Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer is VERY slow!


  • Please log in to reply

#1
jp17315

jp17315

    Member

  • Member
  • PipPipPip
  • 127 posts

Hi

This computer is very slow! I scanned with MSSE and super anti spyware and did not find any viruses but still very slow! Hoping you could help out. 

 

OTL logfile created on: 12/5/2014 9:36:53 p. m. - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
510.52 Mb Total Physical Memory | 301.86 Mb Available Physical Memory | 59.13% Memory free
1.22 Gb Paging File | 0.99 Gb Available in Paging File | 80.85% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.93 Gb Total Space | 33.61 Gb Free Space | 60.09% Space Free | Partition Type: NTFS
 
Computer Name: YOUR-PA86Z1I3G7 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/12/05 21:34:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2014/07/22 18:47:10 | 000,142,648 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2014/03/11 09:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/10/25 06:07:55 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2010/09/13 19:02:44 | 000,399,872 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/10 15:12:44 | 000,069,632 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2002/06/17 20:14:38 | 000,090,112 | ---- | M] (Compaq) -- C:\Compaq\EAKDRV\EAUSBKBD.exe
PRC - [2002/04/14 06:29:58 | 000,438,272 | ---- | M] (Compaq Computer Corporation) -- C:\Program Files\compaq\Easy Access Button Support\CPQEADM.exe
PRC - [2001/12/15 00:01:24 | 000,032,768 | ---- | M] (Compaq Computer Corporation) -- C:\Program Files\compaq\Easy Access Button Support\STARTEAK.exe
PRC - [2001/03/23 21:34:10 | 000,122,880 | ---- | M] (Compaq Computer Corporation) -- C:\Program Files\compaq\Easy Access Button Support\BttnServ.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2003/08/02 22:20:57 | 000,126,976 | R--- | M] () -- C:\Program Files\SpywareGuard\spywareguard.dll
MOD - [1998/12/21 03:35:36 | 000,024,576 | ---- | M] () -- C:\Program Files\compaq\Easy Access Button Support\BttnSeps.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/11/26 05:20:34 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/10/01 14:14:22 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/07/22 18:47:10 | 000,142,648 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2014/03/11 09:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/25 06:07:55 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010/09/13 19:02:44 | 000,399,872 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2002/05/24 12:46:14 | 000,077,824 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hphipm11.exe -- (Pml Driver HPH11)
SRV - [2002/05/17 02:30:12 | 000,262,144 | ---- | M] (NeoPlanet) [Disabled | Stopped] -- C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe -- (Compaq_RBA)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | Boot | Stopped] -- System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\AMERIC~2.0\ATWPKT2.SYS -- (ATWPKT2)
DRV - [2014/12/04 21:22:55 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/09 16:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/15 23:24:48 | 000,013,880 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2008/10/16 20:35:58 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/07/24 18:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2004/10/01 09:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2003/03/31 13:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2002/07/13 06:27:04 | 000,155,008 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2002/05/24 12:46:14 | 000,050,896 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphid411.sys -- (Dot4 HPH11)
DRV - [2002/05/24 12:46:14 | 000,018,928 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphius11.sys -- (Dot4Usb HPH11)
DRV - [2002/05/24 12:46:14 | 000,016,112 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphipr11.sys -- (Dot4Print HPH11)
DRV - [2001/08/10 03:26:02 | 000,022,608 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wandrv.sys -- (wandrv)
DRV - [2001/08/08 15:13:36 | 000,158,140 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2001/08/08 15:13:30 | 000,012,479 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2001/08/08 15:13:30 | 000,012,031 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2001/08/08 15:13:30 | 000,011,679 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2001/08/08 15:13:28 | 000,019,359 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2001/08/08 15:13:28 | 000,011,999 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2001/08/08 15:13:26 | 000,033,503 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2001/08/08 15:13:24 | 000,029,215 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2001/08/08 15:13:24 | 000,023,519 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2001/08/08 15:13:24 | 000,019,199 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [1999/10/30 00:35:08 | 000,024,348 | ---- | M] (Compaq Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EAWDMFD.SYS -- (EAWDMFD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://rd.yahoo.com/.../search/ie.html
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {958A91A2-C0A5-4125-BE5C-0CC04963DADE}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{958A91A2-C0A5-4125-BE5C-0CC04963DADE}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: "http://search.aol.co...rud=08-11-2013"
FF - prefs.js..browser.search.selectedEngine: "AOL Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/?...usaolp00000003"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..keyword.URL: ""
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/12/03 22:17:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/12/03 22:17:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Owner\Application Data\Move Networks [2009/09/24 08:05:47 | 000,000,000 | ---D | M]
 
[2008/12/17 09:48:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2014/10/27 11:47:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a7r646om.default\extensions
[2014/06/10 10:29:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a7r646om.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/11/08 10:59:43 | 000,000,000 | ---D | M] ("AOL Toolbar") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a7r646om.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2014/10/27 11:47:16 | 000,979,610 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a7r646om.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/11/08 10:59:52 | 000,002,568 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a7r646om.default\searchplugins\aol-search.xml
[2014/10/01 14:08:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/10/01 14:15:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/10/01 14:08:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2014/10/01 14:08:37 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2011/10/25 06:08:00 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\39.0.2171.71\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java™ Platform SE 6 U13 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - default_search_provider: 5E465C779E5DB8612D77535A0F1FB4C5C1FE0C4E799F16E184A78BC355CCE684 (Enabled)
CHR - default_search_provider: search_url = 19C3F72EEC30C07CD4FAC62A54F2DC900B6D7CDF568B4A95C70792A9B0D4F661
CHR - default_search_provider: suggest_url = 
CHR - homepage: BA7925A63BFC82F1BB785872B440FF709DFC6795F046B640942C190250AED6BD
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2011/10/07 10:24:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [CPQEASYACC] C:\Program Files\compaq\Easy Access Button Support\STARTEAK.exe (Compaq Computer Corporation)
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [WCOLOREAL] C:\Program Files\COMPAQ\Coloreal\coloreal.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: RemindU. - C:\Program Files\Upromise_Remind_U\UpromisesRemindU\UpromisetRemindU\uproC0.htm ()
O15 - HKCU\..Trusted Domains:   ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.micr...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Ad.pewtarex.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{800B941B-1605-49D1-A59E-567F4C06CBA9}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/05/29 11:35:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/08/01 21:46:53 | 000,000,000 | ---- | M] () - C:\autoexec.PU_ -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/12/05 21:34:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2014/12/04 22:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2014/12/04 22:35:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2014/12/04 22:35:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2014/12/04 22:35:03 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2014/12/03 23:27:05 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2014/12/03 21:37:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/12/05 21:34:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2014/12/05 21:32:14 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F88E048E-B866-4852-A9E1-B67483BEB339}.job
[2014/12/05 21:21:14 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/05 21:19:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/12/05 21:02:33 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\HP WEP.job
[2014/12/05 20:48:02 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/12/05 20:43:32 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/05 20:43:11 | 000,000,191 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2014/12/05 20:42:59 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/12/05 20:42:54 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/12/05 20:38:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/12/05 20:38:38 | 535,392,256 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/04 22:35:36 | 000,001,744 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014/12/04 21:22:55 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2014/12/03 22:17:17 | 000,000,012 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2014/12/03 21:53:21 | 000,147,514 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\cc_20141203_215310.reg
[2014/12/03 21:24:04 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2014/12/02 11:13:53 | 000,000,203 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2014/11/26 12:19:40 | 000,001,879 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/11/20 11:31:14 | 000,444,666 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/11/20 11:31:14 | 000,073,212 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/11/08 15:00:06 | 000,000,216 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/12/05 20:56:25 | 000,000,316 | ---- | C] () -- C:\WINDOWS\tasks\HP WEP.job
[2014/12/04 22:35:36 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014/12/03 22:01:16 | 000,000,012 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2014/12/03 21:53:15 | 000,147,514 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\cc_20141203_215310.reg
[2014/07/02 11:53:44 | 000,000,203 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2013/05/29 11:43:15 | 000,061,504 | ---- | C] () -- C:\WINDOWS\System32\licensemanager.exe
[2013/05/29 11:43:15 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\U25STORE.DLL
[2013/05/29 11:43:15 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\U25TOTAL.DLL
[2013/05/29 11:43:14 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\smtls32.dll
[2013/05/29 11:43:14 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\U2LBAR.DLL
[2013/05/29 11:43:06 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\Lftif60n.dll
[2013/05/29 11:43:06 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\Ltfil60n.dll
[2013/05/29 11:43:06 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\Lfbmp60n.dll
[2013/05/29 11:43:06 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\Lfpsd60n.dll
[2013/05/29 11:43:06 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Lftga60n.dll
[2013/05/29 11:43:06 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\Lfwmf60n.dll
[2013/05/29 11:43:05 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\Lffax60n.dll
[2013/05/29 11:43:05 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\Lfcmp60n.dll
[2013/05/29 11:43:05 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\Lfpng60n.dll
[2013/05/29 11:43:05 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\Lfpcx60n.dll
[2013/05/29 11:43:05 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\Lfpct60n.dll
[2013/05/29 11:43:05 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\Lfeps60n.dll
[2013/05/29 11:43:05 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\Lfwpg60n.dll
[2013/05/29 11:43:05 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\Lfmsp60n.dll
[2013/05/29 11:43:05 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Lfmac60n.dll
[2013/05/29 11:43:04 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\Regsvr16.exe
[2013/05/29 11:38:39 | 000,000,184 | ---- | C] () -- C:\WINDOWS\BTI.INI
[2011/10/21 19:41:19 | 000,010,445 | ---- | C] () -- C:\Documents and Settings\Owner\datastore.INTEG.RAW
[2011/10/11 09:07:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\{8AF1CB84-6885-4017-BD07-F0BEC571FE26}
[2011/10/05 15:54:54 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2011/10/04 15:13:15 | 000,001,213 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\ldr.ini
[2009/10/14 08:58:09 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2005/08/02 08:55:14 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/03/10 10:20:27 | 000,000,595 | ---- | C] () -- C:\Documents and Settings\Owner\plugin131.trace
[2003/07/10 12:07:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\dm.ini
[2002/08/02 00:08:45 | 000,000,173 | ---- | C] () -- C:\Documents and Settings\Owner\oobecmt.ini
[2002/08/01 22:04:15 | 000,006,905 | ---- | C] () -- C:\Documents and Settings\Owner\ml2.srt
[2002/08/01 22:04:15 | 000,006,892 | ---- | C] () -- C:\Documents and Settings\Owner\ml1.srt
 
========== ZeroAccess Check ==========
 
[2009/02/11 14:01:19 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/02/04 07:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2009/02/13 14:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/10/25 21:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2004/01/14 16:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/02/24 08:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Auslogics
[2002/01/01 00:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CoreFTP
[2005/07/30 07:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2007/09/18 14:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2009/02/10 08:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2014/10/08 13:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Simple Adblock
[2002/12/05 14:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2004/01/12 11:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VERITAS
[2007/06/19 15:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
 
< End of report >
 

OTL Extras logfile created on: 12/5/2014 9:36:53 p. m. - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
510.52 Mb Total Physical Memory | 301.86 Mb Available Physical Memory | 59.13% Memory free
1.22 Gb Paging File | 0.99 Gb Available in Paging File | 80.85% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.93 Gb Total Space | 33.61 Gb Free Space | 60.09% Space Free | Partition Type: NTFS
 
Computer Name: YOUR-PA86Z1I3G7 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
"C:\Program Files\Actinic Catalog v3\Catalog.exe" = C:\Program Files\Actinic Catalog v3\Catalog.exe:*:Enabled:Catalog - Internet Sales Application -- (Actinic Software)
"C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe:*:Enabled:Dreamweaver MX -- (Macromedia, Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE -- (Software 2000 Limited)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Google\Chrome\Application\chrome.exe" = C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
"C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE -- (Software 2000 Limited)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{991D8429-CFD9-48D9-BD85-6EDD3007B5A9}" = Corel WinDVD Pro 11
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = RecordNow Update Manager
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = DLA
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{26A24AE4-039D-4CA4-87B4-2F83217001FF}" = Java™ 7 Update 1
"{2E5C5BC1-9285-45DA-8885-29AFEA541C52}" = Setup
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36A345C9-0691-45A1-AEEF-29ECEC8B5014}" = Microsoft Security Client
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{54B19DCE-232F-45A3-80D9-2141DEDF6D8F}" = Simple Adblock
"{5849AFE4-802B-4C4D-A79F-F988C2BB7A7F}" = Corel WinDVD
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{5B8B9664-21C8-4A1C-AEE4-EF7B1EEB6BD3}" = PS_AIO_04_C5500_Software
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7699B723-9718-41DE-8C18-549F341C02CE}" = Crystal Reports for PFW
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7B02BF60-796D-4616-908B-B31A63CFDEFB}" = HPCarePackCore
"{7D15B945-2725-4443-AB3F-D900556612FE}" = User Profile Hive Cleanup Service
"{8214CC02-6271-4DC8-B8DD-779933450264}" = RecordNow
"{82A34D1B-A36C-4B53-BFC8-2F3FDB32CFD9}" = IPM
"{8A558B0C-541D-47e0-A177-8635CE723B07}" = HP Photosmart C5500 All-In-One Driver Software 11.0 Rel .4
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8E37A0C8-C0E7-4E7A-8739-ACF20D02E70C}" = PS_AIO_04_C5500_Software_Min
"{93539D60-1817-11D1-9504-00805F26A89C}" = Easy Access Button Support
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9692FD03-6662-4E62-B08C-30DFF51651E1}" = Actiontec USB/Ethernet Home DSL Modem
"{991D8429-CFD9-48D9-BD85-6EDD3007B5A9}" = ICA
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.08)
"{BDE90251-93EB-4F6A-89D8-086E2D91DC56}" = Coloreal
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1939820-A945-11D4-86F6-0001031E5712}" = InterVideo WinDVD
"{C4C1AFCD-2C72-48B4-AE2E-A7354A525E87}" = Compaq Advisor
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{C9618743-1A5C-461E-91C4-E013A3D70F3C}" = Adobe® Photoshop® Album Starter Edition 3.0.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E8010B32-BB8F-4600-9FB7-FDF16A69F1D8}" = hppusgP1500
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{ECA31632-C2AD-4774-A3CA-2813D47E4DD0}" = HPCarePackProducts
"{ED23E382-E5E3-4E21-B616-01FC59A40916}" = OpenOffice.org 3.3
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"Actinic Catalog v3" = Actinic Catalog 3
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"Belarc Advisor" = Belarc Advisor 8.2
"CCleaner" = CCleaner
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"ERUNT_is1" = ERUNT 1.1j
"FileHippo.com" = FileHippo.com Update Checker
"Google Chrome" = Google Chrome
"HP LaserJet P1500 series" = HP LaserJet P1500 series
"hphuni04" = Photosmart 130,230,7150,7345,7350,7550 (Remove only)
"ie8" = Windows Internet Explorer 8
"Inactive HP Printer Drivers (Remove only)" = Inactive HP Printer Drivers (Remove only)
"JRE 1.3.1" = Java 2 Runtime Environment Standard Edition v1.3.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 32.0.3 (x86 en-US)" = Mozilla Firefox 32.0.3 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Pervasive.SQL 2000 Client" = Pervasive.SQL 2000 Client (SP3)
"PFW95Files" = PFW File Associations
"Platinum for Windows by Best" = Platinum for Windows by Best
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"RealPlayer 6.0" = RealOne Player
"S3Display" = S3Display
"S3Gamma2" = S3Gamma2
"S3Info2" = S3Info2
"S3Overlay" = S3Overlay
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SpywareGuard_is1" = SpywareGuard v2.2
"StreetPlugin" = Learn2 Player (Uninstall Only)
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/3/2014 11:05:57 p. m. | Computer Name = YOUR-PA86Z1I3G7 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
 network. (The specified domain either does not exist or could not be contacted.
 ). Group Policy processing aborted. 
 
Error - 12/3/2014 11:06:12 p. m. | Computer Name = YOUR-PA86Z1I3G7 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
 the active directory (0x8007054b).  The specified domain either does not exist 
or could not be contacted.    Enrollment will not be performed.
 
Error - 12/4/2014 12:25:02 a. m. | Computer Name = YOUR-PA86Z1I3G7 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
 network. (The specified domain either does not exist or could not be contacted.
 ). Group Policy processing aborted. 
 
Error - 12/4/2014 12:25:05 a. m. | Computer Name = YOUR-PA86Z1I3G7 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
 the active directory (0x8007054b).  The specified domain either does not exist 
or could not be contacted.    Enrollment will not be performed.
 
Error - 12/4/2014 10:06:36 p. m. | Computer Name = YOUR-PA86Z1I3G7 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
 network. (The specified domain either does not exist or could not be contacted.
 ). Group Policy processing aborted. 
 
Error - 12/4/2014 10:06:37 p. m. | Computer Name = YOUR-PA86Z1I3G7 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
 the active directory (0x8007054b).  The specified domain either does not exist 
or could not be contacted.    Enrollment will not be performed.
 
Error - 12/5/2014 12:28:29 a. m. | Computer Name = YOUR-PA86Z1I3G7 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
Error - 12/5/2014 12:28:29 a. m. | Computer Name = YOUR-PA86Z1I3G7 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
Error - 12/5/2014 9:38:58 p. m. | Computer Name = YOUR-PA86Z1I3G7 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
 network. (The specified domain either does not exist or could not be contacted.
 ). Group Policy processing aborted. 
 
Error - 12/5/2014 9:38:58 p. m. | Computer Name = YOUR-PA86Z1I3G7 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
 the active directory (0x8007054b).  The specified domain either does not exist 
or could not be contacted.    Enrollment will not be performed.
 
[ System Events ]
Error - 12/4/2014 10:26:46 p. m. | Computer Name = YOUR-PA86Z1I3G7 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.189.1096.0     Update Source: %%859     Update Stage:
 %%852     Source Path: http://www.microsoft.com     Signature Type: %%800     Update Type: %%803
 
User:
 NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.11202.0
 
Error
 code: 0x8024402c     Error description: An unexpected problem occurred while checking
 for updates. For information on installing or troubleshooting updates, see Help
 and Support. 
 
Error - 12/5/2014 9:38:53 p. m. | Computer Name = YOUR-PA86Z1I3G7 | Source = Microsoft Antimalware | ID = 2041
Description = The support for your operating system has expired. Running %%860 on
 an out of support operating system is not an adequate solution to protect against
 threats.  
 
Error - 12/5/2014 9:38:58 p. m. | Computer Name = YOUR-PA86Z1I3G7 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain AD due to the following:
   %%1311.    Make sure that the computer is connected to the network and try  again. If
 the problem persists, please contact your domain administrator.
 
Error - 12/5/2014 9:40:04 p. m. | Computer Name = YOUR-PA86Z1I3G7 | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
 to the following error:   %%3
 
Error - 12/5/2014 9:40:04 p. m. | Computer Name = YOUR-PA86Z1I3G7 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   viaagp1
 
Error - 12/5/2014 9:48:01 p. m. | Computer Name = YOUR-PA86Z1I3G7 | Source = Microsoft Antimalware | ID = 2041
Description = The support for your operating system has expired. Running %%860 on
 an out of support operating system is not an adequate solution to protect against
 threats.  
 
Error - 12/5/2014 9:48:08 p. m. | Computer Name = YOUR-PA86Z1I3G7 | Source = Microsoft Antimalware | ID = 2041
Description = The support for your operating system has expired. Running %%860 on
 an out of support operating system is not an adequate solution to protect against
 threats.  
 
Error - 12/5/2014 10:01:36 p. m. | Computer Name = YOUR-PA86Z1I3G7 | Source = Microsoft Antimalware | ID = 2041
Description = The support for your operating system has expired. Running %%860 on
 an out of support operating system is not an adequate solution to protect against
 threats.  
 
Error - 12/5/2014 10:01:37 p. m. | Computer Name = YOUR-PA86Z1I3G7 | Source = Microsoft Antimalware | ID = 2041
Description = The support for your operating system has expired. Running %%860 on
 an out of support operating system is not an adequate solution to protect against
 threats.  
 
Error - 12/5/2014 10:01:38 p. m. | Computer Name = YOUR-PA86Z1I3G7 | Source = Microsoft Antimalware | ID = 2041
Description = The support for your operating system has expired. Running %%860 on
 an out of support operating system is not an adequate solution to protect against
 threats.  
 
 
< End of report >
 
Thanks for your help!

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,019 posts
  • MVP
If you haven't already done so you should first defrag the c:\
 
 
You need to get a new anti-virus.  MS doesn't support XP any more so MSE is not being updated.  I would try the free Avast.  It's what I use on all of my PCs.
 
 
Uninstall Microsoft Security Essentials, reboot then install Avast from the file you downloaded.  You will need to register but it's just a name and email address so no big deal.
 
 
 
If that doesn't help:
 
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
 
 
 
 
 
Start, Run, eventvwr.msc, OK to bring up the Event Viewer.  Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. 
 
Reboot. 
 
 
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.
 
 
 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy  (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.) Attach the file to your next post.  Uninstall Speccy.
 
 
 
 

  • 0

#3
jp17315

jp17315

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts

Ok - So it took about 3  hours to do the defrag but noticed a significant change in speed. her are the files your looking for:

 

procexp.txt

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 98.44 0 K 16 K 0
procexp.exe 1.56 26,340 K 32,644 K 2392 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
Interrupts < 0.01 0 K 0 K n/a Hardware Interrupts and DPCs
wmiprvse.exe 2,344 K 5,992 K 3140 WMI Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
wmiprvse.exe 1,792 K 4,884 K 1584
winlogon.exe 7,964 K 2,196 K 524 Windows NT Logon Application Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
uphclean.exe 580 K 1,128 K 1800 User Profile Hive Cleanup Service Windows ® Codename Longhorn DDK provider (No signature was present in the subject) Windows ® Codename Longhorn DDK provider
unsecapp.exe 1,304 K 3,664 K 3316 WMI Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
tfswctrl.exe 932 K 3,020 K 1696 Direct Access Component VERITAS Software, Inc. (No signature was present in the subject) VERITAS Software, Inc.
System 0 K 316 K 4
svchost.exe 16,904 K 26,684 K 892 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 2,468 K 3,900 K 1768 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 1,764 K 3,860 K 824 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 2,968 K 4,460 K 760 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 1,288 K 3,376 K 952 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 1,480 K 3,632 K 1008 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 1,332 K 3,452 K 1272 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 1,000 K 2,620 K 1632 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 992 K 2,556 K 1656 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
STARTEAK.exe 492 K 1,688 K 2124 STARTEAK Compaq Computer Corporation (No signature was present in the subject) Compaq Computer Corporation
spoolsv.exe 4,324 K 5,980 K 1172 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows Component Publisher
smss.exe 168 K 244 K 444 Windows NT Session Manager Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
services.exe 1,732 K 3,280 K 568 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Component Publisher
SASCore.exe 1,700 K 2,076 K 1312 Core Service SUPERAntiSpyware.com (Verified) SUPERAntiSpyware.com
PsiService_2.exe 548 K 1,724 K 1680 PsiService PsiService Protexis Inc. (Verified) Protexis Inc.
mbamservice.exe 4,928 K 5,948 K 1484 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
lsass.exe 6,868 K 4,432 K 580 LSA Shell (Export Version) Microsoft Corporation (Verified) Microsoft Windows Component Publisher
jqs.exe 2,208 K 1,400 K 1452 Java™ Quick Starter Service Oracle Corporation (Verified) Oracle America
hpsysdrv.exe 480 K 1,528 K 1920 hpsysdrv Hewlett-Packard Company (No signature was present in the subject) Hewlett-Packard Company
HP1006MC.EXE 696 K 2,280 K 196 SMLMProxy Module Software 2000 Limited (No signature was present in the subject) Software 2000 Limited
hkcmd.exe 1,508 K 3,372 K 1900 hkcmd Module Intel Corporation (No signature was present in the subject) Intel Corporation
explorer.exe 23,708 K 18,964 K 972 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows Component Publisher
EAUSBKBD.exe 1,660 K 2,092 K 2412 EAUSBKBD Compaq (No signature was present in the subject) Compaq
ctfmon.exe 868 K 2,832 K 2376 CTF Loader Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
csrss.exe 1,772 K 3,852 K 500 Client Server Runtime Process Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
CPQEADM.exe 2,928 K 4,800 K 2404 Easy Access Software Demon Compaq Computer Corporation (No signature was present in the subject) Compaq Computer Corporation
BttnServ.exe 1,012 K 3,068 K 2432 Button Server Compaq Computer Corporation (No signature was present in the subject) Compaq Computer Corporation
AvastUI.exe 28,504 K 24,636 K 2788 avast! Antivirus AVAST Software (Verified) AVAST Software a.s.
AvastSvc.exe 37,876 K 40,960 K 780 avast! Service AVAST Software (Verified) AVAST Software a.s.
alg.exe 1,120 K 3,096 K 884 Application Layer Gateway Service Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
 
VFW.txt
 
Vino's Event Viewer v01c run on Windows XP in English
Report run at 07/12/2014 9:54:50 p. m.
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/12/2014 9:26:02 p. m.
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  viaagp1 
 
Log: 'System' Date/Time: 07/12/2014 9:26:02 p. m.
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The LogMeIn Kernel Information Provider service failed to start due to the following error:  The system cannot find the path specified.  
 
Log: 'System' Date/Time: 07/12/2014 9:24:47 p. m.
Type: error Category: 0
Event: 5719 Source: NETLOGON
No Domain Controller is available for domain AD due to the following:  There are currently no logon servers available to service the logon request. .  Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator. 
 
Log: 'System' Date/Time: 07/12/2014 9:24:32 p. m.
Type: error Category: 0
Event: 1 Source: sr
The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume. 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/12/2014 9:42:05 p. m.
Type: warning Category: 0
Event: 11164 Source: DnsApi
The system failed to register host (A) resource records (RRs) for network adapter with settings:     Adapter Name : {800B941B-1605-49D1-A59E-567F4C06CBA9}    Host Name : your-pa86z1i3g7    Primary Domain Suffix : Ad.pewtarex.com    DNS server list :       75.75.76.76, 75.75.75.75    Sent update to server : <?>    IP Address(es) :      10.0.0.5   The reason the system could not register these RRs was because either (a) the DNS server does not support the DNS dynamic update protocol, or (b) the authoritative zone for the specified DNS domain name does not accept dynamic updates.   To register the DNS host (A) resource records using the specific DNS domain name and IP addresses for this adapter, contact your DNS server or network systems administrator. 
 

 


  • 0

#4
jp17315

jp17315

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts

Third time trying to copy past the speccy file. Chrome was freezing up. Using firefox now. Lets see if this works.

 Nope. I am just attaching this file - looks like its huge!!

 

Attached Files


  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,019 posts
  • MVP

That's why I said to attach it.  

 

You can uninstall Speccy if you haven't already.  Speccy says your hard drive is OK and you have enough memory.  Unfortunately your PC is too old to have a temp sensor for the mobo/cpu so it can't tell me the temp.  Every XP I have worked on in the last 2-3 years has been clogged with dust and running hot so the odds are that yours is too.  A hot PC is a slow PC since the CPU will protect itself by running slower if it gets too hot.   If you haven't cleaned the heatsink recently then:

 

Shut down but leave plugged in.  (This applies a ground to the PC chassis and prevents static damage).   Open it up and using a small brush and a vacuum cleaner hose remove the dust from the heatsink and also from the fans and vents.  Sometimes you actually have to remove the fan from on top of the heatsink to clean it.  DO NOT REMOVE THE HEATSINK FROM THE CPU.  IF you do you will have to clean the mating surfaces and recoat with thermal paste.  With it still open, turn it on and watch the fan.  It should run up to a good speed very quickly.  A slow starting or noisy fan should be replaced.

 

 

Process Explorer says there is nothing running that shouldn't be and it should be fairly quick responding.

 

You do have a logmein program which did not uninstall properly and is causing an error on startup so let's run FRST so we can fix that:

 

 
Please download Farbar Recovery Scan Tool and save it to your Desktop. 
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
 
  •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  •  
     
    Let's also look for viaagp1.sys which appears to be missing:
     

    Copy the text in the code box by highlighting and Ctrl + c 
     
     
    /md5start
    viaagp1.sys
    /md5stop
     
    
    then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text.  Verify that you got it all and Then click the Run SCAN button at the top
    Let the program run unhindered, OTL will not reboot the PC when it is done.  Save the log and copy and paste it to a reply.
     
     
     
    Even tho Speccy gave your hard drive a clean bill of health there may be a problem with the file system on it so it would be a good idea to do a disk check.  This will also take a few hours.
     

    1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
    2. Click Properties, and then click Tools.
    3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
    4. Check both boxes and then click Start.
    You will receive the following message:
    The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
    Click Yes to schedule the disk check, 
     
    Reboot. 
     
    The disk check will run and will probably take an hour or more to finish.
     
    Bed time for me.  Will check back tomorrow.

    • 0

    #6
    jp17315

    jp17315

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 127 posts

    Sorry for the delay. Heres the logs you asked.

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-12-2014
    Ran by Owner (administrator) on YOUR-PA86Z1I3G7 on 08-12-2014 17:59:19
    Running from C:\Documents and Settings\Owner\Desktop
    Loaded Profile: Owner (Available profiles: Owner)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 8
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
    (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    (Windows ® Codename Longhorn DDK provider) C:\Program Files\UPHClean\uphclean.exe
    (Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe
    (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
    (VERITAS Software, Inc.) C:\WINDOWS\system32\dla\tfswctrl.exe
    (Compaq Computer Corporation) C:\Program Files\compaq\Easy Access Button Support\STARTEAK.exe
    (Compaq Computer Corporation) C:\Program Files\compaq\Easy Access Button Support\CPQEADM.exe
    (Compaq) C:\Compaq\EAKDRV\EAUSBKBD.exe
    (Compaq Computer Corporation) C:\PROGRA~1\compaq\EASYAC~1\BttnServ.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [hpsysdrv] => c:\windows\system\hpsysdrv.exe [52736 1998-05-07] (Hewlett-Packard Company)
    HKLM\...\Run: [dla] => C:\WINDOWS\system32\dla\tfswctrl.exe [106549 2002-07-16] (VERITAS Software, Inc.)
    HKLM\...\Run: [WCOLOREAL] => C:\Program Files\COMPAQ\Coloreal\coloreal.exe [143360 2002-02-20] ()
    HKLM\...\Run: [CPQEASYACC] => C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe [32768 2001-12-15] (Compaq Computer Corporation)
    HKLM\...\Run: [hpbdfawep] => C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe [954368 2007-04-25] ()
    HKLM\...\Run: [AlcxMonitor] => C:\WINDOWS\ALCXMNTR.EXE [57344 2004-09-07] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [Malwarebytes' Anti-Malware] => C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [460872 2011-12-24] (Malwarebytes Corporation)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-12-07] (AVAST Software)
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
    Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
    HKLM\...\Policies\Explorer: [NoCDBurning] 1
    HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-13] (Microsoft Corporation)
    Lsa: [Notification Packages]  scecli scecli
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2234620177-1887795725-650978795-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
    HKU\S-1-5-21-2234620177-1887795725-650978795-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
    HKU\S-1-5-21-2234620177-1887795725-650978795-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    URLSearchHook: HKU\S-1-5-21-2234620177-1887795725-650978795-1003 - (No Name) - {472734EA-242A-422b-ADF8-83D1E48CC825} -  No File
    SearchScopes: HKU\S-1-5-21-2234620177-1887795725-650978795-1003 -> DefaultScope {958A91A2-C0A5-4125-BE5C-0CC04963DADE} URL = http://search.yahoo....=utf-8&fr=b1ie7
    SearchScopes: HKU\S-1-5-21-2234620177-1887795725-650978795-1003 -> {958A91A2-C0A5-4125-BE5C-0CC04963DADE} URL = http://search.yahoo....=utf-8&fr=b1ie7
    BHO: SpywareGuardDLBLOCK.CBrowserHelper -> {4A368E80-174F-4872-96B5-0B27DDD11DB2} -> C:\Program Files\SpywareGuard\dlprotect.dll ()
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO: SimpleAdblock Class -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
    Toolbar: HKLM - No Name - {BA52B914-B692-46c4-B683-905236F6F655} -  No File
    Toolbar: HKU\S-1-5-21-2234620177-1887795725-650978795-1003 -> No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
    DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.micr...D0C/wmv9dmo.cab
    DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} 
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
    ShellExecuteHooks: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll [126976 2003-08-02] ()
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
    Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
     
    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a7r646om.default
    FF DefaultSearchEngine: Yahoo! (Avast)
    FF SearchEngineOrder.1: Yahoo! (Avast)
    FF SelectedSearchEngine: Yahoo! (Avast)
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
    FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @movenetworks.com/Quantum Media Player -> C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2234620177-1887795725-650978795-1003: @movenetworks.com/Quantum Media Player -> C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Oracle Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
    FF SearchPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a7r646om.default\searchplugins\aol-search.xml
    FF SearchPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a7r646om.default\searchplugins\yahoo-avast.xml
    FF Extension: Yahoo! Toolbar - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a7r646om.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-12-07]
    FF Extension: AOL Toolbar - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a7r646om.default\Extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} [2013-11-08]
    FF Extension: Adblock Plus - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a7r646om.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-10-24]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-10-23]
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-07]
    FF HKU\S-1-5-21-2234620177-1887795725-650978795-1003\...\Firefox\Extensions: [[email protected]] - C:\Documents and Settings\Owner\Application Data\Move Networks
    FF Extension: Move Media Player - C:\Documents and Settings\Owner\Application Data\Move Networks [2009-09-23]
     
    Chrome: 
    =======
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.71\gcswf32.dll No File
    CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
    CHR Plugin: (Java™ Platform SE 6 U13) - C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll No File
    CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll ()
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll No File
    CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll No File
    CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll No File
    CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
    CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
    CHR Plugin: (Move Streaming Media Player) - C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
    CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
    CHR Plugin: (Default Plug-in) - default_plugin No File
    CHR Profile: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-04]
    CHR Extension: (Avast Online Security) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-07]
    CHR Extension: (Google Wallet) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-24]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-07]
     
    ========================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-07] (AVAST Software)
    S4 Compaq_RBA; C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe [262144 2002-05-17] (NeoPlanet) [File not signed]
    R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [161664 2011-10-25] (Oracle Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [652872 2011-12-24] (Malwarebytes Corporation)
    R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2008-02-28] (Hewlett-Packard) [File not signed]
    S3 Pml Driver HPH11; C:\WINDOWS\System32\HPHipm11.exe [77824 2002-05-24] (HP)
    R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2008-02-28] (Hewlett-Packard) [File not signed]
    R2 UPHClean; C:\Program Files\UPHClean\uphclean.exe [399872 2010-09-13] (Windows ® Codename Longhorn DDK provider) [File not signed]
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [2279424 2004-10-01] (Realtek Semiconductor Corp.)
    R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-12-07] ()
    R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-12-07] (AVAST Software)
    R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-12-07] (AVAST Software)
    R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-12-07] ()
    R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-12-07] (AVAST Software)
    R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-12-07] (AVAST Software)
    R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-12-07] (AVAST Software)
    R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-12-07] ()
    R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2011-08-09] () [File not signed]
    S3 Dot4 HPH11; C:\WINDOWS\System32\DRIVERS\hphid411.sys [50896 2002-05-24] (HP)
    S3 Dot4Print HPH11; C:\WINDOWS\System32\DRIVERS\hphipr11.sys [16112 2002-05-24] (HP)
    S3 Dot4Usb HPH11; C:\WINDOWS\System32\drivers\hphius11.sys [18928 2002-05-24] (HP)
    R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [81552 2002-06-05] (VERITAS Software, Inc.) [File not signed]
    R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40368 2002-06-06] (VERITAS Software, Inc.) [File not signed]
    R3 eaps2kbd; C:\WINDOWS\System32\DRIVERS\eaps2kbd.sys [24035 2001-12-28] (Compaq Computer Corp.)
    R1 EAWDMFD; C:\WINDOWS\System32\DRIVERS\eawdmfd.sys [24348 1999-10-30] (Compaq Computer Corporation)
    S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-04-15] (HP)
    S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-04-15] (HP)
    S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-04-15] (HP)
    S3 i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [158140 2001-08-08] (Intel® Corporation)
    S3 iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [12479 2001-08-08] (Intel® Corporation)
    S3 iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [12031 2001-08-08] (Intel® Corporation)
    S3 iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [11679 2001-08-08] (Intel® Corporation)
    S3 iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [11999 2001-08-08] (Intel® Corporation)
    S3 iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [19359 2001-08-08] (Intel® Corporation)
    S3 iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [29215 2001-08-08] (Intel® Corporation)
    S3 iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [19199 2001-08-08] (Intel® Corporation)
    S3 iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [33503 2001-08-08] (Intel® Corporation)
    S3 iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [23519 2001-08-08] (Intel® Corporation)
    R3 ltmodem5; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [625537 2003-03-31] (LT)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [20464 2011-12-10] (Malwarebytes Corporation) [File not signed]
    S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2014-12-04] (Malwarebytes Corporation)
    R0 PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [16288 2002-04-18] (VERITAS Software, Inc.) [File not signed]
    R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
    S3 S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [155008 2002-07-13] (S3 Graphics, Inc.)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5589 2002-06-19] (VERITAS Software, Inc.) [File not signed]
    R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [22995 2002-06-19] (VERITAS Software, Inc.) [File not signed]
    R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [23701 2002-07-16] (VERITAS Software, Inc.) [File not signed]
    R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34805 2002-07-16] (VERITAS Software, Inc.) [File not signed]
    R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4117 2002-07-16] (VERITAS Software, Inc.) [File not signed]
    R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2201 2002-07-16] (VERITAS Software, Inc.) [File not signed]
    R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [54900 2002-07-16] (VERITAS Software, Inc.) [File not signed]
    R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [14421 2002-07-16] (VERITAS Software, Inc.) [File not signed]
    R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6325 2002-07-16] (VERITAS Software, Inc.) [File not signed]
    R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [91156 2002-07-16] (VERITAS Software, Inc.) [File not signed]
    R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [95125 2002-07-16] (VERITAS Software, Inc.) [File not signed]
    S3 wandrv; C:\WINDOWS\System32\DRIVERS\wandrv.sys [22608 2001-08-10] (America Online, Inc.)
    S1 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\WINDOWS\System32\drivers\ialmsbw.sys [90336 2002-05-22] (Intel Corporation)
    S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\WINDOWS\System32\drivers\ialmkchw.sys [69504 2002-05-22] (Intel Corporation)
    S3 ATWPKT2; \??\C:\PROGRA~1\AMERIC~2.0\ATWPKT2.SYS [X]
    S4 hpt3xx; No ImagePath
    S3 iAimTV2; System32\DRIVERS\wATV03nt.sys [X]
    S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]
    S4 LMIRfsClientNP; No ImagePath
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
    S0 viaagp1; System32\DRIVERS\viaagp1.sys [X]
    S3 wanatw; System32\DRIVERS\wanatw4.sys [X]
    U1 WS2IFSL; No ImagePath
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-12-08 17:59 - 2014-12-08 18:00 - 00021396 _____ () C:\Documents and Settings\Owner\Desktop\FRST.txt
    2014-12-08 17:58 - 2014-12-08 17:59 - 00000000 ____D () C:\FRST
    2014-12-08 17:58 - 2014-12-08 17:55 - 01111040 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
    2014-12-08 17:25 - 2014-12-08 17:25 - 00000316 _____ () C:\WINDOWS\Tasks\HP WEP.job
    2014-12-07 21:59 - 2014-12-07 22:00 - 00395363 _____ () C:\Documents and Settings\Owner\Desktop\YOUR-PA86Z1I3G7.txt
    2014-12-07 21:57 - 2014-12-07 21:57 - 00000000 _____ () C:\WINDOWS\setuperr.log
    2014-12-07 21:57 - 2014-12-07 21:57 - 00000000 _____ () C:\WINDOWS\setupact.log
    2014-12-07 21:55 - 2014-12-07 21:55 - 00002358 _____ () C:\Documents and Settings\Owner\Desktop\VEW.txt
    2014-12-07 21:20 - 2014-12-07 21:20 - 00005212 _____ () C:\Documents and Settings\Owner\Desktop\procexp.TXT
    2014-12-07 21:20 - 2014-12-07 14:33 - 00061440 _____ ( ) C:\Documents and Settings\Owner\Desktop\VEW.exe
    2014-12-07 21:15 - 2014-12-07 14:33 - 02480312 _____ (Sysinternals - www.sysinternals.com) C:\Documents and Settings\Owner\Desktop\procexp.exe
    2014-12-07 20:26 - 2014-12-07 20:26 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\AVAST Software
    2014-12-07 18:49 - 2014-12-07 18:49 - 00001797 _____ () C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
    2014-12-07 18:49 - 2014-12-07 18:49 - 00000000 ____D () C:\WINDOWS\jumpshot.com
    2014-12-07 18:49 - 2014-12-07 18:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
    2014-12-07 18:48 - 2014-12-08 17:26 - 00000362 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
    2014-12-07 18:48 - 2014-12-07 18:48 - 00423784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
    2014-12-07 18:48 - 2014-12-07 18:47 - 00206248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
    2014-12-07 18:48 - 2014-12-07 18:47 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2014-12-07 18:48 - 2014-12-07 18:47 - 00057928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
    2014-12-07 18:48 - 2014-12-07 18:47 - 00055240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
    2014-12-07 18:48 - 2014-12-07 18:47 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2014-12-07 18:48 - 2014-12-07 18:47 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
    2014-12-07 18:47 - 2014-12-07 18:49 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
    2014-12-07 18:47 - 2014-12-07 18:47 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2014-12-07 18:47 - 2014-12-07 18:47 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
    2014-12-07 18:45 - 2014-12-07 18:45 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-12-07 14:31 - 2014-12-07 14:33 - 132469808 _____ (AVAST Software) C:\Documents and Settings\All Users\Desktop\avast_free_antivirus_setup (1).exe
    2014-12-05 21:44 - 2014-12-05 21:44 - 00046178 _____ () C:\Documents and Settings\Owner\Desktop\Extras.Txt
    2014-12-05 21:43 - 2014-12-05 21:43 - 00069294 _____ () C:\Documents and Settings\Owner\Desktop\OTL.Txt
    2014-12-05 21:34 - 2014-12-05 21:34 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Owner\Desktop\OTL.exe
    2014-12-04 22:59 - 2014-12-04 22:59 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
    2014-12-04 22:35 - 2014-12-07 18:38 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-12-04 22:35 - 2014-12-04 22:35 - 00001744 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    2014-12-04 22:35 - 2014-12-04 22:35 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    2014-12-04 22:35 - 2014-12-04 22:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2014-12-03 23:27 - 2014-12-04 21:22 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2014-12-03 22:02 - 2014-12-07 21:57 - 00004788 _____ () C:\WINDOWS\setupapi.log
    2014-12-03 22:01 - 2014-12-03 22:17 - 00000012 _____ () C:\WINDOWS\msoffice.ini
    2014-12-03 21:53 - 2014-12-03 21:53 - 00147514 _____ () C:\Documents and Settings\Owner\Desktop\cc_20141203_215310.reg
    2014-11-25 15:30 - 2014-11-25 15:23 - 00615062 _____ () C:\Documents and Settings\Owner\Desktop\BECKY1.TXT
    2014-11-25 15:30 - 2014-11-25 15:22 - 01358890 _____ () C:\Documents and Settings\Owner\Desktop\BECKY.TXT
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-12-08 18:00 - 2011-10-23 17:02 - 00000422 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{F88E048E-B866-4852-A9E1-B67483BEB339}.job
    2014-12-08 18:00 - 2011-10-19 20:27 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\temp
    2014-12-08 17:24 - 2011-10-07 10:23 - 01638728 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-12-08 17:20 - 2011-08-27 09:21 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2014-12-08 17:19 - 2013-02-04 07:29 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2014-12-08 17:14 - 2011-08-27 09:21 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-12-08 17:14 - 2002-11-13 17:37 - 00000191 _____ () C:\WINDOWS\system\hpsysdrv.DAT
    2014-12-08 17:14 - 2002-08-01 21:32 - 00012598 _____ () C:\WINDOWS\system32\wpa.dbl
    2014-12-08 17:13 - 2014-04-09 08:09 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    2014-12-08 17:12 - 2011-10-07 11:55 - 00000157 _____ () C:\WINDOWS\wiadebug.log
    2014-12-08 17:12 - 2011-10-07 11:55 - 00000049 _____ () C:\WINDOWS\wiaservc.log
    2014-12-08 17:12 - 2002-08-01 21:46 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-12-07 23:26 - 2011-10-23 21:17 - 00001024 ____H () C:\WINDOWS\system32\default_user_class.dat.LOG
    2014-12-07 23:26 - 2011-10-07 11:52 - 00032518 _____ () C:\WINDOWS\SchedLgU.Txt
    2014-12-07 23:26 - 2002-08-01 21:51 - 00000178 ___SH () C:\Documents and Settings\Owner\ntuser.ini
    2014-12-07 21:57 - 2014-07-02 11:53 - 00000181 _____ () C:\WINDOWS\hpbafd.ini
    2014-12-07 21:54 - 2011-10-20 21:39 - 00002358 _____ () C:\VEW.txt
    2014-12-07 21:14 - 2011-09-26 08:22 - 00000778 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
    2014-12-07 21:14 - 2008-12-17 09:47 - 00000778 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    2014-12-07 20:28 - 2011-10-25 20:02 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Temp
    2014-12-07 18:45 - 2011-10-07 11:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
    2014-12-07 18:39 - 2002-08-01 21:33 - 00000327 __RSH () C:\boot.ini
    2014-12-07 18:39 - 2002-08-01 21:32 - 00000743 _____ () C:\WINDOWS\win.ini
    2014-12-07 18:39 - 2002-08-01 21:32 - 00000285 _____ () C:\WINDOWS\system.ini
    2014-12-07 14:40 - 2011-10-05 15:06 - 00001945 _____ () C:\WINDOWS\epplauncher.mif
    2014-12-07 14:04 - 2011-10-19 20:27 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
    2014-12-04 21:06 - 2006-12-04 09:17 - 00000000 __SHD () C:\WINDOWS\CSC
    2014-12-03 23:24 - 2002-01-01 00:25 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
    2014-12-03 23:22 - 2002-01-01 00:25 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    2014-12-03 22:50 - 2002-08-01 14:37 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
    2014-12-03 22:20 - 2011-11-17 15:21 - 00000000 ____D () C:\Program Files\QuickTime
    2014-12-03 22:02 - 2004-01-14 16:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AOL
    2014-12-03 22:02 - 2002-11-26 21:34 - 00000000 ____D () C:\Program Files\Common Files\AOL
    2014-12-03 21:37 - 2003-09-15 09:17 - 00000000 __SHD () C:\Documents and Settings\Owner\UserData
    2014-12-03 21:37 - 2002-08-01 21:51 - 00000000 ____D () C:\Documents and Settings\Owner
    2014-12-02 11:13 - 2002-08-01 21:42 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
    2014-11-26 12:19 - 2011-08-27 09:23 - 00001879 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    2014-11-26 05:20 - 2013-02-04 07:29 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2014-11-26 05:20 - 2011-08-27 09:19 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2014-11-20 11:31 - 2002-08-01 14:37 - 00527394 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2014-11-20 11:25 - 2003-03-17 15:53 - 00000000 ____D () C:\WINDOWS\pss
    2014-11-15 04:11 - 2013-07-25 02:02 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-11-15 03:11 - 2005-05-21 14:31 - 100445232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2014-11-08 15:00 - 2014-04-09 08:09 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
     
    Some content of TEMP:
    ====================
    C:\Documents and Settings\Owner\Local Settings\temp\uninst.dll
    C:\Documents and Settings\Owner\Local Settings\temp\vmpremov.exe
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
     
    ==================== End Of Log ============================
     
    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-12-2014
    Ran by Owner at 2014-12-08 18:03:37
    Running from C:\Documents and Settings\Owner\Desktop
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    32 Bit HP CIO Components Installer (Version: 2.1.4 - Hewlett-Packard) Hidden
    Actinic Catalog 3 (HKLM\...\Actinic Catalog v3) (Version: 3.10.1.0.1.9INB - Actinic Software Ltd.)
    Actiontec USB/Ethernet Home DSL Modem (HKLM\...\{9692FD03-6662-4E62-B08C-30DFF51651E1}) (Version:  - )
    Adobe Download Manager 2.0 (Remove Only) (HKLM\...\AdobeESD) (Version: 2.0 - )
    Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Adobe® Photoshop® Album Starter Edition 3.0 (HKLM\...\{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}) (Version: 3.0.1 - Adobe Systems, Inc.)
    Adobe® Photoshop® Album Starter Edition 3.0.1 (HKLM\...\{C9618743-1A5C-461E-91C4-E013A3D70F3C}) (Version: 3.0.1 - Adobe Systems, Inc.)
    Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.3 - Auslogics Software Pty Ltd)
    Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
    Belarc Advisor 8.2 (HKLM\...\Belarc Advisor) (Version: 8.2.6.0 - Belarc Inc.)
    BufferChm (Version: 110.0.180.000 - Hewlett-Packard) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 3.12 - Piriform)
    Coloreal (HKLM\...\{BDE90251-93EB-4F6A-89D8-086E2D91DC56}) (Version:  - )
    Compaq Advisor (HKLM\...\{C4C1AFCD-2C72-48B4-AE2E-A7354A525E87}) (Version:  - )
    Corel WinDVD (Version: 11 - Corel Inc.) Hidden
    Corel WinDVD Pro 11 (HKLM\...\_{991D8429-CFD9-48D9-BD85-6EDD3007B5A9}) (Version: 11.0.0.289 - Corel Inc.)
    Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows4.0) (Version: 4.0 - Coupons, Inc.) <==== ATTENTION
    Crystal Reports for PFW (HKLM\...\{7699B723-9718-41DE-8C18-549F341C02CE}) (Version: 8.5.0.2175 - Seagate Software, Inc.)
    DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 3.50 - VERITAS Software)
    Easy Access Button Support (HKLM\...\{93539D60-1817-11D1-9504-00805F26A89C}) (Version:  - )
    ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
    FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version:  - )
    Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    HP LaserJet P1500 series (HKLM\...\HP LaserJet P1500 series) (Version:  - )
    HP Photosmart C5500 All-In-One Driver Software 11.0 Rel .4 (HKLM\...\{8A558B0C-541D-47e0-A177-8635CE723B07}) (Version: 11.0 - HP)
    HPCarePackCore (HKLM\...\{7B02BF60-796D-4616-908B-B31A63CFDEFB}) (Version: 10.0.0.1 - Hewlett-Packard)
    HPCarePackProducts (Version: 1.0.0.1 - HP) Hidden
    hppMSRedist (Version: 1.00.0000 - Hewlett-Packard) Hidden
    hppusgP1500 (Version: 000.000.00003 - Hewlett-Packard) Hidden
    HPSSupply (HKLM\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
    ICA (Version: 1.0 - Corel Inc.) Hidden
    Inactive HP Printer Drivers (Remove only) (HKLM\...\Inactive HP Printer Drivers (Remove only)) (Version:  - )
    Intel® Extreme Graphics Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version:  - )
    InterVideo WinDVD (HKLM\...\{C1939820-A945-11D4-86F6-0001031E5712}) (Version:  - InterVideo Inc.)
    IPM (Version: 1.00.0000 - Corel Inc.) Hidden
    Java 2 Runtime Environment Standard Edition v1.3.1 (HKLM\...\JRE 1.3.1) (Version:  - )
    Java™ 6 Update 13 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216012FF}) (Version: 6.0.130 - Sun Microsystems, Inc.)
    Java™ 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
    Java™ 7 Update 1 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217001FF}) (Version: 7.0.10 - Oracle)
    Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version:  - )
    Macromedia Dreamweaver MX (HKLM\...\{8B4AB829-DFD3-436D-B808-D9733D76C590}) (Version: 6.0 - Macromedia)
    Macromedia Extension Manager (HKLM\...\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}) (Version: 1.5 - Macromedia)
    Malwarebytes Anti-Malware version 1.60.0.1800 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.60.0.1800 - Malwarebytes Corporation)
    MarketResearch (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
    Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
    Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Works 6.0 (HKLM\...\{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}) (Version: 06.00.0000 - Microsoft Corporation)
    Move Media Player (HKU\S-1-5-21-2234620177-1887795725-650978795-1003\...\Move Media Player) (Version:  - Move Networks)
    Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
    OpenOffice.org 3.3 (HKLM\...\{ED23E382-E5E3-4E21-B616-01FC59A40916}) (Version: 3.3.9567 - OpenOffice.org)
    Pervasive.SQL 2000 Client (SP3) (HKLM\...\Pervasive.SQL 2000 Client) (Version:  - )
    PFW File Associations (HKLM\...\PFW95Files) (Version:  - )
    Photosmart 130,230,7150,7345,7350,7550 (Remove only) (HKLM\...\hphuni04) (Version:  - )
    Platinum for Windows by Best (HKLM\...\Platinum for Windows by Best) (Version:  - )
    PS_AIO_04_C5500_Software (Version: 110.0.209.000 - Hewlett-Packard) Hidden
    PS_AIO_04_C5500_Software_Min (Version: 110.0.209.000 - Hewlett-Packard) Hidden
    Python 2.2 combined Win32 extensions (HKLM\...\Python 2.2 combined Win32 extensions) (Version:  - )
    Python 2.2.1 (HKLM\...\Python 2.2.1) (Version: 2.2.1 - PythonLabs at Zope Corporation)
    RealOne Player (HKLM\...\RealPlayer 6.0) (Version:  - )
    RecordNow (HKLM\...\{8214CC02-6271-4DC8-B8DD-779933450264}) (Version: 4.10 - VERITAS Software)
    RecordNow Update Manager (HKLM\...\{09DA4F91-2A09-4232-AB8C-6BC740096DE3}) (Version: 2.70 - VERITAS Software)
    S3Display (HKLM\...\S3Display) (Version:  - )
    S3Gamma2 (HKLM\...\S3Gamma2) (Version:  - )
    S3Info2 (HKLM\...\S3Info2) (Version:  - )
    S3Overlay (HKLM\...\S3Overlay) (Version:  - )
    Scan (Version: 11.0.0.0 - Hewlett-Packard) Hidden
    Setup (Version: 11.0 - Corel Inc.) Hidden
    Shipping Assistant 3.6 (HKLM\...\{15C77FC3-8137-4A5E-8F81-F559045DD6B0}) (Version: 3.6.80.0 - United States Postal Service)
    Simple Adblock (HKLM\...\{54B19DCE-232F-45A3-80D9-2141DEDF6D8F}) (Version: 1.1.0 - Simple Adblock)
    SpywareBlaster 4.4 (HKLM\...\SpywareBlaster_is1) (Version: 4.4.0 - Javacool Software LLC)
    SpywareGuard v2.2 (HKLM\...\SpywareGuard_is1) (Version: 2.2 - Javacool Software LLC)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1164 - SUPERAntiSpyware.com)
    Toolbox (Version: 110.0.180.000 - Hewlett-Packard) Hidden
    UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
    User Profile Hive Cleanup Service (HKLM\...\{7D15B945-2725-4443-AB3F-D900556612FE}) (Version: 1.6.36 - Microsoft Corporation)
    WebFldrs XP (Version: 9.50.5318 - Microsoft Corporation) Hidden
    WebReg (Version: 110.0.180.000 - Hewlett-Packard) Hidden
    Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
    Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
    Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
    Works Suite OS Pack (Version: 1.0.0.0000 - Microsoft Corporation) Hidden
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
    CustomCLSID: HKU\S-1-5-21-2234620177-1887795725-650978795-1003_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
    CustomCLSID: HKU\S-1-5-21-2234620177-1887795725-650978795-1003_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
    CustomCLSID: HKU\S-1-5-21-2234620177-1887795725-650978795-1003_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
    CustomCLSID: HKU\S-1-5-21-2234620177-1887795725-650978795-1003_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
     
    ==================== Restore Points  =========================
     
    24-10-2014 20:10:21 Software Distribution Service 3.0
    25-10-2014 20:10:06 Software Distribution Service 3.0
    26-10-2014 20:10:22 Software Distribution Service 3.0
    27-10-2014 06:14:35 Software Distribution Service 3.0
    27-10-2014 20:10:12 Software Distribution Service 3.0
    28-10-2014 21:49:59 System Checkpoint
    28-10-2014 22:49:39 Software Distribution Service 3.0
    29-10-2014 23:21:33 System Checkpoint
    29-10-2014 23:23:16 Software Distribution Service 3.0
    31-10-2014 00:21:49 System Checkpoint
    31-10-2014 01:12:30 Software Distribution Service 3.0
    31-10-2014 23:23:04 Software Distribution Service 3.0
    01-11-2014 23:47:16 Software Distribution Service 3.0
    02-11-2014 23:35:15 Software Distribution Service 3.0
    03-11-2014 10:09:58 Software Distribution Service 3.0
    04-11-2014 00:14:40 Software Distribution Service 3.0
    05-11-2014 00:42:05 System Checkpoint
    06-11-2014 01:13:00 System Checkpoint
    06-11-2014 01:56:08 Software Distribution Service 3.0
    06-11-2014 23:58:07 Software Distribution Service 3.0
    08-11-2014 00:22:44 System Checkpoint
    08-11-2014 00:53:13 Software Distribution Service 3.0
    09-11-2014 00:13:28 Software Distribution Service 3.0
    10-11-2014 00:21:48 Software Distribution Service 3.0
    10-11-2014 09:59:24 Software Distribution Service 3.0
    11-11-2014 11:14:41 System Checkpoint
    12-11-2014 00:17:21 Software Distribution Service 3.0
    13-11-2014 00:57:43 System Checkpoint
    13-11-2014 04:52:14 Software Distribution Service 3.0
    14-11-2014 05:11:36 Software Distribution Service 3.0
    14-11-2014 20:28:31 Software Distribution Service 3.0
    15-11-2014 08:06:20 Software Distribution Service 3.0
    15-11-2014 21:06:45 Software Distribution Service 3.0
    16-11-2014 21:22:06 Software Distribution Service 3.0
    17-11-2014 12:12:04 Software Distribution Service 3.0
    17-11-2014 21:35:04 Software Distribution Service 3.0
    18-11-2014 22:18:20 System Checkpoint
    19-11-2014 20:26:36 Software Distribution Service 3.0
    20-11-2014 22:43:56 System Checkpoint
    21-11-2014 16:20:03 Software Distribution Service 3.0
    22-11-2014 16:33:06 Software Distribution Service 3.0
    23-11-2014 16:53:36 System Checkpoint
    23-11-2014 18:32:20 Software Distribution Service 3.0
    24-11-2014 09:13:08 Software Distribution Service 3.0
    24-11-2014 16:45:41 Software Distribution Service 3.0
    25-11-2014 16:55:35 System Checkpoint
    25-11-2014 17:59:51 Software Distribution Service 3.0
    26-11-2014 17:41:54 Software Distribution Service 3.0
    27-11-2014 20:07:32 Software Distribution Service 3.0
    28-11-2014 16:27:03 Software Distribution Service 3.0
    29-11-2014 17:26:24 System Checkpoint
    29-11-2014 19:33:16 Software Distribution Service 3.0
    30-11-2014 20:22:45 Software Distribution Service 3.0
    01-12-2014 07:17:00 Software Distribution Service 3.0
    01-12-2014 19:39:47 Software Distribution Service 3.0
    04-12-2014 00:18:26 System Checkpoint
    04-12-2014 03:09:46 Removed Apple Application Support
    04-12-2014 03:12:56 Removed Apple Software Update
    04-12-2014 03:19:23 Removed QuickTime
    04-12-2014 03:50:31 Removed Windows Live Sign-in Assistant
    05-12-2014 05:25:43 System Checkpoint
    06-12-2014 01:49:04 Software Distribution Service 3.0
    07-12-2014 18:45:11 Software Distribution Service 3.0
    07-12-2014 23:45:09 avast! antivirus system restore point
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2011-10-06 11:38 - 2011-10-07 10:24 - 00000027 ____N C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1       localhost
     
    ==================== Scheduled Tasks (whitelisted) =============
     
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\HP WEP.job => C:\Program Files\HP\Dfawep\bin\hpbdfawep.exeOwner$Task for execution of hpbdfawep.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Registration reminder 1.job => C:\WINDOWS\System32\OOBE\oobebaln.exe
    Task: C:\WINDOWS\Tasks\Registration reminder 2.job => C:\WINDOWS\System32\OOBE\oobebaln.exe
    Task: C:\WINDOWS\Tasks\Registration reminder 3.job => C:\WINDOWS\System32\OOBE\oobebaln.exe
    Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{F88E048E-B866-4852-A9E1-B67483BEB339}.job => C:\WINDOWS\system32\msfeedssync.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2014-12-08 17:19 - 2014-12-08 17:19 - 02905088 _____ () C:\Program Files\AVAST Software\Avast\defs\14120801\algo.dll
    2003-08-02 23:20 - 2003-08-02 22:20 - 00126976 ____R () C:\Program Files\SpywareGuard\spywareguard.dll
    2002-08-02 00:19 - 1998-12-21 03:35 - 00024576 _____ () C:\Program Files\Compaq\Easy Access Button Support\BttnSeps.dll
    2014-12-07 18:47 - 2014-12-07 18:47 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2004-08-04 07:00 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
    2004-08-04 07:00 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
    2014-11-26 11:18 - 2014-11-25 01:39 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll
    2014-11-26 11:15 - 2014-11-25 01:39 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
    2014-11-26 11:20 - 2014-11-25 01:39 - 14910280 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
    AlternateDataStreams: C:\WINDOWS\$NtUninstallKB41753$:SummaryInformation
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
     
    ==================== EXE Association (whitelisted) =============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== MSCONFIG/TASK MANAGER disabled items =========
     
    (Currently there is no automatic fix for this section.)
     
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk => C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk => C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk => C:\WINDOWS\pss\AOL Companion.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk => C:\WINDOWS\pss\ERUNT AutoBackup.lnkStartup
    MSCONFIG\startupfolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk => C:\WINDOWS\pss\OpenOffice.org 3.0.lnkStartup
    MSCONFIG\startupfolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\WINDOWS\pss\OpenOffice.org 3.3.lnkStartup
    MSCONFIG\startupfolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^SpywareGuard.lnk => C:\WINDOWS\pss\SpywareGuard.lnkStartup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Adobe Photo Downloader => "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: FileHippo.com => "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background
    MSCONFIG\startupreg: HostManager => C:\Program Files\Common Files\AOL\1187716252\ee\AOLSoftware.exe
    MSCONFIG\startupreg: HPDJ Taskbar Utility => C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    MSCONFIG\startupreg: HPHmon04 => C:\WINDOWS\System32\hphmon04.exe
    MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\system32\igfxtray.exe
    MSCONFIG\startupreg: Malwarebytes' Anti-Malware => "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    MSCONFIG\startupreg: Microsoft Works Update Detection => c:\Program Files\Microsoft Works\WkDetect.exe
    MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
    MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: Recguard => C:\WINDOWS\SMINST\RECGUARD.EXE
    MSCONFIG\startupreg: srmclean => C:\Cpqs\Scom\srmclean.exe
    MSCONFIG\startupreg: StorageGuard => "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    MSCONFIG\startupreg: TkBellExe => C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    MSCONFIG\startupreg: updateMgr => "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
     
    ========================= Accounts: ==========================
     
    Administrator (S-1-5-21-2234620177-1887795725-650978795-500 - Administrator - Enabled)
    ASPNET (S-1-5-21-2234620177-1887795725-650978795-1006 - Limited - Enabled)
    Guest (S-1-5-21-2234620177-1887795725-650978795-501 - Limited - Disabled)
    HelpAssistant (S-1-5-21-2234620177-1887795725-650978795-1005 - Limited - Disabled)
    LogMeInRemoteUser (S-1-5-21-2234620177-1887795725-650978795-1007 - Administrator - Enabled)
    Owner (S-1-5-21-2234620177-1887795725-650978795-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
    SUPPORT_388945a0 (S-1-5-21-2234620177-1887795725-650978795-1002 - Limited - Disabled)
    SUPPORT_b326ad0c (S-1-5-21-2234620177-1887795725-650978795-1004 - Limited - Disabled)
     
    ==================== Faulty Device Manager Devices =============
     
    Name: Compaq Easy Access PS2 Internet Keyboard
    Description: Compaq Easy Access PS2 Internet Keyboard
    Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318}
    Manufacturer: Compaq Computer Corporation
    Service: i8042prt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (12/08/2014 05:12:52 PM) (Source: AutoEnrollment) (EventID: 15) (User: )
    Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
      Enrollment will not be performed.
     
    Error: (12/08/2014 05:12:50 PM) (Source: Userenv) (EventID: 1054) (User: NT AUTHORITY)
    Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
     
    Error: (12/07/2014 09:24:57 PM) (Source: AutoEnrollment) (EventID: 15) (User: )
    Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
      Enrollment will not be performed.
     
    Error: (12/07/2014 09:24:48 PM) (Source: Userenv) (EventID: 1054) (User: NT AUTHORITY)
    Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
     
     
    System errors:
    =============
    Error: (12/08/2014 05:13:55 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load: 
    viaagp1
     
    Error: (12/08/2014 05:13:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The LogMeIn Kernel Information Provider service failed to start due to the following error: 
    %%3
     
    Error: (12/08/2014 05:12:51 PM) (Source: NETLOGON) (EventID: 5719) (User: )
    Description: No Domain Controller is available for domain AD due to the following: 
    %%1311.
     
    Make sure that the computer is connected to the network and try
    again. If the problem persists, please contact your domain administrator.
     
    Error: (12/07/2014 09:26:02 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load: 
    viaagp1
     
    Error: (12/07/2014 09:26:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The LogMeIn Kernel Information Provider service failed to start due to the following error: 
    %%3
     
    Error: (12/07/2014 09:24:47 PM) (Source: NETLOGON) (EventID: 5719) (User: )
    Description: No Domain Controller is available for domain AD due to the following: 
    %%1311.
     
    Make sure that the computer is connected to the network and try
    again. If the problem persists, please contact your domain administrator.
     
    Error: (12/07/2014 09:24:32 PM) (Source: 0) (EventID: 1) (User: )
    Description: 0xC0000001HarddiskVolume1
     
     
    Microsoft Office Sessions:
    =========================
    Error: (12/08/2014 05:12:52 PM) (Source: AutoEnrollment) (EventID: 15) (User: )
    Description: local system0x8007054bThe specified domain either does not exist or could not be contacted.
     
    Error: (12/08/2014 05:12:50 PM) (Source: Userenv) (EventID: 1054) (User: NT AUTHORITY)
    Description: The specified domain either does not exist or could not be contacted.
     
    Error: (12/07/2014 09:24:57 PM) (Source: AutoEnrollment) (EventID: 15) (User: )
    Description: local system0x8007054bThe specified domain either does not exist or could not be contacted.
     
    Error: (12/07/2014 09:24:48 PM) (Source: Userenv) (EventID: 1054) (User: NT AUTHORITY)
    Description: The specified domain either does not exist or could not be contacted.
     
     
    ==================== Memory info =========================== 
     
    Processor:  Intel® Pentium® 4 CPU 2.00GHz
    Percentage of memory in use: 60%
    Total physical RAM: 510.52 MB
    Available physical RAM: 200.58 MB
    Total Pagefile: 1248.48 MB
    Available Pagefile: 695.87 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1945.43 MB
     
    ==================== Drives ================================
     
    Drive c: (PRESARIO) (Fixed) (Total:55.93 GB) (Free:33.71 GB) NTFS ==>[Drive with boot components (Windows XP)]
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (Size: 55.9 GB) (Disk ID: FCB1EC06)
    Partition 1: (Active) - (Size=55.9 GB) - (Type=07 NTFS)
     
    ==================== End Of Log ============================

    OTL logfile created on: 12/8/2014 6:07:57 p. m. - Run 2
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Owner\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    510.52 Mb Total Physical Memory | 322.81 Mb Available Physical Memory | 63.23% Memory free
    1.22 Gb Paging File | 0.99 Gb Available in Paging File | 81.27% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 55.93 Gb Total Space | 33.71 Gb Free Space | 60.28% Space Free | Partition Type: NTFS
     
    Computer Name: YOUR-PA86Z1I3G7 | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - [2014/12/07 18:48:58 | 005,226,600 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
    PRC - [2014/12/07 18:47:19 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2014/12/05 21:34:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    PRC - [2014/07/22 18:47:10 | 000,142,648 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/10/25 06:07:55 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2010/09/13 19:02:44 | 000,399,872 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\Program Files\UPHClean\uphclean.exe
    PRC - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/09/10 15:12:44 | 000,069,632 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE
    PRC - [2002/06/17 20:14:38 | 000,090,112 | ---- | M] (Compaq) -- C:\Compaq\EAKDRV\EAUSBKBD.exe
    PRC - [2002/04/14 06:29:58 | 000,438,272 | ---- | M] (Compaq Computer Corporation) -- C:\Program Files\compaq\Easy Access Button Support\CPQEADM.exe
    PRC - [2001/12/15 00:01:24 | 000,032,768 | ---- | M] (Compaq Computer Corporation) -- C:\Program Files\compaq\Easy Access Button Support\STARTEAK.exe
    PRC - [2001/03/23 21:34:10 | 000,122,880 | ---- | M] (Compaq Computer Corporation) -- C:\Program Files\compaq\Easy Access Button Support\BttnServ.exe
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - [2014/12/08 17:19:56 | 002,905,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\14120801\algo.dll
    MOD - [2014/12/07 18:47:44 | 038,562,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
    MOD - [2003/08/02 22:20:57 | 000,126,976 | R--- | M] () -- C:\Program Files\SpywareGuard\spywareguard.dll
    MOD - [1998/12/21 03:35:36 | 000,024,576 | ---- | M] () -- C:\Program Files\compaq\Easy Access Button Support\BttnSeps.dll
     
     
    ========== Services (SafeList) ==========
     
    SRV - [2014/12/07 18:47:19 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2014/11/26 05:20:34 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/10/01 14:14:22 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2014/07/22 18:47:10 | 000,142,648 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/10/25 06:07:55 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2010/09/13 19:02:44 | 000,399,872 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
    SRV - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
    SRV - [2002/05/24 12:46:14 | 000,077,824 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hphipm11.exe -- (Pml Driver HPH11)
    SRV - [2002/05/17 02:30:12 | 000,262,144 | ---- | M] (NeoPlanet) [Disabled | Stopped] -- C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe -- (Compaq_RBA)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wanatw4.sys -- (wanatw)
    DRV - File not found [Kernel | Boot | Stopped] -- System32\DRIVERS\viaagp1.sys -- (viaagp1)
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
    DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
    DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
    DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\AMERIC~2.0\ATWPKT2.SYS -- (ATWPKT2)
    DRV - [2014/12/07 18:49:01 | 000,787,800 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsnx.sys -- (aswSnx)
    DRV - [2014/12/07 18:48:56 | 000,423,784 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsp.sys -- (aswSP)
    DRV - [2014/12/07 18:47:49 | 000,206,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
    DRV - [2014/12/07 18:47:49 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2014/12/07 18:47:49 | 000,057,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2014/12/07 18:47:49 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
    DRV - [2014/12/07 18:47:49 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aswHwid.sys -- (aswHwid)
    DRV - [2014/12/07 18:47:48 | 000,055,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2014/12/04 21:22:55 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
    DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/08/09 16:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
    DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/11/15 23:24:48 | 000,013,880 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
    DRV - [2008/10/16 20:35:58 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV - [2008/07/24 18:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
    DRV - [2004/10/01 09:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
    DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
    DRV - [2003/03/31 13:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
    DRV - [2002/07/13 06:27:04 | 000,155,008 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
    DRV - [2002/05/24 12:46:14 | 000,050,896 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphid411.sys -- (Dot4 HPH11)
    DRV - [2002/05/24 12:46:14 | 000,018,928 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphius11.sys -- (Dot4Usb HPH11)
    DRV - [2002/05/24 12:46:14 | 000,016,112 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphipr11.sys -- (Dot4Print HPH11)
    DRV - [2001/08/10 03:26:02 | 000,022,608 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wandrv.sys -- (wandrv)
    DRV - [2001/08/08 15:13:36 | 000,158,140 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
    DRV - [2001/08/08 15:13:30 | 000,012,479 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
    DRV - [2001/08/08 15:13:30 | 000,012,031 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
    DRV - [2001/08/08 15:13:30 | 000,011,679 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
    DRV - [2001/08/08 15:13:28 | 000,019,359 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
    DRV - [2001/08/08 15:13:28 | 000,011,999 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
    DRV - [2001/08/08 15:13:26 | 000,033,503 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
    DRV - [2001/08/08 15:13:24 | 000,029,215 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
    DRV - [2001/08/08 15:13:24 | 000,023,519 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
    DRV - [2001/08/08 15:13:24 | 000,019,199 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
    DRV - [1999/10/30 00:35:08 | 000,024,348 | ---- | M] (Compaq Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EAWDMFD.SYS -- (EAWDMFD)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/.../search/ie.html
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://rd.yahoo.com/.../search/ie.html
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
    IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
    IE - HKCU\..\SearchScopes,DefaultScope = {958A91A2-C0A5-4125-BE5C-0CC04963DADE}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{958A91A2-C0A5-4125-BE5C-0CC04963DADE}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    ========== FireFox ==========
     
    FF - prefs.js..browser.search.defaultengine: "Yahoo! (Avast)"
    FF - prefs.js..browser.search.defaultenginename: "Yahoo! (Avast)"
    FF - prefs.js..browser.search.defaultthis.engineName: "Yahoo! (Avast)"
    FF - prefs.js..browser.search.defaulturl: "https://search.yahoo.com/yhs/search"
    FF - prefs.js..browser.search.order.1: "Yahoo! (Avast)"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo! (Avast)"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "https://www.yahoo.co...st&type=agc511"
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.3
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0
    FF - prefs.js..extensions.enabledItems: [email protected]:7
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
    FF - prefs.js..keyword.URL: "https://search.yahoo.com/yhs/search"
    FF - user.js - File not found
     
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/12/07 18:47:52 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/12/03 22:17:45 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/12/03 22:17:45 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Owner\Application Data\Move Networks [2009/09/24 08:05:47 | 000,000,000 | ---D | M]
     
    [2008/12/17 09:48:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
    [2014/12/07 23:23:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a7r646om.default\extensions
    [2014/12/07 23:23:00 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a7r646om.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2013/11/08 10:59:43 | 000,000,000 | ---D | M] ("AOL Toolbar") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a7r646om.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
    [2014/12/07 23:22:54 | 000,979,699 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a7r646om.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2013/11/08 10:59:52 | 000,002,568 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a7r646om.default\searchplugins\aol-search.xml
    [2014/12/07 21:14:12 | 000,009,405 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a7r646om.default\searchplugins\yahoo-avast.xml
    [2014/10/01 14:08:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2014/10/01 14:15:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2014/10/01 14:08:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
    [2014/10/01 14:08:37 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
    [2011/10/25 06:08:00 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
     
    ========== Chrome  ==========
     
    CHR - default_search_provider:  (Enabled)
    CHR - default_search_provider: search_url = 
    CHR - default_search_provider: suggest_url = 
    CHR - homepage: http://www.google.com
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\39.0.2171.71\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Java™ Platform SE 6 U13 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - default_search_provider: 5E465C779E5DB8612D77535A0F1FB4C5C1FE0C4E799F16E184A78BC355CCE684 (Enabled)
    CHR - default_search_provider: search_url = 19C3F72EEC30C07CD4FAC62A54F2DC900B6D7CDF568B4A95C70792A9B0D4F661
    CHR - default_search_provider: suggest_url = 
    CHR - homepage: BA7925A63BFC82F1BB785872B440FF709DFC6795F046B640942C190250AED6BD
    CHR - Extension: Google Voice Search Hotword (Beta) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
    CHR - Extension: Avast Online Security = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2502.149_0\
    CHR - Extension: Google Wallet = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
     
    O1 HOSTS File: ([2011/10/07 10:24:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1       localhost
    O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
    O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [CPQEASYACC] C:\Program Files\compaq\Easy Access Button Support\STARTEAK.exe (Compaq Computer Corporation)
    O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [WCOLOREAL] C:\Program Files\COMPAQ\Coloreal\coloreal.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: RemindU. - C:\Program Files\Upromise_Remind_U\UpromisesRemindU\UpromisetRemindU\uproC0.htm ()
    O15 - HKCU\..Trusted Domains:   ([]msn in My Computer)
    O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
    O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.micr...D0C/wmv9dmo.cab (Reg Error: Key error.)
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Ad.pewtarex.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{800B941B-1605-49D1-A59E-567F4C06CBA9}: DhcpNameServer = 75.75.76.76 75.75.75.75
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
    O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2013/05/29 11:35:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2002/08/01 21:46:53 | 000,000,000 | ---- | M] () - C:\autoexec.PU_ -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2014/12/08 17:58:54 | 000,000,000 | ---D | C] -- C:\FRST
    [2014/12/08 17:58:10 | 001,111,040 | ---- | C] (Farbar) -- C:\Documents and Settings\Owner\Desktop\FRST.exe
    [2014/12/07 21:15:18 | 002,480,312 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Owner\Desktop\procexp.exe
    [2014/12/07 20:26:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVAST Software
    [2014/12/07 18:49:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\jumpshot.com
    [2014/12/07 18:49:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
    [2014/12/07 18:48:05 | 000,057,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2014/12/07 18:48:04 | 000,423,784 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsp.sys
    [2014/12/07 18:48:03 | 000,070,384 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
    [2014/12/07 18:48:02 | 000,055,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2014/12/07 18:47:59 | 000,787,800 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsnx.sys
    [2014/12/07 18:47:54 | 000,291,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2014/12/07 18:47:46 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2014/12/07 18:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2014/12/07 14:31:00 | 132,469,808 | ---- | C] (AVAST Software) -- C:\Documents and Settings\All Users\Desktop\avast_free_antivirus_setup (1).exe
    [2014/12/05 21:34:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2014/12/04 22:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
    [2014/12/04 22:35:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    [2014/12/04 22:35:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2014/12/04 22:35:03 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2014/12/03 23:27:05 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2014/12/03 21:37:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2014/12/08 18:20:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2014/12/08 18:19:02 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2014/12/08 18:15:45 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F88E048E-B866-4852-A9E1-B67483BEB339}.job
    [2014/12/08 17:55:48 | 001,111,040 | ---- | M] (Farbar) -- C:\Documents and Settings\Owner\Desktop\FRST.exe
    [2014/12/08 17:26:07 | 000,000,362 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2014/12/08 17:25:50 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\HP WEP.job
    [2014/12/08 17:14:38 | 000,000,191 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
    [2014/12/08 17:14:22 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2014/12/08 17:14:12 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2014/12/08 17:13:51 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
    [2014/12/08 17:12:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2014/12/08 17:12:27 | 535,392,256 | -HS- | M] () -- C:\hiberfil.sys
    [2014/12/07 21:57:39 | 000,000,181 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
    [2014/12/07 21:14:15 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2014/12/07 18:49:12 | 000,001,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
    [2014/12/07 18:49:01 | 000,787,800 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsnx.sys
    [2014/12/07 18:48:56 | 000,423,784 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsp.sys
    [2014/12/07 18:47:49 | 000,206,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
    [2014/12/07 18:47:49 | 000,070,384 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
    [2014/12/07 18:47:49 | 000,057,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2014/12/07 18:47:49 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
    [2014/12/07 18:47:49 | 000,024,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
    [2014/12/07 18:47:48 | 000,055,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2014/12/07 18:47:46 | 000,291,352 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2014/12/07 18:47:46 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2014/12/07 18:39:08 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2014/12/07 14:40:51 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
    [2014/12/07 14:33:39 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Owner\Desktop\VEW.exe
    [2014/12/07 14:33:35 | 132,469,808 | ---- | M] (AVAST Software) -- C:\Documents and Settings\All Users\Desktop\avast_free_antivirus_setup (1).exe
    [2014/12/07 14:33:29 | 002,480,312 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Owner\Desktop\procexp.exe
    [2014/12/05 21:34:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2014/12/04 22:35:36 | 000,001,744 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2014/12/04 21:22:55 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2014/12/03 22:17:17 | 000,000,012 | ---- | M] () -- C:\WINDOWS\msoffice.ini
    [2014/12/03 21:53:21 | 000,147,514 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\cc_20141203_215310.reg
    [2014/11/26 12:19:40 | 000,001,879 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2014/11/26 05:20:30 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2014/11/26 05:20:29 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2014/11/20 11:31:14 | 000,444,666 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2014/11/20 11:31:14 | 000,073,212 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2014/12/08 17:25:49 | 000,000,316 | ---- | C] () -- C:\WINDOWS\tasks\HP WEP.job
    [2014/12/07 21:20:37 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Owner\Desktop\VEW.exe
    [2014/12/07 18:49:12 | 000,001,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
    [2014/12/07 18:48:53 | 000,000,362 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2014/12/07 18:48:05 | 000,206,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
    [2014/12/07 18:48:04 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
    [2014/12/07 18:48:02 | 000,024,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
    [2014/12/04 22:35:36 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2014/12/03 22:01:16 | 000,000,012 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2014/12/03 21:53:15 | 000,147,514 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\cc_20141203_215310.reg
    [2014/07/02 11:53:44 | 000,000,181 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
    [2013/05/29 11:43:15 | 000,061,504 | ---- | C] () -- C:\WINDOWS\System32\licensemanager.exe
    [2013/05/29 11:43:15 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\U25STORE.DLL
    [2013/05/29 11:43:15 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\U25TOTAL.DLL
    [2013/05/29 11:43:14 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\smtls32.dll
    [2013/05/29 11:43:14 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\U2LBAR.DLL
    [2013/05/29 11:43:06 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\Lftif60n.dll
    [2013/05/29 11:43:06 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\Ltfil60n.dll
    [2013/05/29 11:43:06 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\Lfbmp60n.dll
    [2013/05/29 11:43:06 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\Lfpsd60n.dll
    [2013/05/29 11:43:06 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Lftga60n.dll
    [2013/05/29 11:43:06 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\Lfwmf60n.dll
    [2013/05/29 11:43:05 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\Lffax60n.dll
    [2013/05/29 11:43:05 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\Lfcmp60n.dll
    [2013/05/29 11:43:05 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\Lfpng60n.dll
    [2013/05/29 11:43:05 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\Lfpcx60n.dll
    [2013/05/29 11:43:05 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\Lfpct60n.dll
    [2013/05/29 11:43:05 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\Lfeps60n.dll
    [2013/05/29 11:43:05 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\Lfwpg60n.dll
    [2013/05/29 11:43:05 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\Lfmsp60n.dll
    [2013/05/29 11:43:05 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Lfmac60n.dll
    [2013/05/29 11:43:04 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\Regsvr16.exe
    [2013/05/29 11:38:39 | 000,000,184 | ---- | C] () -- C:\WINDOWS\BTI.INI
    [2011/10/21 19:41:19 | 000,010,445 | ---- | C] () -- C:\Documents and Settings\Owner\datastore.INTEG.RAW
    [2011/10/11 09:07:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\{8AF1CB84-6885-4017-BD07-F0BEC571FE26}
    [2011/10/05 15:54:54 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
    [2011/10/04 15:13:15 | 000,001,213 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\ldr.ini
    [2009/10/14 08:58:09 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
    [2005/08/02 08:55:14 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2005/03/10 10:20:27 | 000,000,595 | ---- | C] () -- C:\Documents and Settings\Owner\plugin131.trace
    [2003/07/10 12:07:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\dm.ini
    [2002/08/02 00:08:45 | 000,000,173 | ---- | C] () -- C:\Documents and Settings\Owner\oobecmt.ini
    [2002/08/01 22:04:15 | 000,006,905 | ---- | C] () -- C:\Documents and Settings\Owner\ml2.srt
    [2002/08/01 22:04:15 | 000,006,892 | ---- | C] () -- C:\Documents and Settings\Owner\ml1.srt
     
    ========== ZeroAccess Check ==========
     
    [2009/02/11 14:01:19 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    ========== Custom Scans ==========
     
    < MD5 for: VIAAGP1.SYS  >
    [2002/03/04 13:10:00 | 000,027,648 | ---- | M] (VIA Technologies, Inc.) MD5=099F10C7B9D4C7A2BF48D4C6ECA1E7F1 -- C:\hp\drivers\video\S3_VIA\VIAAGP1.SYS
     
    ========== Alternate Data Streams ==========
     
    @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
     
    < End of report >
     

     


    • 0

    #7
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,019 posts
    • MVP
    Clear the Java Cache by following the instructions on
     
    You do not have the latest Java.
    First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
    I see:
    Java 2 Runtime Environment Standard Edition v1.3.1 
    Java™ 6 Update 13 
    Java™ 6 Update 7 
    Java™ 7 Update 1 
     
    Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.
     
    If you feel you must have Java:
    Get the latest Java at:
     
    Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.
    Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.
     
     
    Start, Run, eventvwr.msc, OK to bring up the Event Viewer.  Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. 
     
     
     
    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
     
     

    How is it running now?


    • 0

    #8
    jp17315

    jp17315

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 127 posts

    Computer is alot more responsive - google did not take long to load. I deleted java and did not install. Only thing I have not done is open the computer up and look inside. Will do tomorrow. Heres the logs.

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-12-2014
    Ran by Owner at 2014-12-09 22:02:34 Run:1
    Running from C:\Documents and Settings\Owner\Desktop
    Loaded Profile: Owner (Available profiles: Owner)
    Boot Mode: Normal
     
    ==============================================
     
    Content of fixlist:
    *****************
    ProxyServer: localhost:21320
    BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
    BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
    Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
    Toolbar: HKCU - No Name - {8F2767F8-338A-4258-BD1C-4DE5A3D8CDB2} -  No File
    S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
    S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
    R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2013-07-04] ()
    S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update [x]
    S3 hpqwmiex; 
    C:\ProgramData\PKP_DLeo.DAT
    C:\ProgramData\PKP_DLes.DAT
    C:\ProgramData\PKP_DLet.DAT
    C:\ProgramData\PKP_DLev.DAT
    C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
    Task: {3E61AE64-0809-4D19-91FC-E89602101DDD} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe [2013-10-15] (IObit)
    Task: {43906D32-72F8-4EB9-84FD-22471AA0884A} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2013-11-04] (IObit)
    Task: {496F03FD-5FFF-4E1B-9D8D-DFD96131FAFE} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2013-11-08] (IObit)
    Task: {6B026375-BCB7-498B-ACA9-EBD05EEF8CC6} - \BackgroundContainer Startup Task No Task File
    Task: {77D02D23-2882-4103-A493-8B4BB916D478} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\Autoupdate.exe [2013-06-20] ()
    Task: {F8781616-5534-4F40-A524-9D3E273A72BB} - System32\Tasks\SmartDefragUpdate => C:\Program Files (x86)\IObit\Smart Defrag 2\AutoUpdate.exe [2013-11-01] (IObit)
    Task: C:\Windows\Tasks\Driver Booster Update.job => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
     
    *****************
     
    HKU\ProxyServer: localhost:21320\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)" => Key not found.
    "HKCR\CLSID\BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)" => Key not found.
    BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit) => Error: No automatic fix found for this entry.
    \\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value not found.
    "HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
    \\{8F2767F8-338A-4258-BD1C-4DE5A3D8CDB2} => Value not found.
    "HKCR\CLSID\{8F2767F8-338A-4258-BD1C-4DE5A3D8CDB2}" => Key not found.
    LiveUpdateSvc => Service not found.
    WinRing0_1_2_0 => Service not found.
    SmartDefragDriver => Service not found.
    HOSTS Anti-PUPs => Service not found.
    hpqwmiex => Service not found.
    "C:\ProgramData\PKP_DLeo.DAT" => File/Directory not found.
    "C:\ProgramData\PKP_DLes.DAT" => File/Directory not found.
    "C:\ProgramData\PKP_DLet.DAT" => File/Directory not found.
    "C:\ProgramData\PKP_DLev.DAT" => File/Directory not found.
    "C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs" => File/Directory not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E61AE64-0809-4D19-91FC-E89602101DDD}" => Key not found.
    C:\Windows\System32\Tasks\SmartDefrag_Startup not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag_Startup" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43906D32-72F8-4EB9-84FD-22471AA0884A}" => Key not found.
    C:\Windows\System32\Tasks\Driver Booster Update not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Update" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{496F03FD-5FFF-4E1B-9D8D-DFD96131FAFE}" => Key not found.
    C:\Windows\System32\Tasks\Driver Booster Scan not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scan" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B026375-BCB7-498B-ACA9-EBD05EEF8CC6}" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77D02D23-2882-4103-A493-8B4BB916D478}" => Key not found.
    C:\Windows\System32\Tasks\Game_Booster_AutoUpdate not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Game_Booster_AutoUpdate" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8781616-5534-4F40-A524-9D3E273A72BB}" => Key not found.
    C:\Windows\System32\Tasks\SmartDefragUpdate not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefragUpdate" => Key not found.
    C:\Windows\Tasks\Driver Booster Update.job not found.
     
    ==== End of Fixlog ====
     
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-12-2014
    Ran by Owner (administrator) on YOUR-PA86Z1I3G7 on 09-12-2014 22:19:53
    Running from C:\Documents and Settings\Owner\Desktop
    Loaded Profile: Owner (Available profiles: Owner)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 8
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    (Windows ® Codename Longhorn DDK provider) C:\Program Files\UPHClean\uphclean.exe
    (Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe
    (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
    (VERITAS Software, Inc.) C:\WINDOWS\system32\dla\tfswctrl.exe
    (Compaq Computer Corporation) C:\Program Files\compaq\Easy Access Button Support\STARTEAK.exe
    (Compaq Computer Corporation) C:\Program Files\compaq\Easy Access Button Support\CPQEADM.exe
    (Compaq) C:\Compaq\EAKDRV\EAUSBKBD.exe
    (Compaq Computer Corporation) C:\PROGRA~1\compaq\EASYAC~1\BttnServ.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [hpsysdrv] => c:\windows\system\hpsysdrv.exe [52736 1998-05-07] (Hewlett-Packard Company)
    HKLM\...\Run: [dla] => C:\WINDOWS\system32\dla\tfswctrl.exe [106549 2002-07-16] (VERITAS Software, Inc.)
    HKLM\...\Run: [WCOLOREAL] => C:\Program Files\COMPAQ\Coloreal\coloreal.exe [143360 2002-02-20] ()
    HKLM\...\Run: [CPQEASYACC] => C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe [32768 2001-12-15] (Compaq Computer Corporation)
    HKLM\...\Run: [hpbdfawep] => C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe [954368 2007-04-25] ()
    HKLM\...\Run: [AlcxMonitor] => C:\WINDOWS\ALCXMNTR.EXE [57344 2004-09-07] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [Malwarebytes' Anti-Malware] => C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [460872 2011-12-24] (Malwarebytes Corporation)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-12-07] (AVAST Software)
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
    Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
    HKLM\...\Policies\Explorer: [NoCDBurning] 1
    HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-13] (Microsoft Corporation)
    Lsa: [Notification Packages]  scecli scecli
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2234620177-1887795725-650978795-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
    HKU\S-1-5-21-2234620177-1887795725-650978795-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
    HKU\S-1-5-21-2234620177-1887795725-650978795-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    URLSearchHook: HKU\S-1-5-21-2234620177-1887795725-650978795-1003 - (No Name) - {472734EA-242A-422b-ADF8-83D1E48CC825} -  No File
    SearchScopes: HKU\S-1-5-21-2234620177-1887795725-650978795-1003 -> DefaultScope {958A91A2-C0A5-4125-BE5C-0CC04963DADE} URL = http://search.yahoo....=utf-8&fr=b1ie7
    SearchScopes: HKU\S-1-5-21-2234620177-1887795725-650978795-1003 -> {958A91A2-C0A5-4125-BE5C-0CC04963DADE} URL = http://search.yahoo....=utf-8&fr=b1ie7
    BHO: SpywareGuardDLBLOCK.CBrowserHelper -> {4A368E80-174F-4872-96B5-0B27DDD11DB2} -> C:\Program Files\SpywareGuard\dlprotect.dll ()
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO: SimpleAdblock Class -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
    Toolbar: HKLM - No Name - {BA52B914-B692-46c4-B683-905236F6F655} -  No File
    Toolbar: HKU\S-1-5-21-2234620177-1887795725-650978795-1003 -> No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
    DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.micr...D0C/wmv9dmo.cab
    DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} 
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
    ShellExecuteHooks: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll [126976 2003-08-02] ()
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
    Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
     
    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a7r646om.default
    FF DefaultSearchEngine: Yahoo! (Avast)
    FF SearchEngineOrder.1: Yahoo! (Avast)
    FF SelectedSearchEngine: Yahoo! (Avast)
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @movenetworks.com/Quantum Media Player -> C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2234620177-1887795725-650978795-1003: @movenetworks.com/Quantum Media Player -> C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Oracle Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
    FF SearchPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a7r646om.default\searchplugins\aol-search.xml
    FF SearchPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a7r646om.default\searchplugins\yahoo-avast.xml
    FF Extension: Yahoo! Toolbar - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a7r646om.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-12-07]
    FF Extension: AOL Toolbar - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a7r646om.default\Extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} [2013-11-08]
    FF Extension: Adblock Plus - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a7r646om.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-10-24]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-10-23]
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-07]
    FF HKU\S-1-5-21-2234620177-1887795725-650978795-1003\...\Firefox\Extensions: [[email protected]] - C:\Documents and Settings\Owner\Application Data\Move Networks
    FF Extension: Move Media Player - C:\Documents and Settings\Owner\Application Data\Move Networks [2009-09-23]
     
    Chrome: 
    =======
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.71\gcswf32.dll No File
    CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
    CHR Plugin: (Java™ Platform SE 6 U13) - C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll No File
    CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll ()
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll No File
    CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll No File
    CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll No File
    CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
    CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
    CHR Plugin: (Move Streaming Media Player) - C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
    CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
    CHR Plugin: (Default Plug-in) - default_plugin No File
    CHR Profile: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-04]
    CHR Extension: (Avast Online Security) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-07]
    CHR Extension: (Google Wallet) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-24]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-07]
     
    ========================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-07] (AVAST Software)
    S4 Compaq_RBA; C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe [262144 2002-05-17] (NeoPlanet) [File not signed]
    R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [652872 2011-12-24] (Malwarebytes Corporation)
    R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2008-02-28] (Hewlett-Packard) [File not signed]
    S3 Pml Driver HPH11; C:\WINDOWS\System32\HPHipm11.exe [77824 2002-05-24] (HP)
    R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2008-02-28] (Hewlett-Packard) [File not signed]
    R2 UPHClean; C:\Program Files\UPHClean\uphclean.exe [399872 2010-09-13] (Windows ® Codename Longhorn DDK provider) [File not signed]
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [2279424 2004-10-01] (Realtek Semiconductor Corp.)
    R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-12-07] ()
    R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-12-07] (AVAST Software)
    R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-12-07] (AVAST Software)
    R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-12-07] ()
    R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-12-07] (AVAST Software)
    R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-12-07] (AVAST Software)
    R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-12-07] (AVAST Software)
    R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-12-07] ()
    R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2011-08-09] () [File not signed]
    S3 Dot4 HPH11; C:\WINDOWS\System32\DRIVERS\hphid411.sys [50896 2002-05-24] (HP)
    S3 Dot4Print HPH11; C:\WINDOWS\System32\DRIVERS\hphipr11.sys [16112 2002-05-24] (HP)
    S3 Dot4Usb HPH11; C:\WINDOWS\System32\drivers\hphius11.sys [18928 2002-05-24] (HP)
    R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [81552 2002-06-05] (VERITAS Software, Inc.) [File not signed]
    R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40368 2002-06-06] (VERITAS Software, Inc.) [File not signed]
    R3 eaps2kbd; C:\WINDOWS\System32\DRIVERS\eaps2kbd.sys [24035 2001-12-28] (Compaq Computer Corp.)
    R1 EAWDMFD; C:\WINDOWS\System32\DRIVERS\eawdmfd.sys [24348 1999-10-30] (Compaq Computer Corporation)
    S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-04-15] (HP)
    S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-04-15] (HP)
    S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-04-15] (HP)
    S3 i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [158140 2001-08-08] (Intel® Corporation)
    S3 iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [12479 2001-08-08] (Intel® Corporation)
    S3 iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [12031 2001-08-08] (Intel® Corporation)
    S3 iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [11679 2001-08-08] (Intel® Corporation)
    S3 iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [11999 2001-08-08] (Intel® Corporation)
    S3 iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [19359 2001-08-08] (Intel® Corporation)
    S3 iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [29215 2001-08-08] (Intel® Corporation)
    S3 iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [19199 2001-08-08] (Intel® Corporation)
    S3 iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [33503 2001-08-08] (Intel® Corporation)
    S3 iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [23519 2001-08-08] (Intel® Corporation)
    R3 ltmodem5; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [625537 2003-03-31] (LT)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [20464 2011-12-10] (Malwarebytes Corporation) [File not signed]
    S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2014-12-04] (Malwarebytes Corporation)
    R0 PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [16288 2002-04-18] (VERITAS Software, Inc.) [File not signed]
    R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
    S3 S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [155008 2002-07-13] (S3 Graphics, Inc.)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5589 2002-06-19] (VERITAS Software, Inc.) [File not signed]
    R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [22995 2002-06-19] (VERITAS Software, Inc.) [File not signed]
    R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [23701 2002-07-16] (VERITAS Software, Inc.) [File not signed]
    R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34805 2002-07-16] (VERITAS Software, Inc.) [File not signed]
    R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4117 2002-07-16] (VERITAS Software, Inc.) [File not signed]
    R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2201 2002-07-16] (VERITAS Software, Inc.) [File not signed]
    R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [54900 2002-07-16] (VERITAS Software, Inc.) [File not signed]
    R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [14421 2002-07-16] (VERITAS Software, Inc.) [File not signed]
    R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6325 2002-07-16] (VERITAS Software, Inc.) [File not signed]
    R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [91156 2002-07-16] (VERITAS Software, Inc.) [File not signed]
    R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [95125 2002-07-16] (VERITAS Software, Inc.) [File not signed]
    S3 wandrv; C:\WINDOWS\System32\DRIVERS\wandrv.sys [22608 2001-08-10] (America Online, Inc.)
    S1 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\WINDOWS\System32\drivers\ialmsbw.sys [90336 2002-05-22] (Intel Corporation)
    S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\WINDOWS\System32\drivers\ialmkchw.sys [69504 2002-05-22] (Intel Corporation)
    S3 ATWPKT2; \??\C:\PROGRA~1\AMERIC~2.0\ATWPKT2.SYS [X]
    S4 hpt3xx; No ImagePath
    S3 iAimTV2; System32\DRIVERS\wATV03nt.sys [X]
    S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]
    S4 LMIRfsClientNP; No ImagePath
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
    S0 viaagp1; System32\DRIVERS\viaagp1.sys [X]
    S3 wanatw; System32\DRIVERS\wanatw4.sys [X]
    U1 WS2IFSL; No ImagePath
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-12-09 19:19 - 2014-12-09 19:19 - 03981488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
    2014-12-09 16:11 - 2014-12-09 22:13 - 00000316 _____ () C:\WINDOWS\Tasks\HP WEP.job
    2014-12-08 18:03 - 2014-12-08 18:04 - 00028298 _____ () C:\Documents and Settings\Owner\Desktop\Addition.txt
    2014-12-08 17:59 - 2014-12-09 22:20 - 00020258 _____ () C:\Documents and Settings\Owner\Desktop\FRST.txt
    2014-12-08 17:58 - 2014-12-09 22:20 - 00000000 ____D () C:\FRST
    2014-12-08 17:58 - 2014-12-08 17:55 - 01111040 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
    2014-12-07 21:59 - 2014-12-07 22:00 - 00395363 _____ () C:\Documents and Settings\Owner\Desktop\YOUR-PA86Z1I3G7.txt
    2014-12-07 21:57 - 2014-12-07 21:57 - 00000000 _____ () C:\WINDOWS\setuperr.log
    2014-12-07 21:57 - 2014-12-07 21:57 - 00000000 _____ () C:\WINDOWS\setupact.log
    2014-12-07 21:55 - 2014-12-07 21:55 - 00002358 _____ () C:\Documents and Settings\Owner\Desktop\VEW.txt
    2014-12-07 21:20 - 2014-12-07 21:20 - 00005212 _____ () C:\Documents and Settings\Owner\Desktop\procexp.TXT
    2014-12-07 21:20 - 2014-12-07 14:33 - 00061440 _____ ( ) C:\Documents and Settings\Owner\Desktop\VEW.exe
    2014-12-07 21:15 - 2014-12-07 14:33 - 02480312 _____ (Sysinternals - www.sysinternals.com) C:\Documents and Settings\Owner\Desktop\procexp.exe
    2014-12-07 20:26 - 2014-12-07 20:26 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\AVAST Software
    2014-12-07 18:49 - 2014-12-07 18:49 - 00001797 _____ () C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
    2014-12-07 18:49 - 2014-12-07 18:49 - 00000000 ____D () C:\WINDOWS\jumpshot.com
    2014-12-07 18:49 - 2014-12-07 18:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
    2014-12-07 18:48 - 2014-12-09 18:48 - 00000362 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
    2014-12-07 18:48 - 2014-12-07 18:48 - 00423784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
    2014-12-07 18:48 - 2014-12-07 18:47 - 00206248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
    2014-12-07 18:48 - 2014-12-07 18:47 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2014-12-07 18:48 - 2014-12-07 18:47 - 00057928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
    2014-12-07 18:48 - 2014-12-07 18:47 - 00055240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
    2014-12-07 18:48 - 2014-12-07 18:47 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2014-12-07 18:48 - 2014-12-07 18:47 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
    2014-12-07 18:47 - 2014-12-07 18:49 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
    2014-12-07 18:47 - 2014-12-07 18:47 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2014-12-07 18:47 - 2014-12-07 18:47 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
    2014-12-07 18:45 - 2014-12-07 18:45 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-12-07 14:31 - 2014-12-07 14:33 - 132469808 _____ (AVAST Software) C:\Documents and Settings\All Users\Desktop\avast_free_antivirus_setup (1).exe
    2014-12-05 21:44 - 2014-12-05 21:44 - 00046178 _____ () C:\Documents and Settings\Owner\Desktop\Extras.Txt
    2014-12-05 21:43 - 2014-12-08 18:31 - 00079706 _____ () C:\Documents and Settings\Owner\Desktop\OTL.Txt
    2014-12-05 21:34 - 2014-12-05 21:34 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Owner\Desktop\OTL.exe
    2014-12-04 22:59 - 2014-12-04 22:59 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
    2014-12-04 22:35 - 2014-12-07 18:38 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-12-04 22:35 - 2014-12-04 22:35 - 00001744 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    2014-12-04 22:35 - 2014-12-04 22:35 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    2014-12-04 22:35 - 2014-12-04 22:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2014-12-03 23:27 - 2014-12-04 21:22 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2014-12-03 22:02 - 2014-12-07 21:57 - 00004788 _____ () C:\WINDOWS\setupapi.log
    2014-12-03 22:01 - 2014-12-03 22:17 - 00000012 _____ () C:\WINDOWS\msoffice.ini
    2014-12-03 21:53 - 2014-12-03 21:53 - 00147514 _____ () C:\Documents and Settings\Owner\Desktop\cc_20141203_215310.reg
    2014-11-25 15:30 - 2014-11-25 15:23 - 00615062 _____ () C:\Documents and Settings\Owner\Desktop\BECKY1.TXT
    2014-11-25 15:30 - 2014-11-25 15:22 - 01358890 _____ () C:\Documents and Settings\Owner\Desktop\BECKY.TXT
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-12-09 22:22 - 2011-10-23 17:02 - 00000422 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{F88E048E-B866-4852-A9E1-B67483BEB339}.job
    2014-12-09 22:22 - 2011-10-19 20:27 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\temp
    2014-12-09 22:20 - 2011-08-27 09:21 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2014-12-09 22:19 - 2013-02-04 07:29 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2014-12-09 21:46 - 2011-10-07 10:23 - 01669655 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-12-09 21:09 - 2014-10-01 14:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2014-12-09 19:19 - 2013-02-04 07:29 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2014-12-09 19:19 - 2011-08-27 09:19 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2014-12-09 16:01 - 2002-11-13 17:37 - 00000191 _____ () C:\WINDOWS\system\hpsysdrv.DAT
    2014-12-09 16:00 - 2002-08-01 21:32 - 00012598 _____ () C:\WINDOWS\system32\wpa.dbl
    2014-12-09 15:59 - 2014-04-09 08:09 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    2014-12-09 15:59 - 2011-08-27 09:21 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-12-09 15:56 - 2011-10-07 11:55 - 00000157 _____ () C:\WINDOWS\wiadebug.log
    2014-12-09 15:56 - 2011-10-07 11:55 - 00000049 _____ () C:\WINDOWS\wiaservc.log
    2014-12-09 15:56 - 2002-08-01 21:46 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-12-08 22:41 - 2011-10-07 11:52 - 00032382 _____ () C:\WINDOWS\SchedLgU.Txt
    2014-12-08 18:44 - 2002-08-01 21:51 - 00000178 ___SH () C:\Documents and Settings\Owner\ntuser.ini
    2014-12-07 23:26 - 2011-10-23 21:17 - 00001024 ____H () C:\WINDOWS\system32\default_user_class.dat.LOG
    2014-12-07 21:57 - 2014-07-02 11:53 - 00000181 _____ () C:\WINDOWS\hpbafd.ini
    2014-12-07 21:54 - 2011-10-20 21:39 - 00002358 _____ () C:\VEW.txt
    2014-12-07 21:14 - 2011-09-26 08:22 - 00000778 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
    2014-12-07 21:14 - 2008-12-17 09:47 - 00000778 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    2014-12-07 20:28 - 2011-10-25 20:02 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Temp
    2014-12-07 18:45 - 2011-10-07 11:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
    2014-12-07 18:39 - 2002-08-01 21:33 - 00000327 __RSH () C:\boot.ini
    2014-12-07 18:39 - 2002-08-01 21:32 - 00000743 _____ () C:\WINDOWS\win.ini
    2014-12-07 18:39 - 2002-08-01 21:32 - 00000285 _____ () C:\WINDOWS\system.ini
    2014-12-07 14:40 - 2011-10-05 15:06 - 00001945 _____ () C:\WINDOWS\epplauncher.mif
    2014-12-07 14:04 - 2011-10-19 20:27 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
    2014-12-04 21:06 - 2006-12-04 09:17 - 00000000 __SHD () C:\WINDOWS\CSC
    2014-12-03 23:24 - 2002-01-01 00:25 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
    2014-12-03 23:22 - 2002-01-01 00:25 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    2014-12-03 22:50 - 2002-08-01 14:37 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
    2014-12-03 22:20 - 2011-11-17 15:21 - 00000000 ____D () C:\Program Files\QuickTime
    2014-12-03 22:02 - 2004-01-14 16:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AOL
    2014-12-03 22:02 - 2002-11-26 21:34 - 00000000 ____D () C:\Program Files\Common Files\AOL
    2014-12-03 21:37 - 2003-09-15 09:17 - 00000000 __SHD () C:\Documents and Settings\Owner\UserData
    2014-12-03 21:37 - 2002-08-01 21:51 - 00000000 ____D () C:\Documents and Settings\Owner
    2014-12-02 11:13 - 2002-08-01 21:42 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
    2014-11-26 12:19 - 2011-08-27 09:23 - 00001879 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    2014-11-20 11:31 - 2002-08-01 14:37 - 00527394 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2014-11-20 11:25 - 2003-03-17 15:53 - 00000000 ____D () C:\WINDOWS\pss
    2014-11-15 04:11 - 2013-07-25 02:02 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-11-15 03:11 - 2005-05-21 14:31 - 100445232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
     
    Some content of TEMP:
    ====================
    C:\Documents and Settings\Owner\Local Settings\temp\uninst.dll
    C:\Documents and Settings\Owner\Local Settings\temp\vmpremov.exe
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
     
    ==================== End Of Log ============================
     
    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-12-2014
    Ran by Owner at 2014-12-09 22:22:27
    Running from C:\Documents and Settings\Owner\Desktop
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    32 Bit HP CIO Components Installer (Version: 2.1.4 - Hewlett-Packard) Hidden
    Actinic Catalog 3 (HKLM\...\Actinic Catalog v3) (Version: 3.10.1.0.1.9INB - Actinic Software Ltd.)
    Actiontec USB/Ethernet Home DSL Modem (HKLM\...\{9692FD03-6662-4E62-B08C-30DFF51651E1}) (Version:  - )
    Adobe Download Manager 2.0 (Remove Only) (HKLM\...\AdobeESD) (Version: 2.0 - )
    Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Adobe® Photoshop® Album Starter Edition 3.0 (HKLM\...\{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}) (Version: 3.0.1 - Adobe Systems, Inc.)
    Adobe® Photoshop® Album Starter Edition 3.0.1 (HKLM\...\{C9618743-1A5C-461E-91C4-E013A3D70F3C}) (Version: 3.0.1 - Adobe Systems, Inc.)
    Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.3 - Auslogics Software Pty Ltd)
    Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
    Belarc Advisor 8.2 (HKLM\...\Belarc Advisor) (Version: 8.2.6.0 - Belarc Inc.)
    BufferChm (Version: 110.0.180.000 - Hewlett-Packard) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 3.12 - Piriform)
    Coloreal (HKLM\...\{BDE90251-93EB-4F6A-89D8-086E2D91DC56}) (Version:  - )
    Compaq Advisor (HKLM\...\{C4C1AFCD-2C72-48B4-AE2E-A7354A525E87}) (Version:  - )
    Corel WinDVD (Version: 11 - Corel Inc.) Hidden
    Corel WinDVD Pro 11 (HKLM\...\_{991D8429-CFD9-48D9-BD85-6EDD3007B5A9}) (Version: 11.0.0.289 - Corel Inc.)
    Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows4.0) (Version: 4.0 - Coupons, Inc.) <==== ATTENTION
    Crystal Reports for PFW (HKLM\...\{7699B723-9718-41DE-8C18-549F341C02CE}) (Version: 8.5.0.2175 - Seagate Software, Inc.)
    DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 3.50 - VERITAS Software)
    Easy Access Button Support (HKLM\...\{93539D60-1817-11D1-9504-00805F26A89C}) (Version:  - )
    ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
    FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version:  - )
    Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    HP LaserJet P1500 series (HKLM\...\HP LaserJet P1500 series) (Version:  - )
    HP Photosmart C5500 All-In-One Driver Software 11.0 Rel .4 (HKLM\...\{8A558B0C-541D-47e0-A177-8635CE723B07}) (Version: 11.0 - HP)
    HPCarePackCore (HKLM\...\{7B02BF60-796D-4616-908B-B31A63CFDEFB}) (Version: 10.0.0.1 - Hewlett-Packard)
    HPCarePackProducts (Version: 1.0.0.1 - HP) Hidden
    hppMSRedist (Version: 1.00.0000 - Hewlett-Packard) Hidden
    hppusgP1500 (Version: 000.000.00003 - Hewlett-Packard) Hidden
    HPSSupply (HKLM\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
    ICA (Version: 1.0 - Corel Inc.) Hidden
    Inactive HP Printer Drivers (Remove only) (HKLM\...\Inactive HP Printer Drivers (Remove only)) (Version:  - )
    Intel® Extreme Graphics Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version:  - )
    InterVideo WinDVD (HKLM\...\{C1939820-A945-11D4-86F6-0001031E5712}) (Version:  - InterVideo Inc.)
    IPM (Version: 1.00.0000 - Corel Inc.) Hidden
    Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version:  - )
    Macromedia Dreamweaver MX (HKLM\...\{8B4AB829-DFD3-436D-B808-D9733D76C590}) (Version: 6.0 - Macromedia)
    Macromedia Extension Manager (HKLM\...\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}) (Version: 1.5 - Macromedia)
    Malwarebytes Anti-Malware version 1.60.0.1800 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.60.0.1800 - Malwarebytes Corporation)
    MarketResearch (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
    Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
    Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Works 6.0 (HKLM\...\{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}) (Version: 06.00.0000 - Microsoft Corporation)
    Move Media Player (HKU\S-1-5-21-2234620177-1887795725-650978795-1003\...\Move Media Player) (Version:  - Move Networks)
    Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
    OpenOffice.org 3.3 (HKLM\...\{ED23E382-E5E3-4E21-B616-01FC59A40916}) (Version: 3.3.9567 - OpenOffice.org)
    Pervasive.SQL 2000 Client (SP3) (HKLM\...\Pervasive.SQL 2000 Client) (Version:  - )
    PFW File Associations (HKLM\...\PFW95Files) (Version:  - )
    Photosmart 130,230,7150,7345,7350,7550 (Remove only) (HKLM\...\hphuni04) (Version:  - )
    Platinum for Windows by Best (HKLM\...\Platinum for Windows by Best) (Version:  - )
    PS_AIO_04_C5500_Software (Version: 110.0.209.000 - Hewlett-Packard) Hidden
    PS_AIO_04_C5500_Software_Min (Version: 110.0.209.000 - Hewlett-Packard) Hidden
    Python 2.2 combined Win32 extensions (HKLM\...\Python 2.2 combined Win32 extensions) (Version:  - )
    Python 2.2.1 (HKLM\...\Python 2.2.1) (Version: 2.2.1 - PythonLabs at Zope Corporation)
    RealOne Player (HKLM\...\RealPlayer 6.0) (Version:  - )
    RecordNow (HKLM\...\{8214CC02-6271-4DC8-B8DD-779933450264}) (Version: 4.10 - VERITAS Software)
    RecordNow Update Manager (HKLM\...\{09DA4F91-2A09-4232-AB8C-6BC740096DE3}) (Version: 2.70 - VERITAS Software)
    S3Display (HKLM\...\S3Display) (Version:  - )
    S3Gamma2 (HKLM\...\S3Gamma2) (Version:  - )
    S3Info2 (HKLM\...\S3Info2) (Version:  - )
    S3Overlay (HKLM\...\S3Overlay) (Version:  - )
    Scan (Version: 11.0.0.0 - Hewlett-Packard) Hidden
    Setup (Version: 11.0 - Corel Inc.) Hidden
    Shipping Assistant 3.6 (HKLM\...\{15C77FC3-8137-4A5E-8F81-F559045DD6B0}) (Version: 3.6.80.0 - United States Postal Service)
    Simple Adblock (HKLM\...\{54B19DCE-232F-45A3-80D9-2141DEDF6D8F}) (Version: 1.1.0 - Simple Adblock)
    SpywareBlaster 4.4 (HKLM\...\SpywareBlaster_is1) (Version: 4.4.0 - Javacool Software LLC)
    SpywareGuard v2.2 (HKLM\...\SpywareGuard_is1) (Version: 2.2 - Javacool Software LLC)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1164 - SUPERAntiSpyware.com)
    Toolbox (Version: 110.0.180.000 - Hewlett-Packard) Hidden
    UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
    User Profile Hive Cleanup Service (HKLM\...\{7D15B945-2725-4443-AB3F-D900556612FE}) (Version: 1.6.36 - Microsoft Corporation)
    WebFldrs XP (Version: 9.50.5318 - Microsoft Corporation) Hidden
    WebReg (Version: 110.0.180.000 - Hewlett-Packard) Hidden
    Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
    Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
    Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
    Works Suite OS Pack (Version: 1.0.0.0000 - Microsoft Corporation) Hidden
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
    CustomCLSID: HKU\S-1-5-21-2234620177-1887795725-650978795-1003_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
    CustomCLSID: HKU\S-1-5-21-2234620177-1887795725-650978795-1003_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
    CustomCLSID: HKU\S-1-5-21-2234620177-1887795725-650978795-1003_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
    CustomCLSID: HKU\S-1-5-21-2234620177-1887795725-650978795-1003_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
     
    ==================== Restore Points  =========================
     
    24-10-2014 20:10:21 Software Distribution Service 3.0
    25-10-2014 20:10:06 Software Distribution Service 3.0
    26-10-2014 20:10:22 Software Distribution Service 3.0
    27-10-2014 06:14:35 Software Distribution Service 3.0
    27-10-2014 20:10:12 Software Distribution Service 3.0
    28-10-2014 21:49:59 System Checkpoint
    28-10-2014 22:49:39 Software Distribution Service 3.0
    29-10-2014 23:21:33 System Checkpoint
    29-10-2014 23:23:16 Software Distribution Service 3.0
    31-10-2014 00:21:49 System Checkpoint
    31-10-2014 01:12:30 Software Distribution Service 3.0
    31-10-2014 23:23:04 Software Distribution Service 3.0
    01-11-2014 23:47:16 Software Distribution Service 3.0
    02-11-2014 23:35:15 Software Distribution Service 3.0
    03-11-2014 10:09:58 Software Distribution Service 3.0
    04-11-2014 00:14:40 Software Distribution Service 3.0
    05-11-2014 00:42:05 System Checkpoint
    06-11-2014 01:13:00 System Checkpoint
    06-11-2014 01:56:08 Software Distribution Service 3.0
    06-11-2014 23:58:07 Software Distribution Service 3.0
    08-11-2014 00:22:44 System Checkpoint
    08-11-2014 00:53:13 Software Distribution Service 3.0
    09-11-2014 00:13:28 Software Distribution Service 3.0
    10-11-2014 00:21:48 Software Distribution Service 3.0
    10-11-2014 09:59:24 Software Distribution Service 3.0
    11-11-2014 11:14:41 System Checkpoint
    12-11-2014 00:17:21 Software Distribution Service 3.0
    13-11-2014 00:57:43 System Checkpoint
    13-11-2014 04:52:14 Software Distribution Service 3.0
    14-11-2014 05:11:36 Software Distribution Service 3.0
    14-11-2014 20:28:31 Software Distribution Service 3.0
    15-11-2014 08:06:20 Software Distribution Service 3.0
    15-11-2014 21:06:45 Software Distribution Service 3.0
    16-11-2014 21:22:06 Software Distribution Service 3.0
    17-11-2014 12:12:04 Software Distribution Service 3.0
    17-11-2014 21:35:04 Software Distribution Service 3.0
    18-11-2014 22:18:20 System Checkpoint
    19-11-2014 20:26:36 Software Distribution Service 3.0
    20-11-2014 22:43:56 System Checkpoint
    21-11-2014 16:20:03 Software Distribution Service 3.0
    22-11-2014 16:33:06 Software Distribution Service 3.0
    23-11-2014 16:53:36 System Checkpoint
    23-11-2014 18:32:20 Software Distribution Service 3.0
    24-11-2014 09:13:08 Software Distribution Service 3.0
    24-11-2014 16:45:41 Software Distribution Service 3.0
    25-11-2014 16:55:35 System Checkpoint
    25-11-2014 17:59:51 Software Distribution Service 3.0
    26-11-2014 17:41:54 Software Distribution Service 3.0
    27-11-2014 20:07:32 Software Distribution Service 3.0
    28-11-2014 16:27:03 Software Distribution Service 3.0
    29-11-2014 17:26:24 System Checkpoint
    29-11-2014 19:33:16 Software Distribution Service 3.0
    30-11-2014 20:22:45 Software Distribution Service 3.0
    01-12-2014 07:17:00 Software Distribution Service 3.0
    01-12-2014 19:39:47 Software Distribution Service 3.0
    04-12-2014 00:18:26 System Checkpoint
    04-12-2014 03:09:46 Removed Apple Application Support
    04-12-2014 03:12:56 Removed Apple Software Update
    04-12-2014 03:19:23 Removed QuickTime
    04-12-2014 03:50:31 Removed Windows Live Sign-in Assistant
    05-12-2014 05:25:43 System Checkpoint
    06-12-2014 01:49:04 Software Distribution Service 3.0
    07-12-2014 18:45:11 Software Distribution Service 3.0
    07-12-2014 23:45:09 avast! antivirus system restore point
    09-12-2014 01:03:32 System Checkpoint
    10-12-2014 02:09:36 Removed Java™ 6 Update 12
    10-12-2014 02:30:54 Removed Java™ 6 Update 7
    10-12-2014 02:38:58 Removed Java™ 7 Update 1
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2011-10-06 11:38 - 2011-10-07 10:24 - 00000027 ____N C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1       localhost
     
    ==================== Scheduled Tasks (whitelisted) =============
     
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\HP WEP.job => C:\Program Files\HP\Dfawep\bin\hpbdfawep.exeOwner$Task for execution of hpbdfawep.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Registration reminder 1.job => C:\WINDOWS\System32\OOBE\oobebaln.exe
    Task: C:\WINDOWS\Tasks\Registration reminder 2.job => C:\WINDOWS\System32\OOBE\oobebaln.exe
    Task: C:\WINDOWS\Tasks\Registration reminder 3.job => C:\WINDOWS\System32\OOBE\oobebaln.exe
    Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{F88E048E-B866-4852-A9E1-B67483BEB339}.job => C:\WINDOWS\system32\msfeedssync.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2014-12-09 15:59 - 2014-12-09 15:59 - 02905088 _____ () C:\Program Files\AVAST Software\Avast\defs\14120901\algo.dll
    2003-08-02 23:20 - 2003-08-02 22:20 - 00126976 ____R () C:\Program Files\SpywareGuard\spywareguard.dll
    2002-08-02 00:19 - 1998-12-21 03:35 - 00024576 _____ () C:\Program Files\Compaq\Easy Access Button Support\BttnSeps.dll
    2014-12-07 18:47 - 2014-12-07 18:47 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
    AlternateDataStreams: C:\WINDOWS\$NtUninstallKB41753$:SummaryInformation
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
     
    ==================== EXE Association (whitelisted) =============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== MSCONFIG/TASK MANAGER disabled items =========
     
    (Currently there is no automatic fix for this section.)
     
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk => C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk => C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk => C:\WINDOWS\pss\AOL Companion.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk => C:\WINDOWS\pss\ERUNT AutoBackup.lnkStartup
    MSCONFIG\startupfolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk => C:\WINDOWS\pss\OpenOffice.org 3.0.lnkStartup
    MSCONFIG\startupfolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\WINDOWS\pss\OpenOffice.org 3.3.lnkStartup
    MSCONFIG\startupfolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^SpywareGuard.lnk => C:\WINDOWS\pss\SpywareGuard.lnkStartup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Adobe Photo Downloader => "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: FileHippo.com => "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background
    MSCONFIG\startupreg: HostManager => C:\Program Files\Common Files\AOL\1187716252\ee\AOLSoftware.exe
    MSCONFIG\startupreg: HPDJ Taskbar Utility => C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    MSCONFIG\startupreg: HPHmon04 => C:\WINDOWS\System32\hphmon04.exe
    MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\system32\igfxtray.exe
    MSCONFIG\startupreg: Malwarebytes' Anti-Malware => "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    MSCONFIG\startupreg: Microsoft Works Update Detection => c:\Program Files\Microsoft Works\WkDetect.exe
    MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
    MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: Recguard => C:\WINDOWS\SMINST\RECGUARD.EXE
    MSCONFIG\startupreg: srmclean => C:\Cpqs\Scom\srmclean.exe
    MSCONFIG\startupreg: StorageGuard => "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    MSCONFIG\startupreg: TkBellExe => C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    MSCONFIG\startupreg: updateMgr => "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
     
    ========================= Accounts: ==========================
     
    Administrator (S-1-5-21-2234620177-1887795725-650978795-500 - Administrator - Enabled)
    ASPNET (S-1-5-21-2234620177-1887795725-650978795-1006 - Limited - Enabled)
    Guest (S-1-5-21-2234620177-1887795725-650978795-501 - Limited - Disabled)
    HelpAssistant (S-1-5-21-2234620177-1887795725-650978795-1005 - Limited - Disabled)
    LogMeInRemoteUser (S-1-5-21-2234620177-1887795725-650978795-1007 - Administrator - Enabled)
    Owner (S-1-5-21-2234620177-1887795725-650978795-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
    SUPPORT_388945a0 (S-1-5-21-2234620177-1887795725-650978795-1002 - Limited - Disabled)
    SUPPORT_b326ad0c (S-1-5-21-2234620177-1887795725-650978795-1004 - Limited - Disabled)
     
    ==================== Faulty Device Manager Devices =============
     
    Name: Compaq Easy Access PS2 Internet Keyboard
    Description: Compaq Easy Access PS2 Internet Keyboard
    Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318}
    Manufacturer: Compaq Computer Corporation
    Service: i8042prt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
     
    System errors:
    =============
     
    Microsoft Office Sessions:
    =========================
     
    ==================== Memory info =========================== 
     
    Processor:  Intel® Pentium® 4 CPU 2.00GHz
    Percentage of memory in use: 50%
    Total physical RAM: 510.52 MB
    Available physical RAM: 254.42 MB
    Total Pagefile: 1248.48 MB
    Available Pagefile: 974.41 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1928.1 MB
     
    ==================== Drives ================================
     
    Drive c: (PRESARIO) (Fixed) (Total:55.93 GB) (Free:33.73 GB) NTFS ==>[Drive with boot components (Windows XP)]
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (Size: 55.9 GB) (Disk ID: FCB1EC06)
    Partition 1: (Active) - (Size=55.9 GB) - (Type=07 NTFS)
     
    ==================== End Of Log ============================

     


    • 0

    #9
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,019 posts
    • MVP

    Copy the next   lines:

     

    sc delete ATWPKT2
    sc delete hpt3xx
    sc delete LMIInfo
    sc delete LMIRfsClientNP
    sc delete wanatw
    sc delete WS2IFSL
    copy \hp\drivers\video\S3_VIA\VIAAGP1.SYS \windows\System32\DRIVERS\viaagp1.sys
     
    Start, All Programs, Accessories, Command Prompt.  Right click and Paste or Edit then Paste and the copied lines should appear.  Hit Enter.  Did you get any error messages?

    • 0

    #10
    jp17315

    jp17315

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 127 posts

    Yes I got an error message:

     

    sc delete WS2IFSL

    [SC] opensource failed 1060:

    The specified service does not exist as an installed service.


    • 0

    Advertisements


    #11
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,019 posts
    • MVP

    OK.  

     

    Start, Run, eventvwr.msc, OK to bring up the Event Viewer.  Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. 
     
    Reboot. 
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:  (if you haven't already)
    2. Double-click VEW.exe
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.
     

    • 0

    #12
    jp17315

    jp17315

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 127 posts

    here is the log

     

    Vino's Event Viewer v01c run on Windows XP in English
    Report run at 10/12/2014 8:55:20 p. m.
     
    Note: All dates below are in the format dd/mm/yyyy
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 10/12/2014 8:53:33 p. m.
    Type: error Category: 0
    Event: 7026 Source: Service Control Manager
    The following boot-start or system-start driver(s) failed to load:  viaagp1 
     
    Log: 'System' Date/Time: 10/12/2014 8:52:17 p. m.
    Type: error Category: 0
    Event: 5719 Source: NETLOGON
    No Domain Controller is available for domain AD due to the following:  There are currently no logon servers available to service the logon request. .  Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator. 
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     

    • 0

    #13
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,019 posts
    • MVP

    Since it doesn't seem to be important let's just tell it not to try to run the  viaagp1  driver.

     

     get autoruns from

     
    Download Save and Run the program.  Once it finishes its scan, look under drivers for the viaagp1 and uncheck it.  Then close Autoruns.  That will stop it from trying to load.
     
    It should boot fairly quickly now and run at its normal speed.  Does it?

    • 0

    #14
    jp17315

    jp17315

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 127 posts

    ok I did it - and seems to boot quicker. When I ran auto runs under drivers there were 11 drivers that are highlight yellow saying file not found. Should I uncheck them as well?


    • 0

    #15
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,019 posts
    • MVP

    yes.


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP