFDE940EE98098BF96BB
C:\Windows\System32\DRIVERS\ipsec.sys 23C74D75E36E7158768DD63D92789A91
C:\Windows\System32\DRIVERS\irenum.sys C93C9FF7B04D772627A3646D89F7BF89
C:\Windows\System32\DRIVERS\isapnp.sys 05A299EC56E52649B1CF2FC52D20F2D7
C:\Windows\System32\DRIVERS\kbdclass.sys 463C1EC80CD17420A542B7F36A36F128
C:\Windows\System32\drivers\kmixer.sys 692BCF44383D056AED41B045A323D378
C:\Windows\System32\Drivers\KSecDD.sys 1705745D900DABF2D89F90EBADDC7517
C:\Windows\System32\DRIVERS\libusb0.sys D1598203B19B4922531A8BD6811547F7
C:\Windows\System32\DRIVERS\m4301A.sys 763A50CE71F03DF16FE3C74A9531F85F
C:\Windows\System32\DRIVERS\mhndrv.sys 7F2F1D2815A6449D346FCCCBC569FBD6
C:\Windows\System32\Drivers\mnmdd.sys 4AE068242760A1FB6E1A44BF4E16AFA6
C:\Windows\System32\Drivers\Modem.sys DFCBAD3CEC1C5F964962AE10E0BCC8E1
C:\Windows\System32\DRIVERS\mouclass.sys 35C9E97194C8CFB8430125F8DBC34D04
C:\Windows\System32\Drivers\MountMgr.sys A80B9A0BAD1B73637DBCBBA7DF72D3FD
C:\Program Files\Common Files\Motive\MREMP50.sys 9BD4DCB5412921864A7AACDEDFBD1923
C:\Program Files\Common Files\Motive\MREMPR5.sys 2BC9E43F55DE8C30FC817ED56D0EE907
C:\Program Files\Common Files\Motive\MRENDIS5.sys 594B9D8194E3F4ECBF0325BD10BBEB05
C:\Program Files\Common Files\Motive\MRESP50.sys 07C02C892E8E1A72D6BF35004F0E9C5E
C:\Windows\System32\DRIVERS\mrxdav.sys 11D42BB6206F33FBB3BA0288D3EF81BD
C:\Windows\System32\DRIVERS\mrxsmb.sys 60AE98742484E7AB80C3C1450E708148
C:\Windows\System32\Drivers\Msfs.sys C941EA2454BA8350021D774DAF0F1027
C:\Windows\System32\drivers\MSKSSRV.sys D1575E71568F4D9E14CA56B7B0453BF1
C:\Windows\System32\drivers\MSPCLOCK.sys 325BB26842FC7CCC1FCCE2C457317F3E
C:\Windows\System32\drivers\MSPQM.sys BAD59648BA099DA4A17680B39730CB3D
C:\Windows\System32\DRIVERS\mssmbios.sys AF5F4F3F14A8EA2C26DE30F7A1E17136
C:\Windows\System32\Drivers\Mup.sys 2F625D11385B1A94360BFC70AAEFDEE1
C:\Windows\System32\Drivers\NDIS.sys 1DF7F42665C94B825322FAE71721130D
C:\Windows\System32\DRIVERS\ndistapi.sys 1AB3D00C991AB086E69DB84B6C0ED78F
C:\Windows\System32\DRIVERS\ndisuio.sys F927A4434C5028758A842943EF1A3849
C:\Windows\System32\DRIVERS\ndiswan.sys EDC1531A49C80614B2CFDA43CA8659AB
C:\Windows\System32\Drivers\NDProxy.sys 6215023940CFD3702B46ABC304E1D45A
C:\Windows\System32\DRIVERS\netbios.sys 5D81CF9A2F1A3A756B66CF684911CDF0
C:\Windows\System32\DRIVERS\netbt.sys 74B2B2F5BEA5E9A3DC021D685551BD3D
C:\Windows\System32\DRIVERS\nic1394.sys E9E47CFB2D461FA0FC75B7A74C6383EA
C:\Windows\System32\Drivers\Npfs.sys 3182D64AE053D6FB034F44B6DEF8034A
C:\WINDOWS\system32\npptNT2.sys 9131FE60ADFAB595C8DA53AD6A06AA31
C:\Windows\System32\Drivers\Ntfs.sys 78A08DD6A8D65E697C18E1DB01C5CDCA
C:\Windows\System32\Drivers\Null.sys 73C1E1F395918BC2C6DD67AF7591A3AD
C:\Windows\System32\DRIVERS\nwlnkflt.sys B305F3FAD35083837EF46A0BBCE2FC57
C:\Windows\System32\DRIVERS\nwlnkfwd.sys C99B3415198D1AAB7227F2C88FD664B9
C:\Windows\System32\DRIVERS\ohci1394.sys CA33832DF41AFB202EE7AEB05145922F
C:\Windows\System32\DRIVERS\parport.sys 5575FAF8F97CE5E713D108C2A58D7C7C
C:\Windows\System32\Drivers\PartMgr.sys BEB3BA25197665D82EC7065B724171C6
C:\Windows\System32\Drivers\ParVdm.sys 70E98B3FD8E963A6A46A2E6247E0BEA1
C:\Windows\System32\DRIVERS\pcdrndisuio.sys 505CBA425DF3BB230F244E1C23221058
C:\Windows\System32\DRIVERS\pci.sys A219903CCF74233761D92BEF471A07B1
C:\Windows\system32\DRIVERS\pciide.sys CCF5F451BB1A5A2A522A76E670000FF0
C:\Windows\System32\Drivers\Pcmcia.sys 9E89EF60E9EE05E3F2EEF2DA7397F1C1
C:\Windows\System32\DRIVERS\raspptp.sys EFEEC01B1D3CF84F16DDD24D9D9D8F99
C:\Windows\System32\DRIVERS\PS2.sys BFFDB363485501A38F0BCA83AEC810DB
C:\Windows\System32\DRIVERS\ptilink.sys 80D317BD1C3DBC5D4FE7B1678C60CADD
C:\Windows\System32\Drivers\PxHelp20.sys E42E3433DBB4CFFE8FDD91EAB29AEA8E
C:\Windows\System32\DRIVERS\rasacd.sys FE0D99D6F31E4FAD8159F690D68DED9C
C:\Windows\System32\DRIVERS\rasl2tp.sys 11B4A627BC9614B885C4969BFA5FF8A6
C:\Windows\System32\DRIVERS\raspppoe.sys 5BC962F2654137C9909C3D4603587DEE
C:\Windows\System32\DRIVERS\raspti.sys FDBB1D60066FCFBB7452FD8F9829B242
C:\Windows\System32\DRIVERS\rdbss.sys 7AD224AD1A1437FE28D89CF22B17780A
C:\Windows\System32\DRIVERS\RDPCDD.sys 4912D5B403614CE99C28420F75353332
C:\Windows\System32\DRIVERS\rdpdr.sys 15CABD0F7C00C47C70124907916AF3F1
C:\Windows\System32\Drivers\RDPWD.sys 6728E45B66F93C08F11DE2E316FC70DD
C:\Windows\System32\DRIVERS\redbook.sys F828DD7E1419B6653894A8F97A0094C5
C:\Windows\System32\DRIVERS\Rtlnicxp.sys 1A2A445E8968B2019E75E08F3A1344FC
C:\Windows\System32\DRIVERS\RTL8139.SYS D507C1400284176573224903819FFDA3
C:\Windows\System32\DRIVERS\secdrv.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Serial.sys CCA207A8896D4C6A0C9CE29A4AE411A7
C:\Windows\System32\Drivers\Sfloppy.sys 8E6B8C671615D126FDC553D1E2DE5562
C:\Windows\System32\speedfan.sys 3FA2E254BFBCE52B3C6F1BF23AAB6911
C:\Windows\System32\drivers\splitter.sys AB8B92451ECB048A4D1DE7C3FFCB4A9F
C:\Windows\System32\Drivers\sptd.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\sr.sys 76BB022C2FB6902FD5BDD4F78FC13A5D
C:\Windows\System32\DRIVERS\srv.sys 3BB03F2BA89D2BE417206C373D2AF17C
C:\Windows\System32\DRIVERS\ssmdrv.sys A36EE93698802CD899F98BFD553D8185
C:\Windows\System32\DRIVERS\swenum.sys 3941D127AEF12E93ADDF6FE6EE027E0F
C:\Windows\System32\drivers\swmidi.sys 8CE882BCC6CF8A62F2B2323D95CB3D01
C:\Windows\System32\drivers\sysaudio.sys 8B83F3ED0F1688B4958F77CD6D2BF290
C:\Windows\System32\DRIVERS\tcpip.sys 9AEFA14BD6B182D61E3119FA5F436D3D
C:\Windows\System32\Drivers\TDPIPE.sys 6471A66807F5E104E4885F5B67349397
C:\Windows\System32\Drivers\TDTCP.sys C56B6D0402371CF3700EB322EF3AAF61
C:\Windows\System32\DRIVERS\termdd.sys 88155247177638048422893737429D9E
C:\Windows\System32\Drivers\Udfs.sys 5787B80C2E3C5E2F56C2A233D91FA2C9
C:\Windows\System32\DRIVERS\update.sys 402DDC88356B1BAC0EE3DD1580C76A31
C:\Windows\System32\DRIVERS\usbccgp.sys 173F317CE0DB8E21322E71B7E60A27E8
C:\Windows\System32\DRIVERS\usbehci.sys 65DCF09D0E37D4C6B11B5B0B76D470A7
C:\Windows\System32\DRIVERS\usbhub.sys 1AB3CDDE553B6E064D2E754EFE20285C
C:\Windows\System32\Drivers\usbio.sys F90D8F845095FCD6924E3D751C04E442
C:\Windows\System32\DRIVERS\USBSTOR.SYS A32426D9B14A089EAA1D922E0C5801A9
C:\Windows\System32\DRIVERS\usbuhci.sys 26496F9DEE2D787FC3E61AD54821FFE6
C:\Windows\System32\drivers\vga.sys 0D3A8FAFCEACD8B7625CD549757A7DF1
C:\Windows\system32\DRIVERS\viaide.sys 3B3EFCDA263B8AC14FDF9CBDD0791B2E
C:\Windows\System32\Drivers\VolSnap.sys 4C8FCB5CC53AAB716D810740FE59D025
C:\Windows\System32\DRIVERS\wanarp.sys E20B95BAEDB550F32DD489265C1DA1F6
C:\Windows\System32\drivers\wdmaud.sys 6768ACF64B18196494413695F0C3A00F
C:\Windows\System32\Drivers\wpdusb.sys D87EA9F191DF6731818FFD93659BADF4
C:\Windows\System32\drivers\ws2ifsl.sys 6ABE6E225ADB5A751622A9CC3BC19CE8
C:\Windows\System32\Drivers\aiv5yitt.sys

==================== NetSvcs (Whitelisted) ===================

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)
NETSVC: kfkya -> C:\WINDOWS\system32\cwlfb.dll ==> No File.
NETSVC: awkxzbde -> C:\WINDOWS\system32\cwlfb.dll ==> No File.
NETSVC: yhfixnoho -> C:\WINDOWS\system32\cwlfb.dll ==> No File.

==================== One Month Created Files and Folders ========

2013-12-15 02:41 - 2013-12-15 02:42 - 00035341 _____ C:\Documents and Settings\HP_Administrator\Desktop\FRST.txt
2013-12-15 02:36 - 2013-12-15 02:36 - 00000000 ____D C:\FRST
2013-12-15 02:31 - 2013-12-15 02:33 - 01060897 _____ (Farbar) C:\Documents and Settings\HP_Administrator\Desktop\FRST.exe
2013-12-12 16:16 - 2013-12-12 16:16 - 00000044 _____ C:\Documents and Settings\HP_Administrator\My Documents\Good Names.txt
2013-12-12 06:55 - 2013-12-12 06:55 - 00089918 _____ C:\Documents and Settings\HP_Administrator\My Documents\OTL.Txt
2013-12-12 06:47 - 2013-12-12 06:47 - 00002314 _____ C:\Documents and Settings\HP_Administrator\Desktop\RKreport[0]_S_12122013_064716.txt
2013-12-12 06:33 - 2013-12-12 06:33 - 00000000 ____D C:\_OTL
2013-12-12 05:58 - 2013-12-12 05:58 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2013-12-11 06:38 - 2013-12-11 06:38 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-12-11 06:38 - 2013-12-11 06:38 - 00000000 _____ C:\WINDOWS\setupact.log
2013-12-11 06:37 - 2013-12-13 01:39 - 00011661 _____ C:\WINDOWS\setupapi.log
2013-12-11 02:26 - 2013-12-11 02:26 - 01226802 _____ C:\Documents and Settings\HP_Administrator\My Documents\adwcleaner.exe
2013-12-10 02:23 - 2013-12-11 02:29 - 00000000 ____D C:\AdwCleaner
2013-12-10 02:12 - 2013-12-10 02:12 - 00840264 _____ C:\Documents and Settings\HP_Administrator\My Documents\pbsvc.exe
2013-12-08 00:05 - 2013-12-08 00:05 - 00070646 _____ C:\Documents and Settings\HP_Administrator\My Documents\Extras.Txt
2013-12-07 23:56 - 2013-12-07 23:56 - 00000156 _____ C:\Documents and Settings\HP_Administrator\My Documents\help.txt
2013-12-06 23:36 - 2013-12-06 23:36 - 00000000 ____D C:\Documents and Settings\HP_Administrator\My Documents\tdsskiller
2013-12-06 23:31 - 2013-12-06 23:31 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\HP_Administrator\My Documents\OTL.exe
2013-12-06 23:22 - 2013-12-06 23:22 - 00398752 _____ (Bleeping Computer, LLC) C:\Documents and Settings\HP_Administrator\My Documents\unhide.exe
2013-12-06 21:34 - 2013-12-06 21:40 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\RK_Quarantine
2013-12-06 21:33 - 2013-12-06 21:33 - 03580416 _____ C:\Documents and Settings\HP_Administrator\My Documents\RogueKiller.exe
2013-12-05 23:14 - 2013-12-05 23:14 - 00000000 __SHD C:\Documents and Settings\NetworkService\IETldCache
2013-12-05 08:03 - 2013-12-14 18:27 - 00016976 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-01 15:16 - 2013-12-15 02:21 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-01 15:16 - 2013-12-14 21:13 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-29 22:41 - 2013-11-29 22:41 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Python 2.2
2013-11-29 17:07 - 2013-11-29 20:50 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\MultiBit
2013-11-29 17:06 - 2013-11-29 17:07 - 00000000 ____D C:\Program Files\MultiBit-0.5.15
2013-11-29 17:06 - 2013-11-29 17:06 - 00001451 _____ C:\Documents and Settings\All Users\Desktop\MultiBit 0.5.15.lnk
2013-11-29 17:06 - 2013-11-29 17:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\MultiBit
2013-11-29 17:04 - 2013-11-29 17:05 - 09265368 _____ C:\Documents and Settings\HP_Administrator\My Documents\multibit-0.5.15-windows-setup.exe
2013-11-15 16:08 - 2013-12-12 03:35 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-15 13:13 - 2013-11-15 13:13 - 00048217 _____ C:\Documents and Settings\HP_Administrator\My Documents\BAM.txt

==================== One Month Modified Files and Folders =======

2013-12-15 02:42 - 2013-12-15 02:41 - 00035341 _____ C:\Documents and Settings\HP_Administrator\Desktop\FRST.txt
2013-12-15 02:42 - 2013-09-16 21:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\BitMeterOS
2013-12-15 02:36 - 2013-12-15 02:36 - 00000000 ____D C:\FRST
2013-12-15 02:33 - 2013-12-15 02:31 - 01060897 _____ (Farbar) C:\Documents and Settings\HP_Administrator\Desktop\FRST.exe
2013-12-15 02:21 - 2013-12-01 15:16 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-14 21:15 - 2007-10-21 04:52 - 00000189 _____ C:\WINDOWS\system\hpsysdrv.DAT
2013-12-14 21:14 - 2005-01-27 21:16 - 00000000 ____D C:\WINDOWS\Registration
2013-12-14 21:13 - 2013-12-01 15:16 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-14 20:55 - 2005-01-28 04:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-14 18:27 - 2013-12-05 08:03 - 00016976 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-14 18:27 - 2007-10-21 04:59 - 00000178 ___SH C:\Documents and Settings\HP_Administrator\ntuser.ini
2013-12-14 18:27 - 2007-10-21 04:59 - 00000000 ____D C:\Documents and Settings\HP_Administrator
2013-12-14 18:27 - 2005-01-28 04:55 - 00032606 _____ C:\WINDOWS\SchedLgU.Txt
2013-12-13 03:18 - 2005-01-27 16:38 - 00000000 __SHD C:\Documents and Settings\All Users\DRM
2013-12-13 01:39 - 2013-12-11 06:37 - 00011661 _____ C:\WINDOWS\setupapi.log
2013-12-12 16:16 - 2013-12-12 16:16 - 00000044 _____ C:\Documents and Settings\HP_Administrator\My Documents\Good Names.txt
2013-12-12 06:55 - 2013-12-12 06:55 - 00089918 _____ C:\Documents and Settings\HP_Administrator\My Documents\OTL.Txt
2013-12-12 06:47 - 2013-12-12 06:47 - 00002314 _____ C:\Documents and Settings\HP_Administrator\Desktop\RKreport[0]_S_12122013_064716.txt
2013-12-12 06:33 - 2013-12-12 06:33 - 00000000 ____D C:\_OTL
2013-12-12 05:58 - 2013-12-12 05:58 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2013-12-12 03:35 - 2013-11-15 16:08 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-11 06:38 - 2013-12-11 06:38 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-12-11 06:38 - 2013-12-11 06:38 - 00000000 _____ C:\WINDOWS\setupact.log
2013-12-11 03:12 - 2013-08-15 01:50 - 00000000 ____D C:\Documents and Settings\HP_Administrator\My Documents\source
2013-12-11 02:29 - 2013-12-10 02:23 - 00000000 ____D C:\AdwCleaner
2013-12-11 02:26 - 2013-12-11 02:26 - 01226802 _____ C:\Documents and Settings\HP_Administrator\My Documents\adwcleaner.exe
2013-12-10 07:39 - 2012-05-31 02:37 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\vlc
2013-12-10 06:56 - 2007-10-22 16:48 - 00144896 _____ C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-10 02:13 - 2010-08-11 13:51 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ãŠCƒAƒŠƒXŒ¶žÙ’c
2013-12-10 02:12 - 2013-12-10 02:12 - 00840264 _____ C:\Documents and Settings\HP_Administrator\My Documents\pbsvc.exe
2013-12-08 15:30 - 2013-01-02 00:50 - 00000000 ____D C:\Program Files\Granado Espada Online
2013-12-08 00:05 - 2013-12-08 00:05 - 00070646 _____ C:\Documents and Settings\HP_Administrator\My Documents\Extras.Txt
2013-12-07 23:56 - 2013-12-07 23:56 - 00000156 _____ C:\Documents and Settings\HP_Administrator\My Documents\help.txt
2013-12-07 18:55 - 2010-12-02 06:06 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2013-12-07 12:54 - 2007-10-23 02:13 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB901017$
2013-12-07 06:49 - 2011-01-20 08:53 - 00000026 _____ C:\WINDOWS\ExplorerXP.INI
2013-12-06 23:36 - 2013-12-06 23:36 - 00000000 ____D C:\Documents and Settings\HP_Administrator\My Documents\tdsskiller
2013-12-06 23:31 - 2013-12-06 23:31 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\HP_Administrator\My Documents\OTL.exe
2013-12-06 23:22 - 2013-12-06 23:22 - 00398752 _____ (Bleeping Computer, LLC) C:\Documents and Settings\HP_Administrator\My Documents\unhide.exe
2013-12-06 21:40 - 2013-12-06 21:34 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\RK_Quarantine
2013-12-06 21:33 - 2013-12-06 21:33 - 03580416 _____ C:\Documents and Settings\HP_Administrator\My Documents\RogueKiller.exe
2013-12-06 16:49 - 2008-09-10 23:32 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB938464_0$
2013-12-05 23:14 - 2013-12-05 23:14 - 00000000 __SHD C:\Documents and Settings\NetworkService\IETldCache
2013-12-05 23:14 - 2005-04-28 08:38 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-12-05 14:41 - 2012-12-17 23:11 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2013-12-05 02:05 - 2011-04-06 22:02 - 00000000 ___RD C:\Documents and Settings\HP_Administrator\My Documents\Dropbox
2013-12-05 02:05 - 2011-04-06 21:56 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\Dropbox
2013-12-05 02:04 - 2009-12-06 14:34 - 00000000 ____D C:\Documents and Settings\HP_Administrator\My Documents\CCleaner saves
2013-12-05 01:54 - 2008-01-16 01:44 - 00000000 ____D C:\WINDOWS\Minidump
2013-12-05 01:21 - 2010-12-27 01:28 - 00000693 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2013-12-05 01:21 - 2009-12-06 03:10 - 00000000 ____D C:\Program Files\CCleaner
2013-12-03 20:26 - 2007-10-22 14:06 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB898461$
2013-12-03 14:55 - 2013-01-07 11:51 - 00000795 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-03 14:55 - 2013-01-07 11:51 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-03 14:55 - 2013-01-07 11:51 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-11-29 22:41 - 2013-11-29 22:41 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Python 2.2
2013-11-29 22:41 - 2005-04-28 08:41 - 00000000 ____D C:\Python22
2013-11-29 20:50 - 2013-11-29 17:07 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\MultiBit
2013-11-29 17:07 - 2013-11-29 17:06 - 00000000 ____D C:\Program Files\MultiBit-0.5.15
2013-11-29 17:06 - 2013-11-29 17:06 - 00001451 _____ C:\Documents and Settings\All Users\Desktop\MultiBit 0.5.15.lnk
2013-11-29 17:06 - 2013-11-29 17:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\MultiBit
2013-11-29 17:05 - 2013-11-29 17:04 - 09265368 _____ C:\Documents and Settings\HP_Administrator\My Documents\multibit-0.5.15-windows-setup.exe
2013-11-26 01:16 - 2012-12-17 23:11 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2013-11-26 01:16 - 2012-12-17 23:11 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2013-11-23 02:52 - 2009-04-24 13:28 - 00000000 ____D C:\Program Files\SpeedFan
2013-11-20 18:41 - 2013-05-15 19:29 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-11-20 18:41 - 2013-05-15 19:29 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-11-20 18:35 - 2007-10-22 14:21 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Adobe
2013-11-17 22:52 - 2012-12-23 23:20 - 00000000 ____D C:\Program Files\JDownloader
2013-11-17 17:24 - 2011-08-14 14:43 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\TS3Client
2013-11-17 17:21 - 2011-08-14 13:49 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\TeamSpeak 3 Client
2013-11-16 13:57 - 2012-05-15 11:39 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-15 13:13 - 2013-11-15 13:13 - 00048217 _____ C:\Documents and Settings\HP_Administrator\My Documents\BAM.txt

Some content of TEMP:
====================
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\IadHide5.dll
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\ntdll_dump.dll
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\sfamcc00001.dll
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tbSof0.dll
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tbuTo2.dll
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\vlc-2.0.8-win32.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================





And here's the Addition logs:


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-12-2013 01
Ran by HP_Administrator at 2013-12-15 02:42:50
Running from C:\Documents and Settings\HP_Administrator\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

“Œ•û’n—ì“a ver 1.00a
7-Zip 9.20
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0)
Adobe Color EU Extra Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Recommended Settings (Version: 1.0)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Adobe Flash Player 11 Plugin (Version: 11.9.900.152)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Photoshop CS3 (Version: 10.0)
Adobe Reader 9.2 (Version: 9.2.0)
Adobe Setup (Version: 1.0)
Adobe Shockwave Player 11.5 (Version: 11.5.1.601)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
Agere Systems PCI Soft Modem
AiO_Scan (Version: 47.0.1.000)
AiOSoftware (Version: 47.0.1.000)
Apple Application Support (Version: 1.5.0)
Apple Mobile Device Support (Version: 3.4.0.25)
Apple Software Update (Version: 2.1.1.116)
ASIO4ALL
AT&T Toolbar
ATT-PRT22
Avira Free Antivirus (Version: 14.0.1.759)
BellSouth Application Management
BellSouth Internet Security - Alert Manager 1.5.11 (Version: 1.5.11)
BellSouth Wireless Connection Tool
BitMeter OS
Blackhawk Striker 2 from HP Media Center (remove only)
Blasterball 2 from HP Media Center (remove only)
Blasterball 2 Holidays from HP Media Center (remove only)
Blasterball 2 Remix from HP Media Center (remove only)
Bonjour (Version: 2.0.4.0)
Bounce Symphony from HP Media Center (remove only)
BufferChm (Version: 45.4.157.000)
CameraDrivers (Version: 4.5.0.211)
CCleaner (Version: 4.08)
Collab
Compatibility Pack for the 2007 Office system (Version: 12.0.6215.1000)
ConvertHelper 2.2
Copy (Version: 45.4.157.000)
COWON Media Center - jetAudio Basic VX (Version: 8.0.17)
CP_AtenaShokunin1Config (Version: 45.4.131.000)
cp_dwSharkTaleAlbums1 (Version: 45.4.157.000)
cp_dwSharkTaleCards1 (Version: 45.4.157.000)
cp_dwShrek2Albums1 (Version: 45.4.157.000)
cp_dwShrek2Cards1 (Version: 45.4.157.000)
CP_PLSBusinessFlyers (Version: 45.4.157.000)
CreativeProjects (Version: 45.4.157.000)
CreativeProjectsTemplates (Version: 45.4.157.000)
Crystal Maze from HP Media Center (remove only)
CueTour (Version: 45.4.157.000)
Destinations (Version: 45.4.157.000)
Director (Version: 45.4.157.000)
DivX Converter (Version: 6.6.1)
DivX Setup (Version: 2.1.2.2)
DocProc (Version: 4.5.0.0)
DocumentViewer (Version: 45.4.157.000)
Dropbox (HKCU Version: 2.0.22)
Easy Internet Sign-up (Version: FE UI-3.2.0.1491)
ExplorerXP (remove only)
FastAccess® DSL Help Center 4.1 (Version: 4.1.19)
Fax (Version: 47.0.1.000)
Final Drive Nitro from HP Media Center (remove only)
FLV Player 2.0 (build 25) (Version: 2.0 (build 25))
Form Fill (Windows Live Toolbar) (Version: 03.01.0146)
Free FLV Converter V 6.93.0 (Version: 6.93.0.0)
Free WMA to MP3 Converter 1.16
GemMaster Mystic
GNU Aspell 0.50-3
Google Update Helper (Version: 1.3.22.3)
Granado Espada Online
GTK+ Runtime 2.12.8 rev a (remove only)
Help and Support Additions (Version: 3.0.5)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HijackThis 2.0.2 (Version: 2.0.2)
HP Boot Optimizer (Version: 1.0.2)
HP Deskjet Printer Preload (Version: 10.1.0)
HP Help and Support 4.0 (Version: 4.00.0025)
HP Image Zone 4.8.6 (Version: 4.8.6)
HP Image Zone for Media Center PC (Version: 1.02.001)
HP Image Zone Plus 4.8.6 (Version: 4.8.6)
HP Photosmart Cameras 4.5 (Version: 4.5)
HP Product Assistant (Version: 2.0.0.0)
HP PSC & OfficeJet 4.7
HP Software Update (Version: 3.0.2.991)
HP Tunes (Version: 2.0.0.0)
HPIZplus450 (Version: 48.2.6.0)
HpSdpAppCoreApp (Version: 3.00.0000)
HPSystemDiagnostics (Version: 1.6.0.0)
IL Download Manager
InstantShare (Version: 45.4.157.000)
Intel® Graphics Media Accelerator Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
InterVideo WinDVD Player (Version: 5.0-B11.776)
iPictDB Windows Live Gallery Plugin (Version: 1.0.0)
IrfanView (remove only) (Version: 4.35)
iTunes (Version: 10.2.0.34)
Java™ 6 Update 37 (Version: 6.0.370)
JDownloader 0.9 (Version: 0.9)
JScreenFix deluxe
Junk Mail filter update (Version: 14.0.8117.416)
KBD
K-Lite Codec Pack 6.7.0 (Full) (Version: 6.7.0)
Learn2 Player (Uninstall Only)
Lexibox Deluxe from HP Media Center (remove only)
LG USB Drivers
LS_HSI (Version: 1.0.22.1)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Map Button (Windows Live Toolbar) (Version: 03.01.0146)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Calculator Plus (Version: 1.0.0)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office Live Add-in 1.3 (Version: 2.0.2313.0)
Microsoft Office Outlook Connector (Version: 12.0.6423.1000)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Plus! Dancer LE (Version: 1.1.0.3522)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3500)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft Search Enhancement Pack (Version: 1.2.123.0)
Microsoft Silverlight (Version: 3.0.50106.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft VC9 runtime libraries (Version: 2.0.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 08.04.0623)
MobileMe Control Panel (Version: 3.0.0.101)
Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 25.0.1)
MSN
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MultiBit 0.5.15 (Version: 0.5.15)
muvee autoProducer 4.0 (Version: 4.00.050)
muvee autoProducer unPlugged - HPD (Version: 1.0.000)
MyDefrag v4.3.1 (Version: 4.0.0.0)
Nexon Game Manager
NVIDIA Drivers
OneCare Advisor (Windows Live Toolbar) (Version: 03.01.0072)
OpenOffice.org Installer 1.0 (Version: 1.0.9221)
Otto
Overball from HP Media Center (remove only)
PanoStandAlone (Version: 45.4.157.000)
PC-Doctor for Windows (Version: 1.06.005)
PDF Settings (Version: 1.0)
Phoenix Assault from HP Media Center (remove only)
PhotoGallery (Version: 45.4.157.000)
Photosmart 320,370,7400,8100,8400 Series (Version: 2.0)
Polar Bowler from HP Media Center (remove only)
Polar Golfer from HP Media Center (remove only)
Popup Blocker (Windows Live Toolbar) (Version: 03.01.0146)
PrintScreen (Version: 43.1.5.000)
PS2
PSPrinters06 (Version: 1.00.0000)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3 (Version: 2.2.3)
QFolder (Version: 1.00.0000)
QuickPar 0.9 (Version: 0.9)
QuickProjects (Version: 43.1.5.000)
QuickTime (Version: 7.69.80.9)
Readme (Version: 47.0.1.000)
RealPlayer
Remove Microsoft Money 2005 installer
Remove Quicken New User Edition installer
Rhapsody Player Engine (Version: 1.0.690)
Scan (Version: 4.5.0.0)
ScannerCopy (Version: 4.5.0.0)
SD Formatter (Version: 2.9.5)
SDFormatter
Segoe UI (Version: 14.0.4327.805)
Shooting Stars Pool from HP Media Center (remove only)
SkinsHP1 (Version: 45.4.157.000)
Slyder from HP Media Center (remove only)
Smart Menus (Windows Live Toolbar) (Version: 03.01.0146)
SMPlayer 0.8.6.0 (Version: 0.8.6.0)
Sonic Encoders (Version: 1.00)
Sonic Express Labeler (Version: 2.0.0)
Sonic MyDVD Plus (Version: 6.1.0)
Sonic RecordNow Audio (Version: 2.0.0)
Sonic RecordNow Copy (Version: 2.0.0)
Sonic RecordNow Data (Version: 2.0.0)
Sonic Update Manager (Version: 3.0.0)
Speccy (Version: 1.23)
SpeedFan (remove only)
Steam (Version: 1.0.0.0)
Tabbed Browsing (Windows Live Toolbar) (Version: 03.01.0146)
TeamSpeak 3 Client (HKCU Version: 3.0.13.1)
Tradewinds from HP Media Center (remove only)
TrayApp (Version: 45.4.157.000)
TuneUp 2.4.6.4 (Version: 2.4.6.4)
Ultra Defragmenter (Version: 6.0.2)
Unload (Version: 4.5.0)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
Updates from HP
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Ventrilo Client (Version: 3.0.4)
Veoh Web Player (Version: 1.1.2.0000)
VeohTV BETA (Version: 3.9.1)
VLC media player 2.0.1 (Version: 2.0.1)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 45.4.157.000)
Windows Driver Package - Sony PSP Type B (11/20/2005 20051120) (Version: 11/20/2005 20051120)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Family Safety (Version: 14.0.8118.427)
Windows Live Favorites for Windows Live Toolbar (Version: 03.01.0146)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Outlook Toolbar (Windows Live Toolbar) (Version: 03.01.0146)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Toolbar (Version: 14.0.8117.416)
Windows Live Toolbar Extension (Windows Live Toolbar) (Version: 03.01.0146)
Windows Live Toolbar Feed Detector (Windows Live Toolbar) (Version: 03.01.0146)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Media Player 10 Hotfix [See KB889858 for more information]
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB890629
Windows XP Media Center Edition 2005 KB895678
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
WinZip (Version: 10.0 (6685))
Wisdom-soft ScreenHunter 5.0 Free

==================== Restore Points =========================

18-09-2013 20:29:37 System Checkpoint
20-09-2013 11:20:49 System Checkpoint
25-09-2013 03:19:31 System Checkpoint
26-09-2013 04:15:32 System Checkpoint
27-09-2013 20:51:08 System Checkpoint
28-09-2013 21:05:56 System Checkpoint
29-09-2013 21:45:44 System Checkpoint
30-09-2013 22:54:19 System Checkpoint
01-10-2013 23:01:09 System Checkpoint
02-10-2013 23:03:07 System Checkpoint
04-10-2013 00:13:54 System Checkpoint
05-10-2013 01:06:30 System Checkpoint
06-10-2013 02:39:58 System Checkpoint
07-10-2013 06:26:34 System Checkpoint
08-10-2013 19:42:44 System Checkpoint
09-10-2013 20:16:34 System Checkpoint
10-10-2013 21:24:34 System Checkpoint
11-10-2013 21:47:37 System Checkpoint
12-10-2013 22:39:12 System Checkpoint
14-10-2013 00:17:19 System Checkpoint
15-10-2013 02:50:47 System Checkpoint
16-10-2013 05:21:03 System Checkpoint
17-10-2013 05:49:24 System Checkpoint
18-10-2013 06:01:48 System Checkpoint
19-10-2013 06:30:22 System Checkpoint
20-10-2013 06:53:43 System Checkpoint
21-10-2013 19:35:20 System Checkpoint
22-10-2013 19:51:25 System Checkpoint
23-10-2013 20:16:02 System Checkpoint
24-10-2013 20:22:03 System Checkpoint
25-10-2013 20:40:44 System Checkpoint
26-10-2013 20:53:57 System Checkpoint
27-10-2013 21:30:01 System Checkpoint
28-10-2013 22:11:04 System Checkpoint
29-10-2013 22:40:48 System Checkpoint
30-10-2013 22:54:41 System Checkpoint
31-10-2013 22:58:48 System Checkpoint
01-11-2013 23:50:04 System Checkpoint
03-11-2013 01:31:33 System Checkpoint
04-11-2013 03:15:45 System Checkpoint
05-11-2013 04:12:22 System Checkpoint
06-11-2013 04:59:17 System Checkpoint
07-11-2013 05:25:38 System Checkpoint
08-11-2013 20:41:46 System Checkpoint
09-11-2013 21:35:58 System Checkpoint
10-11-2013 23:13:57 System Checkpoint
11-11-2013 23:27:20 System Checkpoint
12-11-2013 23:31:24 System Checkpoint
13-11-2013 23:36:17 System Checkpoint
15-11-2013 21:01:28 System Checkpoint
16-11-2013 21:36:31 System Checkpoint
18-11-2013 01:28:06 System Checkpoint
19-11-2013 03:30:22 System Checkpoint
20-11-2013 03:58:43 System Checkpoint
21-11-2013 04:30:42 System Checkpoint
22-11-2013 22:08:29 System Checkpoint
23-11-2013 22:59:19 System Checkpoint
24-11-2013 23:46:17 System Checkpoint
26-11-2013 00:11:22 System Checkpoint
27-11-2013 00:42:26 System Checkpoint
28-11-2013 00:49:39 System Checkpoint
29-11-2013 21:29:57 System Checkpoint
30-11-2013 22:42:50 System Checkpoint
01-12-2013 23:09:54 System Checkpoint
02-12-2013 23:37:56 System Checkpoint
03-12-2013 23:48:11 System Checkpoint
05-12-2013 00:12:22 System Checkpoint
06-12-2013 00:40:07 System Checkpoint
06-12-2013 11:01:05 Removed COMODO Firewall
07-12-2013 15:59:55 System Checkpoint
09-12-2013 03:24:33 System Checkpoint
10-12-2013 07:34:26 OTL Restore Point - 12/10/2013 2:34:20 AM
11-12-2013 07:58:04 OTL Restore Point - 12/11/2013 2:57:57 AM
12-12-2013 14:27:34 System Checkpoint
13-12-2013 21:52:51 System Checkpoint
14-12-2013 21:55:30 System Checkpoint

==================== Hosts content: ==========================

2004-08-10 13:00 - 2013-12-07 09:18 - 00000741 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-12-17 23:11 - 2012-09-19 18:17 - 00397088 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2011-11-01 07:32 - 2011-11-01 07:32 - 00573100 _____ () C:\WINDOWS\system32\sqlite3.dll
2004-08-10 06:00 - 2004-09-28 10:54 - 00269824 _____ () C:\WINDOWS\system32\sbe.dll
2004-08-10 06:00 - 2008-12-20 17:14 - 01288192 _____ () C:\WINDOWS\system32\quartz.dll
2004-08-10 07:00 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-10 07:00 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2007-12-09 15:37 - 2007-09-20 18:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2004-10-08 18:43 - 2004-10-08 18:43 - 00196608 _____ () c:\Program Files\HP\Digital Imaging\bin\HpqUtil.dll
2005-04-28 09:28 - 2005-04-28 09:28 - 00061496 _____ () C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\clntutil.dll
2005-04-28 09:28 - 2005-04-28 09:28 - 00024615 _____ () C:\Program Files\Updates from HP\309731\Program\BWfiles-309731.dll
2005-04-28 09:28 - 2005-04-28 09:28 - 00147493 _____ () C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\BWfiles.dll
2005-04-28 09:28 - 2005-04-28 09:28 - 00024615 _____ () C:\Program Files\Updates from HP\309731\Program\frext-309731.dll
2005-04-28 09:28 - 2005-04-28 09:28 - 00094243 _____ () C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\frext.dll
2005-04-28 09:28 - 2005-04-28 09:28 - 00126976 _____ () C:\Program Files\Updates from HP\309731\Program\HPClientExt.dll
2009-09-04 22:15 - 2009-09-04 22:15 - 00067872 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/06/2013 05:46:51 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager called routine OpenNtmsSessionW which failed with status 0x80070015 (converted to 0x800423f3).

Error: (12/06/2013 05:29:49 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager called routine OpenNtmsSessionW which failed with status 0x80070015 (converted to 0x800423f3).

Error: (12/06/2013 04:55:33 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager called routine OpenNtmsSessionW which failed with status 0x80070015 (converted to 0x800423f3).

Error: (12/06/2013 04:42:46 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager called routine OpenNtmsSessionW which failed with status 0x80070015 (converted to 0x800423f3).

Error: (12/06/2013 04:34:42 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager called routine OpenNtmsSessionW which failed with status 0x80070015 (converted to 0x800423f3).

Error: (12/06/2013 04:26:52 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager called routine OpenNtmsSessionW which failed with status 0x80070015 (converted to 0x800423f3).

Error: (12/06/2013 04:21:38 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager called routine OpenNtmsSessionW which failed with status 0x80070015 (converted to 0x800423f3).

Error: (12/06/2013 04:09:19 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager called routine OpenNtmsSessionW which failed with status 0x80070015 (converted to 0x800423f3).

Error: (12/06/2013 04:06:16 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager called routine OpenNtmsSessionW which failed with status 0x800708ca (converted to 0x800423f4).

Error: (12/06/2013 04:01:52 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager called routine OpenNtmsSessionW which failed with status 0x80070015 (converted to 0x800423f3).


System errors:
=============
Error: (12/14/2013 09:13:59 PM) (Source: DCOM) (User: BAM)
Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (12/14/2013 09:11:36 PM) (Source: 0) (User: )
Description: Linksys Wireless-B USB Network Adapter v4.0 #5

Error: (12/14/2013 09:11:35 PM) (Source: 0) (User: )
Description: Linksys Wireless-B USB Network Adapter v4.0 #5

Error: (12/14/2013 09:11:35 PM) (Source: 0) (User: )
Description: Linksys Wireless-B USB Network Adapter v4.0 #5

Error: (12/14/2013 09:11:32 PM) (Source: 0) (User: )
Description: Linksys Wireless-B USB Network Adapter v4.0 #5

Error: (12/14/2013 09:11:31 PM) (Source: 0) (User: )
Description: Linksys Wireless-B USB Network Adapter v4.0 #5

Error: (12/14/2013 09:11:30 PM) (Source: 0) (User: )
Description: Linksys Wireless-B USB Network Adapter v4.0 #5

Error: (12/14/2013 09:11:30 PM) (Source: 0) (User: )
Description: Linksys Wireless-B USB Network Adapter v4.0 #5

Error: (12/14/2013 09:11:28 PM) (Source: 0) (User: )
Description: Linksys Wireless-B USB Network Adapter v4.0 #5

Error: (12/14/2013 09:11:27 PM) (Source: 0) (User: )
Description: Linksys Wireless-B USB Network Adapter v4.0 #5


Microsoft Office Sessions:
=========================
Error: (12/06/2013 05:46:51 AM) (Source: VSS)(User: )
Description: 0x800700150x800423f3RemovableStorageManagerOpenNtmsSessionW

Error: (12/06/2013 05:29:49 AM) (Source: VSS)(User: )
Description: 0x800700150x800423f3RemovableStorageManagerOpenNtmsSessionW

Error: (12/06/2013 04:55:33 AM) (Source: VSS)(User: )
Description: 0x800700150x800423f3RemovableStorageManagerOpenNtmsSessionW

Error: (12/06/2013 04:42:46 AM) (Source: VSS)(User: )
Description: 0x800700150x800423f3RemovableStorageManagerOpenNtmsSessionW

Error: (12/06/2013 04:34:42 AM) (Source: VSS)(User: )
Description: 0x800700150x800423f3RemovableStorageManagerOpenNtmsSessionW

Error: (12/06/2013 04:26:52 AM) (Source: VSS)(User: )
Description: 0x800700150x800423f3RemovableStorageManagerOpenNtmsSessionW

Error: (12/06/2013 04:21:38 AM) (Source: VSS)(User: )
Description: 0x800700150x800423f3RemovableStorageManagerOpenNtmsSessionW

Error: (12/06/2013 04:09:19 AM) (Source: VSS)(User: )
Description: 0x800700150x800423f3RemovableStorageManagerOpenNtmsSessionW

Error: (12/06/2013 04:06:16 AM) (Source: VSS)(User: )
Description: 0x800708ca0x800423f4RemovableStorageManagerOpenNtmsSessionW

Error: (12/06/2013 04:01:52 AM) (Source: VSS)(User: )
Description: 0x800700150x800423f3RemovableStorageManagerOpenNtmsSessionW


==================== Memory info ===========================

Percentage of memory in use: 21%
Total physical RAM: 2551.3 MB
Available physical RAM: 1992.5 MB
Total Pagefile: 6214.15 MB
Available Pagefile: 5599.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1955.27 MB

==================== Drives ================================

Drive c: (HP_PAVILION) (Fixed) (Total:178.3 GB) (Free:62.24 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (HP_RECOVERY) (Fixed) (Total:8 GB) (Free:1.43 GB) FAT32 ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 186 GB) (Disk ID: 1549F232)
Partition 1: (Not Active) - (Size=8 GB) - (Type=0C)
Partition 2: (Active) - (Size=178 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP