Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My computer may be infected with koobface

Started by wreekhavoc , May 06 2016 12:43 PM
koobface hacked remote access takeover

  • Please log in to reply

#1
wreekhavoc
Posted 06 May 2016 - 12:43 PM

wreekhavoc

    Member

  • Member
  • PipPip
  • 53 posts

Greetings,

I was recently given a link by a friend (who has since had the same problem), to download a song by Prince. I went to the site, once I clicked on the link for the download, a page with the AT&T logo pops up and I hear a bell sound. A recording comes on telling me my service is being interrupted because AT&T is picking up that my computer has been targeted and the line could be damaged which they could then charge me to repair the line. It looked legit. There was a number to call for Tech Support. I called the number and then the red flag. The person who answered told me they were working for another company who is hired by AT&T through Microsoft in order to fix these kind of problems. Mind you this was all happening as I was leaving for work, I thought I would be listening to a Prince song on my way, but, now my computer is being hacked. They had me open up the command line and type in a number of commands. I didn't think to write any of this down (stupid me). Eventually they told me I needed to go to one of two websites for tech support but it will cost me $249.99 at Right Help Desk and  $229.99 at Cyber Tech Help. I believe the telephone number I was prompted to call was 1-888-403-7230. Before I could give them permission to access my computer remotely, I saw my cursor moving and windows were opening and closing. I had managed to get the real AT&T on the phone by stalling with the hackers. The real AT&T tech told me to shut down the computer and unplug the internet line. I would now have to get my computer serviced by a local tech or re-install my OS (Windows XP). I ended up trying system restore and the computer seems fine now, however, I just want to be sure there are no remnants of malware or anything the hackers could've left behind to alert them that my computer is back online.

 

Here are both FRST.txt and Addition.txt logs.

Thank you.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:06-05-2016 02
Ran by HP_Administrator (administrator) on NAKAMI (06-05-2016 10:58:40)
Running from C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Loaded Profiles: HP_Administrator (Available Profiles: HP_Administrator & Administrator & Guest)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\system32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\WINDOWS\system32\imapi.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
() C:\WINDOWS\system32\PSIService.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avpui.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
(Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe
(Sonic Solutions) C:\WINDOWS\system32\dla\tfswctrl.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
(RealTek Semicoductor Corp.) C:\WINDOWS\ALCWZRD.EXE
(Agere Systems) C:\WINDOWS\AGRSMMSG.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [86016 2005-09-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Recguard] => C:\WINDOWS\SMINST\RECGUARD.EXE [233472 2004-04-14] ()
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [LSBWatcher] => c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [253952 2005-05-10] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] => C:\HP\KBD\KBD.EXE [61440 2005-02-02] (Hewlett-Packard Company)
HKLM\...\Run: [hpsysdrv] => c:\windows\system\hpsysdrv.exe [52736 1998-05-07] (Hewlett-Packard Company)
HKLM\...\Run: [dla] => C:\WINDOWS\system32\dla\tfswctrl.exe [122939 2004-08-03] (Sonic Solutions)
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2004-09-09] (ATI Technologies, Inc.)
HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2807808 2005-09-21] (RealTek Semicoductor Corp.)
HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88209 2005-03-04] (Agere Systems)
HKLM\...\Run: [UpdatePSTShortCut] => "C:\Program Files\CyberLink\Media Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Media Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [UpdateLBPShortCut] => "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
HKLM\...\Run: [UCam_Menu] => "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
HKLM\...\Run: [UpdateP2GoShortCut] => "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\7.0"
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [295512 2014-06-24] (RealNetworks, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2004-09-10] (ATI Technologies Inc.)
Winlogon\Notify\GoToAssist Express Customer:
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20] (Intel Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-2502786744-1622484038-505356971-1008\...\Run: [Spotify Web Helper] => C:\Documents and Settings\HP_Administrator\Application Data\Spotify\SpotifyWebHelper.exe [2346096 2016-01-06] (Spotify Ltd)
HKU\S-1-5-21-2502786744-1622484038-505356971-1008\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [204288 2006-10-18] (Microsoft Corporation)
HKU\S-1-5-21-2502786744-1622484038-505356971-1008\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\space.scr [7093760 2004-08-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoTBar.exe [2003-09-30] (Hewlett-Packard)
BootExecute: autocheck autochk * SsiEfr.e

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2011-04-06] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{851C140C-E6EC-4521-B00A-3B6B83A56BF6}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2502786744-1622484038-505356971-1008\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2502786744-1622484038-505356971-1008\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2502786744-1622484038-505356971-1008\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
URLSearchHook: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn22\yt.dll No File
SearchScopes: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> {2C9E0EE4-2610-B903-9AF4-523D61CB8099} URL = hxxp://www.startnow.com/s/?q={searchTerms}&src=defsearch&provider=Bing&provider_code=Z095&partner_id=667&product_id=636&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110626&user_guid=FD9EA4BBD8914B69A4137887540C8B68&machine_id=ae9c155223e984dbed7b1be58818983b&browser=IE&os=win&os_version=5.1-x86-SP3
SearchScopes: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> {B69C22F5-7773-4177-89FF-61BFB58E2445} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MS8TDF&pc=MS8TDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> {F39FCA2F-421E-42AE-B7EE-5F038CE7DD7B} URL =
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn22\yt.dll => No File
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: No Name -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -> __BHODemonDisabled => No File
BHO: Yahoo! IE Services Button -> {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -> C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll => No File
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\system32\dla\tfswshx.dll [2004-08-03] (Sonic Solutions)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30] (Microsoft Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll => No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-11-27] (AO Kaspersky Lab)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
BHO: SidebarAutoLaunch Class -> {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} -> C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll [2005-02-03] (Yahoo! Inc.)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn17\YTSingleInstance.dll [2010-03-23] (Yahoo! Inc)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn22\yt.dll No File
Toolbar: HKLM - HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [2003-11-21] (Hewlett-Packard Company)
Toolbar: HKLM - Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll No File
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-11-27] (AO Kaspersky Lab)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [2003-11-21] (Hewlett-Packard Company)
Toolbar: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
Toolbar: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn22\yt.dll No File
Toolbar: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> No Name - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -  No File
Toolbar: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -  No File
Toolbar: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} -  No File
Toolbar: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} hxxp://download.microsoft.com/download/7/0/7/707a44ad-52ad-49af-b7ef-e21b6b0656e4/VirtualEarth3D.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94}
DPF: {15B782AF-55D8-11D1-B477-006097098764} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} hxxp://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {49232000-16E4-426C-A231-62846947304B} hxxp://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://by135w.bay135.mail.live.com/mail/resources/MsnPUpld.cab
DPF: {55027008-315F-4F45-BBC3-8BE119764741} hxxp://static.slide.com/uploader/SlideImageUploader.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll
DPF: {A526A2C7-723E-4081-BF70-A7A9913E8C4A} hxxp://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} hxxp://download.yahoo.com/dl/installs/yab_af.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} hxxp://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} hxxp://download.abacast.com/download/files/abasetup163.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} hxxp://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} hxxp://by103fd.bay103.hotmail.msn.com/activex/HMAtchmt.ocx
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

FireFox:
========
FF ProfilePath: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\qpxq73t5.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: about:home
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_197.dll [No File]
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-06-07] ()
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll [No File]
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin: @meadco.com/neptune plugin,version=2.0.0.29 -> C:\PROGRA~1\MEADCO~1\npmeadax.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=2.5 -> C:\Program Files\Virtual Earth 3D\ [] ()
FF Plugin: @microsoft.com/VirtualEarth3D,version=3.0 -> C:\Program Files\Virtual Earth 3D\ [] ()
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\ATT\8.4.1.12\ma\bin\npMotive.dll [No File]
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2014-06-24] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-08-05] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-08-05] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2014-06-24] (RealPlayer)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.1 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll [2007-09-18] (RealNetworks, Inc.)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @yverinfo.yahoo.com/YahooVersionInfoPlugin;version=1.0.0.1 -> C:\Program Files\Yahoo!\Shared\npYVerInfo.dll [No File]
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin: [email protected]/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll [No File]
FF Plugin HKU\S-1-5-21-2502786744-1622484038-505356971-1008: @tools.google.com/Google Update;version=2 -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.2.121.9\npGoogleOneClick.dll [No File]
FF Plugin HKU\S-1-5-21-2502786744-1622484038-505356971-1008: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2009-11-30] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2502786744-1622484038-505356971-1008: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll [2012-07-24] (Amazon.com, Inc.)
FF user.js: detected! => C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\qpxq73t5.default\user.js [2015-06-12]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2009-09-25] (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2014-06-24] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-09-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-09-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-09-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-09-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-09-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2014-06-24] (RealPlayer)
FF SearchPlugin: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\qpxq73t5.default\searchplugins\bing-zugo.xml [2011-06-25]
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-26] [not signed]
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-06-24] [not signed]
FF Extension: Kaspersky Protection - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox [2016-03-01]
FF Extension: YouTube Video and Audio Downloader - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\qpxq73t5.default\Extensions\[email protected] [2016-05-06]
FF Extension: Media Converter and Muxer - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\qpxq73t5.default\Extensions\[email protected] [2016-04-10]
FF Extension: Yahoo! Toolbar - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\qpxq73t5.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2) [2014-09-13] [not signed]
FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak [2016-04-11] [not signed]
FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak2 [2016-04-11] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-09-11] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-08-05] [not signed]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox
FF HKLM\...\Thunderbird\Extensions: [{eea12ec4-729d-4703-bc37-106ce9879ce2}] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt => not found
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2011-06-09]

Chrome:
=======
CHR Profile: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Beatlab) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alnfdikmbdfgkcbdodjcbmedanjinmkk [2015-04-21]
CHR Extension: (Kaspersky Protection) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2015-10-30]
CHR Extension: (RealDownloader) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-09-16]
CHR Extension: (Until AM for Chrome) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mjafmkicbmhcbapadecadciafbkecofl [2014-10-27]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeActiveFileMonitor4.0; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [102400 2005-09-09] () [File not signed]
R2 AVP16.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe [194000 2015-11-27] (Kaspersky Lab ZAO)
S2 gupdate1c9c9d71833ca6e; C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-13] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-07-25] (Oracle Corporation)
R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2005-12-18] (Hewlett-Packard Company) [File not signed]
S4 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
S2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2006-03-02] (HP) [File not signed]
R2 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [177704 2007-06-05] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 SMTPSVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-13] (Microsoft Corporation)
S4 TabletService; C:\WINDOWS\system32\Tablet.exe [942080 2006-08-30] (Wacom Technology, Corp.) [File not signed]
R2 W3SVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-13] (Microsoft Corporation)
S4 YPCService; C:\WINDOWS\system32\YPCSER~1.EXE [86016 2003-05-19] (Yahoo! Inc.) [File not signed]
S4 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BCMNTIO; C:\Program Files\CheckIt\Diagnostics\BCMNTIO.SYS [3744 2004-03-05] () [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 Cinemsup; C:\WINDOWS\system32\Drivers\Cinemsup.sys [6656 2003-12-19] (Sonic Solutions) [File not signed]
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [201912 2015-07-06] (Kaspersky Lab ZAO)
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [87136 2004-08-04] (Sonic Solutions) [File not signed]
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40448 2004-07-14] (Sonic Solutions) [File not signed]
R3 hcwPP2; C:\WINDOWS\System32\DRIVERS\hcwPP2.sys [185728 2007-02-06] (Hauppauge Computer Works, Inc.)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2005-10-21] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-10-21] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2005-10-21] (HP)
R3 IrBus; C:\WINDOWS\System32\DRIVERS\IrBus.sys [46848 2013-07-16] (Microsoft Corporation)
R3 Iviaspi; C:\WINDOWS\System32\drivers\iviaspi.sys [21060 2003-09-11] (InterVideo, Inc.) [File not signed]
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [153784 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [46776 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [57712 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\WINDOWS\System32\DRIVERS\kldisk.sys [66976 2016-03-01] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\System32\DRIVERS\klflt.sys [150408 2015-11-27] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\DRIVERS\klhk.sys [44216 2015-11-27] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [766360 2016-03-01] (AO Kaspersky Lab)
R3 klim5; C:\WINDOWS\System32\DRIVERS\klim5.sys [36448 2013-04-19] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\WINDOWS\System32\DRIVERS\klkbdflt.sys [36024 2015-06-04] (Kaspersky Lab ZAO)
R3 klmouflt; C:\WINDOWS\System32\DRIVERS\klmouflt.sys [37040 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [39304 2015-11-27] (AO Kaspersky Lab)
R1 kltdf; C:\WINDOWS\System32\DRIVERS\kltdf.sys [73912 2015-06-10] (Kaspersky Lab ZAO)
R1 kltdi; C:\WINDOWS\System32\DRIVERS\kltdi.sys [54328 2015-06-11] (Kaspersky Lab ZAO)
R1 kneps; C:\WINDOWS\System32\DRIVERS\kneps.sys [156856 2015-06-23] (Kaspersky Lab ZAO)
R2 MAPMEM; C:\Program Files\CheckIt\Diagnostics\MAPMEM.SYS [3904 2004-03-05] () [File not signed]
R2 MDC8021X; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [15781 2004-04-13] (Meetinghouse Data Communications) [File not signed]
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 Nsynas32; C:\WINDOWS\system32\Drivers\Nsynas32.sys [17784 2000-06-16] (Syncrosoft Hard- und Software GmbH) [File not signed]
R3 Pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2003-09-19] (Padus, Inc.) [File not signed]
S3 PLTurbo; C:\WINDOWS\System32\drivers\plturbo.sys [18048 2009-06-26] (Prolific Technology Inc.)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [46976 2002-10-04] (Realtek Semiconductor Corporation       )
R1 sdcplh; C:\WINDOWS\System32\drivers\sdcplh.sys [55168 2006-01-03] (Macrovision Europe Ltd) [File not signed]
S3 SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [229888 2004-09-29] (Silicon Integrated Systems Corporation)
R1 SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [12928 2004-09-24] (Silicon Integrated Systems Corporation)
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions) [File not signed]
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions) [File not signed]
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25723 2004-08-03] (Sonic Solutions) [File not signed]
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34843 2004-08-03] (Sonic Solutions) [File not signed]
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4123 2004-08-03] (Sonic Solutions) [File not signed]
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2239 2004-08-03] (Sonic Solutions) [File not signed]
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86138 2004-08-03] (Sonic Solutions) [File not signed]
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [14715 2004-08-03] (Sonic Solutions) [File not signed]
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6363 2004-08-03] (Sonic Solutions) [File not signed]
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98714 2004-08-03] (Sonic Solutions) [File not signed]
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100603 2004-08-03] (Sonic Solutions) [File not signed]
S3 TVICHW32; C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [23600 2009-05-06] (EnTech Taiwan) [File not signed]
S3 110df677-84f6-4876-9ba3-3ff35ca08517; \??\F:\Player\cds300.dll [X]
S3 catchme; \??\C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys [X]
S3 cleanhlp; \??\C:\EEK\bin\cleanhlp32.sys [X]
S3 JL2005C; System32\Drivers\jl2005c.sys [X]
S3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [X]
S3 PLTurbh; system32\drivers\plturbh.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
U3 Winsock - Google Desktop Search Backup Before First Install; no ImagePath
U3 Winsock - Google Desktop Search Backup Before Last Install; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-06 10:58 - 2016-05-06 10:58 - 00000000 ____D C:\FRST
2016-05-03 03:03 - 2016-05-03 03:03 - 00122880 _____ C:\WINDOWS\Minidump\Mini050316-01.dmp
2016-05-03 02:04 - 2008-02-29 00:57 - 13171256 _____ C:\Documents and Settings\HP_Administrator\My Documents\DNS1200_ENGLISH.pdf
2016-04-29 16:42 - 2016-04-29 17:59 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\LogMeIn Rescue Applet
2016-04-21 13:24 - 2016-04-21 13:24 - 00000073 _____ C:\Documents and Settings\HP_Administrator\My Documents\erotic city link.txt
2016-04-13 17:59 - 2016-04-13 17:59 - 00002949 _____ C:\Documents and Settings\HP_Administrator\My Documents\Alkalizing foods.txt
2016-04-11 18:50 - 2016-04-13 00:34 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-06 10:59 - 2005-03-25 02:12 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Temp
2016-05-06 10:51 - 2014-01-15 12:27 - 00001830 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
2016-05-06 10:51 - 2014-01-15 12:27 - 00001824 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2016-05-06 10:51 - 2009-06-30 10:53 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-06 10:02 - 2013-01-10 21:44 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-05-06 09:58 - 2014-10-28 15:45 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2016-05-06 09:10 - 2004-11-04 17:29 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-05-06 08:54 - 2016-02-02 09:49 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d15dd9c1134ab0.job
2016-05-06 08:54 - 2015-12-06 22:50 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d130b32902c382.job
2016-05-06 08:53 - 2009-03-19 14:35 - 00000444 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{8FE3CB99-92E6-4DAE-A627-DA855E22B17F}.job
2016-05-06 08:49 - 2005-03-24 23:42 - 00000189 _____ C:\WINDOWS\system\hpsysdrv.DAT
2016-05-06 08:48 - 2004-11-05 01:56 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-06 08:48 - 2004-11-05 00:25 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2016-05-04 14:22 - 2013-10-29 03:39 - 01031214 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2502786744-1622484038-505356971-1008-0.dat
2016-05-04 14:22 - 2013-10-28 21:53 - 00235022 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2016-05-04 14:22 - 2005-03-25 02:12 - 00000178 ___SH C:\Documents and Settings\HP_Administrator\ntuser.ini
2016-05-04 14:22 - 2004-11-05 01:56 - 00031962 _____ C:\WINDOWS\SchedLgU.Txt
2016-05-04 13:55 - 2015-05-17 22:49 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0912e766d841a.job
2016-05-04 13:55 - 2014-11-12 18:51 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cffee44fc023e1.job
2016-05-04 12:54 - 2015-07-15 13:50 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0bf3fe6c9cf71.job
2016-05-04 12:27 - 2004-11-05 00:28 - 00000279 ___SH C:\boot.ini
2016-05-04 12:27 - 2004-11-05 00:25 - 00000678 _____ C:\WINDOWS\win.ini
2016-05-04 12:27 - 2004-11-05 00:25 - 00000300 _____ C:\WINDOWS\system.ini
2016-05-04 00:46 - 2005-03-25 02:12 - 00000000 ___RD C:\Documents and Settings\HP_Administrator\My Documents\My Pictures
2016-05-03 22:54 - 2015-02-07 14:50 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d043201b8e31a4.job
2016-05-03 21:55 - 2015-09-14 20:50 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0ef69a6406cc5.job
2016-05-03 20:55 - 2015-08-30 12:49 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0e35da3dd052.job
2016-05-03 18:55 - 2009-06-30 10:53 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-03 17:56 - 2014-10-17 18:50 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfea75db495c48.job
2016-05-03 15:23 - 2014-08-29 14:46 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2016-05-03 15:22 - 2007-01-23 15:09 - 02928318 _____ C:\WINDOWS\ntbtlog.txt
2016-05-03 14:31 - 2007-06-10 11:10 - 00000000 ____D C:\Program Files\Hijackthis
2016-05-03 03:43 - 2015-08-09 07:35 - 00000000 ____D C:\Program Files\lg_fwupdate
2016-05-03 03:43 - 2012-07-12 01:43 - 00000338 _____ C:\WINDOWS\lgfwup.ini
2016-05-03 03:03 - 2005-05-12 13:40 - 00000000 ____D C:\WINDOWS\Minidump
2016-05-03 02:13 - 2006-05-10 18:38 - 01292078 ___SH C:\Documents and Settings\HP_Administrator\My Documents\Thumbs.db
2016-05-03 02:04 - 2005-03-25 02:12 - 00000000 ___RD C:\Documents and Settings\HP_Administrator\My Documents
2016-05-03 01:32 - 2014-10-13 19:47 - 00002443 _____ C:\Documents and Settings\HP_Administrator\Desktop\DDJ Music Manager.lnk
2016-04-30 19:54 - 2005-03-25 02:12 - 00000000 ____D C:\Documents and Settings\HP_Administrator
2016-04-30 19:44 - 2015-06-12 10:06 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-04-30 18:33 - 2005-04-05 00:58 - 00081920 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\ALCFDRTM.VER
2016-04-30 18:25 - 2005-03-25 02:12 - 00000000 ___RD C:\Documents and Settings\HP_Administrator\My Documents\My Music
2016-04-30 17:52 - 2013-09-17 21:06 - 00000300 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2502786744-1622484038-505356971-1008.job
2016-04-30 17:52 - 2013-09-14 15:59 - 00000308 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2502786744-1622484038-505356971-1008.job
2016-04-30 15:11 - 2006-11-28 17:05 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2016-04-30 13:02 - 2007-05-20 16:00 - 00000000 ____D C:\Documents and Settings\Guest
2016-04-30 13:02 - 2004-11-05 01:57 - 00000000 ____D C:\Documents and Settings\Administrator
2016-04-30 13:02 - 2004-11-05 01:56 - 00000000 __SHD C:\Documents and Settings\NetworkService
2016-04-30 13:02 - 2004-11-05 01:56 - 00000000 __SHD C:\Documents and Settings\LocalService
2016-04-30 13:01 - 2004-11-05 01:44 - 00000000 ____D C:\WINDOWS\Registration
2016-04-30 12:47 - 2004-11-05 01:57 - 00000178 __SHC C:\Documents and Settings\Administrator\ntuser.ini
2016-04-30 12:45 - 2010-10-18 10:01 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2016-04-29 17:41 - 2013-08-11 10:59 - 00000330 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2502786744-1622484038-505356971-1008.job
2016-04-29 16:42 - 2009-03-29 06:36 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Deployment
2016-04-28 17:57 - 2016-01-06 22:36 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\Spotify
2016-04-28 17:56 - 2016-01-06 22:37 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Spotify
2016-04-28 04:44 - 2012-08-05 23:55 - 00000308 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2502786744-1622484038-505356971-1008.job
2016-04-26 17:32 - 2013-01-14 08:19 - 00000348 _____ C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2502786744-1622484038-505356971-1008.job
2016-04-13 07:06 - 2013-04-02 20:58 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-04-12 18:48 - 2013-07-31 09:30 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-12 18:33 - 2005-05-12 03:00 - 132539272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-10 20:44 - 2012-04-06 10:59 - 00797376 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-04-10 20:43 - 2011-05-13 08:18 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-04-08 15:00 - 2014-03-11 17:51 - 00000238 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2016-04-07 20:42 - 2005-03-25 23:48 - 00000196 _____ C:\Documents and Settings\HP_Administrator\Application Data\G-Force Prefs (WindowsMediaPlayer).txt

==================== Files in the root of some directories =======

2005-04-16 00:53 - 2005-04-16 00:53 - 0000251 ____C () C:\Program Files\wt3d.ini
2014-09-25 00:54 - 2015-12-15 21:14 - 0000395 _____ () C:\Documents and Settings\HP_Administrator\Application Data\FotoSketcher.ini
2005-03-25 23:48 - 2016-04-07 20:42 - 0000196 _____ () C:\Documents and Settings\HP_Administrator\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
2006-04-11 06:45 - 2007-01-25 15:38 - 0025074 ____C () C:\Documents and Settings\HP_Administrator\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
2005-03-25 13:42 - 2008-05-18 22:39 - 0007156 ____C () C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2005-03-25 03:21 - 2015-10-14 10:58 - 0168960 _____ () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2005-03-25 02:12 - 2005-03-25 02:45 - 0000139 _____ () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
2011-11-02 13:27 - 2011-11-02 13:27 - 0017408 ____C () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\WebpageIcons.db
2004-11-05 04:15 - 2009-10-06 11:46 - 0015140 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2006-08-03 01:11 - 2007-12-29 15:17 - 0002917 ____C () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Files to move or delete:
====================
C:\Documents and Settings\HP_Administrator\fix.reg
C:\Documents and Settings\HP_Administrator\g2ax_customer_downloadhelper_win32_x86.exe
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-6016B75E508}.job


Some files in TEMP:
====================
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp20rr8d.dll
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\DseShExt-x86.dll
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\DUNZIP32.dll
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\fp_pl_pfs_installer.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jre-7u55-windows-i586-iftw.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\lowproc.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\oi_{4BF13721-0387-4DC4-8711-6F0163C5B4DD}.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pcDesktopAlertNotifierX.dll
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\rnupdate0.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\RT150809.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\SDShelEx-win32.dll
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\SHSetup.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\stubhelper.dll
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Uninstall.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:06-05-2016 02
Ran by HP_Administrator (2016-05-06 11:00:57)
Running from C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) (2005-03-25 09:11:21)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2502786744-1622484038-505356971-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-2502786744-1622484038-505356971-1009 - Limited - Enabled)
Guest (S-1-5-21-2502786744-1622484038-505356971-501 - Limited - Disabled) => %SystemDrive%\Documents and Settings\Guest
HelpAssistant (S-1-5-21-2502786744-1622484038-505356971-1007 - Limited - Disabled)
HP_Administrator (S-1-5-21-2502786744-1622484038-505356971-1008 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\HP_Administrator
IUSR_NAKAMI (S-1-5-21-2502786744-1622484038-505356971-1011 - Limited - Enabled)
IWAM_NAKAMI (S-1-5-21-2502786744-1622484038-505356971-1012 - Limited - Enabled)
SUPPORT_388945a0 (S-1-5-21-2502786744-1622484038-505356971-1002 - Limited - Disabled)
SUPPORT_fddfa904 (S-1-5-21-2502786744-1622484038-505356971-1006 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Anti-Virus (Enabled - Up to date) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus (Disabled) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1600 (Version: 47.0.1.000 - Hewlett-Packard) Hidden
1600_Help (Version: 47.0.1.000 - Hewlett-Packard) Hidden
1600Trb (Version: 47.0.1.000 - Hewlett-Packard) Hidden
Abacast Client (HKLM\...\Abacast Client) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Photoshop Elements 4.0 (HKLM\...\Adobe Photoshop Elements 4) (Version: 4.0 - Adobe Systems Inc.)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Adobe® Photoshop® Album Starter Edition 3.0 (HKLM\...\{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}) (Version: 3.0.1 - Adobe Systems, Inc.)
Adobe® Photoshop® Album Starter Edition 3.0.1 (HKLM\...\{C9618743-1A5C-461E-91C4-E013A3D70F3C}) (Version: 3.0.1 - Adobe Systems, Inc.)
Agere Systems PCI Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - )
AiO_Scan (Version: 47.0.1.000 - Hewlett-Packard) Hidden
AiOSoftware (Version: 47.0.1.000 - Hewlett-Packard) Hidden
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C23CD6DA-1958-43A5-ADD0-59396572E02E}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArtRage 2 (HKLM\...\{12766F00-807F-4978-8D24-FDD0A3D60EE4}) (Version: 2.6.0 - Ambient Design)
ArtRage 2.2 (HKLM\...\ArtRage_is1) (Version:  - Ambient Design Ltd)
ArtRage Studio (HKLM\...\{DAE9A7CF-8619-482A-82CA-6D7F5D400239}) (Version: 3.5.5 - Ambient Design)
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5125 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.06-040909a-018560C-HP - )
AXIS Media Control Embedded (HKLM\...\AXIS Media Control Embedded) (Version:  - )
Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{C2E4B5BD-32DB-4817-A060-341AB17C3F90}) (Version: 2.0.5.0 - Apple Inc.)
BufferChm (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CheckIt  Diagnostics (HKLM\...\CheckIt  Diagnostics) (Version: 7.1 - Smith Micro Software, Inc.)
Copy (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CP_AtenaShokunin1Config (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CP_CalendarTemplates1 (Version: 60.0.155.000 - Hewlett-Packard) Hidden
cp_dwShrek2Albums1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
cp_dwShrek2Cards1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
cp_OnlineProjectsConfig (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CP_Package_Basic1 (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CP_Panorama1Config (Version: 60.0.155.000 - Hewlett-Packard) Hidden
cp_PosterPrintConfig (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CreativeProjects (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CreativeProjectsTemplates (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
CueTour (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Dassault Systemes Software Prerequisites x86 (HKLM\...\{42C4AFF5-EFAA-433B-9DED-076FF8B0B833}) (Version: 8.1.2 - Dassault Systemes)
DDJMMAN (HKLM\...\{4DC44CCC-3248-44D7-A655-E13FEE6F5FB9}) (Version: 1.2.3 - DENON_DJ)
Destinations (Version: 60.0.155.000 - Hewlett-Packard) Hidden
DeviceFunctionQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DocProc (Version: 4.5.0.0 - Hewlett-Packard) Hidden
DocumentViewer (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-2502786744-1622484038-505356971-1008\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - )
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Fax (Version: 47.0.1.000 - Hewlett-Packard) Hidden
FaxTools (HKLM\...\{F45298E5-0083-426F-A668-1A2C5F04B8A0}) (Version: 5.10 - BVRP Software)
Filter Forge 1.021 (HKLM\...\Filter Forge_is1) (Version:  - Filter Forge, Inc.)
FotoSketcher 3.20 (HKLM\...\{E7C6D565-2E48-4303-A114-AFE7B2E561AF}_is1) (Version:  - David THOIRON)
FoxyTunes for Firefox (HKLM\...\FoxyTunesForFirefox) (Version:  - )
Free Video To Audio Converter 2014 4.6.1 (HKLM\...\Free Video To Audio Converter 2014_is1) (Version:  - FAEMedia Co., Ltd.)
FullDPAppQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
GdiplusUpgrade (Version: 1.00.01 - Hewlett-Packard) Hidden
GemMaster Mystic (HKLM\...\12133444-BF36-4d4e-B7FB-A3424C645DE4) (Version:  - )
getPlus®_ocx (HKLM\...\getPlus®_ocx) (Version:  - )
G-Force (HKLM\...\G-Force) (Version: 3.5.6 - SoundSpectrum)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth (HKLM\...\{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}) (Version: 6.2.1.6014 - Google)
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Firefox (HKLM\...\{2CCBABCB-6427-4A55-B091-49864623C43F}) (Version: 7.1.20100830 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
Help and Support Additions (HKLM\...\Help and Support Additions) (Version:  - )
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
Highlight Viewer (Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation) Hidden
HighMAT Extension to Microsoft Windows XP CD Writing Wizard (HKLM\...\{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}) (Version: 1.1.1905.1 - Microsoft Corporation)
HijackThis 1.99.1 (HKLM\...\HijackThis) (Version: 1.99.1 - Soeperman Enterprises Ltd.)
Hijackthis 1.99.1 (HKLM\...\Hijackthis_is1) (Version:  - Soeperman Enterprises Ltd)
HP Connections XP (HKLM\...\{DCA27D8C-8144-4CF3-9A38-920548C06ED5}) (Version: 1.00.0000 - Hewlett-Packard)
HP Deskjet Preloaded Printer Drivers (HKLM\...\{F419D20A-7719-4639-8E30-C073A040D878}) (Version: 8.3.3.0 - Hewlett-Packard Company)
HP Extended Capabilities 4.7 (HKLM\...\HPExtendedCapabilities) (Version: 4.7 - HP)
HP Image Zone for Media Center PC (HKLM\...\{8D0C57BC-4942-4960-BB6D-142456D6F233}) (Version: 1.01.001 - Hewlett-Packard Company)
HP Image Zone Plus 4.2.3 (HKLM\...\{0D182A5E-AEE0-42ca-BD1D-4EEB2FFA256D}) (Version: 4.2.3 - HP)
HP Imaging Device Functions 6.0 (HKLM\...\HP Imaging Device Functions) (Version: 6.0 - HP)
HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Photosmart Premier Software 6.0 (HKLM\...\HP Photo & Imaging) (Version: 6.0 - HP)
HP Product Detection (HKLM\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company)
HP PSC & OfficeJet 4.7 (HKLM\...\{342C7C88-D335-4bc2-8CF1-281857629CE2}) (Version:  - HP)
HP Software Update (HKLM\...\{457791C5-D702-4143-A7B2-2744BE9573F2}) (Version: 2.0.39.20040212 - Hewlett-Packard)
HP Solution Center and Imaging Support Tools 6.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 6.0 - HP)
HP Tunes (HKLM\...\{D54193B7-D2DF-4977-B546-86CA48DB214E}) (Version: 2.1.0.5 - Hewlett-Packard Company)
HP Update (HKLM\...\{FE57DE70-95DE-4B64-9266-84DA811053DB}) (Version: 4.000.012.001 - Hewlett-Packard)
HPHDiscovery (Version: 1.0.0.0 - Hewlett-Packard) Hidden
HPIZ423 (Version: 42.2.3 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 60.0.155.000 - Hewlett-Packard) Hidden
HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden
HPSystemDiagnostics (Version: 1.6.0.0 - Your Company Name) Hidden
InstantShare (Version: 45.4.157.000 - Hewlett-Packard) Hidden
InstantShareDevices (Version: 60.0.155.000 - Hewlett-Packard) Hidden
InterActual Player (HKLM\...\InterActual Player) (Version:  - )
InterVideo DiscLabel (HKLM\...\{C3F058C0-A21C-452D-8D99-95B1A45F417D}) (Version:  - )
InterVideo WinDVD Creator (HKLM\...\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}) (Version: 2.5.14.382 - InterVideo Inc.)
InterVideo WinDVD Player (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.896 - InterVideo Inc.)
iTunes (HKLM\...\{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}) (Version: 10.3.1.55 - Apple Inc.)
Kaspersky Anti-Virus (HKLM\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Anti-Virus (Version: 16.0.0.614 - Kaspersky Lab) Hidden
Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version:  - )
LG CyberLink LabelPrint (Version: 2.5.3624 - CyberLink Corp.) Hidden
LG CyberLink Media Suite (Version: 8.0.2808 - CyberLink Corp.) Hidden
LG CyberLink PowerBackup (HKLM\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.6023 - CyberLink Corp.)
LG CyberLink YouCam (Version: 2.0.3718 - CyberLink Corp.) Hidden
LG ODD Auto Firmware Update (HKLM\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
LightScribe  1.4.62.1 (Version: 1.4.62.1 - hxxp://www.lightscribe.com) Hidden
LP_Flash (Version: 1.00.0000 - Hewlett-Packard) Hidden
Map Button (Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation) Hidden
MarketResearch (Version: 45.4.158.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB953295) (HKLM\...\KB953295) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM\...\KB979904) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Picture It! Express 7.0 (HKLM\...\{369B36BE-3D64-4641-9AEA-808D436FE130}) (Version: 7.0.0.0000 - Microsoft Corporation)
Microsoft Plus! Digital Media Edition (HKLM\...\{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}) (Version: 1.1.0.2423 - Microsoft Corporation)
Microsoft Plus! Digital Media Edition Installer (HKLM\...\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}) (Version: 1.1.0.3500 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
MSN (HKLM\...\MSNINST) (Version:  - )
MSN Music Assistant (HKLM\...\MSN Music Assistant) (Version:  - )
MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
muvee autoProducer 3.5 magicMoments - HPD (HKLM\...\{B103C8A7-D1CC-4B1A-BD41-883F652E097D}) (Version: 3.50.151 - muvee Technologies)
muvee autoProducer unPlugged - HPD (HKLM\...\{D8E4A88B-E35A-4F3B-AB60-42E7DB0EC765}) (Version: 1.0.000 - muvee Technologies)
MyFonts Order M3653804 (HKLM\...\{D5091BF6-A839-E388-A6F0-09F79D5CE6E7}) (Version: 1.0 - MyFonts.com, Inc.)
Netflix Movie Viewer (HKLM\...\{BCE72AED-3332-4863-9567-C5DCB9052CA2}) (Version: 1.2.211 - Netflix)
nik Color Efex Pro 2.0 IE (HKLM\...\nik Color Efex Pro 2.0 IE) (Version:  - )
Otto (HKLM\...\B3EE3001-DC24-4cd1-8743-5692C716659F) (Version:  - )
PanoStandAlone (Version: 60.0.155.000 - Hewlett-Packard) Hidden
PC-Doctor for Windows (HKLM\...\InstallShield_{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}) (Version: 1.06.002 - PC-Doctor, Inc.)
PC-Doctor for Windows (Version: 1.06.002 - PC-Doctor, Inc.) Hidden
PhotoGallery (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Photosmart 320,370,7400,8100,8400 Series (HKLM\...\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}) (Version: 2.0 - HP)
PrintScreen (Version: 43.1.5.000 - Hewlett-Packard) Hidden
ProductContext (Version: 47.0.1.000 - Hewlett-Packard) Hidden
PS2 (HKLM\...\PS2) (Version:  - )
PSPrinters06 (Version: 1.00.0000 - HP) Hidden
Python 2.2 combined Win32 extensions (HKLM\...\Python 2.2 combined Win32 extensions) (Version:  - )
Python 2.2.1 (HKLM\...\Python 2.2.1) (Version: 2.2.1 - PythonLabs at Zope Corporation)
QuickProjects (Version: 43.1.5.000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
RandMap (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Readme (Version: 47.0.1.000 - Hewlett-Packard) Hidden
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Rhapsody Player Engine (HKLM\...\{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}) (Version: 1.1.0 - RealNetworks)
Scan (Version: 4.5.0.0 - Hewlett-Packard) Hidden
ScannerCopy (Version: 4.5.0.0 - Hewlett-Packard) Hidden
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
SkinsHP1 (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Smart Menus (Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation) Hidden
SolutionCenter (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Sonic Audio Module (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 1.5.0 - Sonic Solutions)
Sonic CinePlayer (HKLM\...\{26792CA7-D87A-4DBE-896B-C2F66B344511}) (Version: 2.0.0 - Sonic Solutions)
Sonic Copy Module (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 1.5.0 - Sonic Solutions)
Sonic Data Module (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 1.5.0 - Sonic Solutions)
Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.95 - Sonic Solutions)
Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions)
Sonic Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 1.0.0 - Sonic Solutions)
Sonic MyDVD Studio Deluxe (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.0 - Sonic Solutions)
Sonic RecordNow! (HKLM\...\{9541FED0-327F-4DF0-8B96-EF57EF622F19}) (Version: 7.22 - Hewlett-Packard)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Sonic_PrimoSDK (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spotify (HKU\S-1-5-21-2502786744-1622484038-505356971-1008\...\Spotify) (Version: 1.0.20.94.g8f8543b3 - Spotify AB)
SpySubtract (HKLM\...\SpySubtract) (Version:  - interMute, Inc.)
Status (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Steinberg Cubase VST (HKLM\...\Steinberg Cubase VST) (Version:  - )
Steinberg Halion (HKLM\...\Steinberg Halion) (Version:  - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tablet (HKLM\...\Tablet Driver) (Version:  - Wacom Technology Corp.)
The Font Thing (HKLM\...\The Font Thing) (Version:  - )
Tomb Raider III (HKLM\...\Tomb Raider III) (Version:  - )
TrayApp (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Universal Media Player (HKLM\...\Universal Media Player) (Version:  - )
Unload (Version: 6.1.0 - Hewlett-Packard) Hidden
Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version:  - Microsoft Corporation)
USBFast (HKLM\...\{AED142A8-96EA-42DE-B212-60BFC98D6CC7}) (Version: 1.3.0.23 - Prolific Technology Inc.)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{10A44844-4465-456E-8C97-80BDD4F68845}) (Version: 6.500.3146.0 - Microsoft Corporation)
Windows Live OneCare safety scanner (HKLM\...\Windows Live OneCare safety scanner) (Version:  - )
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB925766 (HKLM\...\KB925766) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version:  - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
Yahoo! Search Protection (HKLM\...\Yahoo! Search Defender) (Version:  - ) <==== ATTENTION
Yahoo! SiteBuilder (HKLM\...\Yahoo! SiteBuilder) (Version: 2.2.0 - )
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{0C378864-D5C4-4D9C-854C-432E3BEC9CCB}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{152F97BA-E8EA-4FDC-B9BB-32589B6AD4F0}\localserver32 -> F:\__CDS.exe => No File
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{17E67D4A-23A1-40D8-A049-EE34C0AF756A}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{294E9835-D0F1-4815-8C52-3C08FBB1403E}\InprocServer32 -> C:\Program Files\Hp\Common\RulesEngine.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{36385AE6-F389-41E3-97DF-7412F61418F8}\InprocServer32 -> C:\Program Files\Hp\Common\InternetUtil.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{42C68651-1700-4750-A81F-A1F5110E0F66}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{4774922A-8983-4ECC-94FD-7235F06F53A1}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{59B15028-399E-4B6D-A5F3-A8D7BFE17E1B}\InprocServer32 -> C:\Program Files\Hp\Common\HPeSupport.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{5A494E87-262C-4340-A539-2FAC0A85D935}\InprocServer32 -> C:\Program Files\Hp\Common\RulesEngine.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{5E6F22B3-7DF6-4C64-8AD0-1A6CC1351085}\InprocServer32 -> C:\Program Files\Hp\Common\HPScripting.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{60178279-6D62-43AF-A336-77925651A4C6}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{63B3EC14-9F70-4129-B935-46EFB37013E8}\InprocServer32 -> C:\Program Files\Hp\Common\HPeSupport.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{6470DE80-1635-4B5D-93A3-3701CE148A79}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{684E4896-6EFC-4A3D-B967-6105894A6796}\InprocServer32 -> C:\Program Files\Hp\Common\RulesEngine.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{6D84BC07-7979-4E59-9589-17E1E5A8FF55}\InprocServer32 -> C:\Program Files\Hp\Common\InternetUtil.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{784F2933-6BDD-4E5F-B1BA-A8D99B603649}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{7CB9D4F5-C492-42A4-93B1-3F7D6946470D}\InprocServer32 -> C:\Program Files\Hp\Common\RulesEngine.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{7DB9052D-4CDD-45F7-9EDF-8FE44F19678B}\InprocServer32 -> C:\Program Files\Hp\Common\InternetUtil.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{910E7ADE-7F75-402D-A4A6-BB1A82362FCA}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{93441C07-E57E-4086-B912-F323D741A9D8}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{9986CC36-7FA8-4E9A-ADE1-E197FCC5484B}\InprocServer32 -> C:\Program Files\Hp\Common\RulesEngine.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{A95845D8-8463-4605-B5FB-4F8CFBAC5C47}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{AB049B11-607B-46C8-BBF7-F4D6AF301046}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{AB237044-8A3B-42BB-9EE1-9BFA6721D9ED}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{B00FBC78-73CB-4216-8D01-96770CC020C3}\InprocServer32 -> C:\Program Files\HP\HP Software Update\HpuFunction.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{B5201019-B9A8-411C-A7AC-CEA856A63C00}\InprocServer32 -> C:\Program Files\Hp\Common\HPScripting.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{B9C13CD0-5A97-4C6B-8A50-7638020E2462}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{BC2971B9-2A4F-44C8-8D7F-04E027544828}\InprocServer32 -> C:\Program Files\Hp\Common\HPScripting.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{BC31D83D-B1F3-4B73-A8BF-6FE416AA8F85}\InprocServer32 -> C:\Program Files\HP\HP Software Update\HpuFunction.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{BE65189A-4770-47A0-9B7B-68827DB1C317}\InprocServer32 -> C:\Program Files\Hp\Common\RulesEngine.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{BF931895-AF82-467A-8819-917C6EE2D1F3}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{C70D0641-DDE1-4FD7-A4D4-DA187B80741D}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{C94188F6-0F9F-46B3-8B78-D71907BD8B77}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{CDAF9CEC-F3EC-4B22-ABA3-9726713560F8}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{CF6866F9-B67C-4B24-9957-F91E91E788DC}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{DC4F9DA0-DB05-4BB0-8FB2-03A80FE98772}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{DE233AFF-8BD5-457E-B7F0-702DBEA5A828}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{DF1F1C17-6A29-45FB-A3C6-9825908E062E}\InprocServer32 -> C:\Program Files\Hp\Common\RulesEngine.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{E12DA4F2-BDFB-4EAD-B12F-2725251FA6B0}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{EA084E0F-B62E-406E-B672-CE909626918B}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\HPBasicDetection3.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{FA9C5110-071C-4964-9DD0-610806FF0F81}\InprocServer32 -> C:\Program Files\HP\Common\HPDeviceDetection.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_18_0_0_203_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfea75db495c48.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cffee44fc023e1.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d043201b8e31a4.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0912e766d841a.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0bf3fe6c9cf71.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0e35da3dd052.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0ef69a6406cc5.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d130b32902c382.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d15dd9c1134ab0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2502786744-1622484038-505356971-1008.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2502786744-1622484038-505356971-1008.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2502786744-1622484038-505356971-1008.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2502786744-1622484038-505356971-1008.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2502786744-1622484038-505356971-1008.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2502786744-1622484038-505356971-1008.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2502786744-1622484038-505356971-1008.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{8FE3CB99-92E6-4DAE-A627-DA855E22B17F}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-6016B75E508}.job => E:\. I right clicked on properties for both the CD-ROM  and the DVD-RW drives to make sure the settings are correct for opening the drive when a disc is inserted. I have the autoplay set to prompt me each time to chose an action but the CD drive never opens when the disc is inserted. I have changed both settings to Select an action to perform, and that is set to play through my Windows Media player, but nothing happens. I have to open the disc up by clicking on the drive and opening it up manually. The strange thing is, I can copy the files by using my RecordNow software by Roxio. I would prefer the disc to open up when I insert it into the drive. I am wondering if there is any infection in my computer that may be switching my settings and/or functions causing my machine to act this way.

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Yahoo!\SiteBuilder\SiteBuilder.lnk -> C:\Program Files\Yahoo SiteBuilder\ysitebuilder.bat ()
Shortcut: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Yahoo!\SiteBuilder\Update SiteBuilder.lnk -> C:\Program Files\Yahoo SiteBuilder\update.bat ()

ShortcutWithArgument: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Yahoo!\Yahoo! SiteBuilder2.6-J.lnk -> C:\Program Files\Java\jre7\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://sitebuilder.yahoo.com/sitebuilder/webstart/sitebuilder.jnlp "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\57\26ab71b9-5c632978"
ShortcutWithArgument: C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AT&T Yahoo! Mail.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~1\Yahoo!\Common\Ymmapi.dll,OpenURL hxxp://mail.yahoo.com/?.redir=ymmapi10
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Hot Deals\Adobe Store.lnk -> C:\hp\VINETLINK\VINETLINK.exe () -> "www.hp.com/go/adobespring05"
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Hot Deals\Keep Media.lnk -> C:\hp\VINETLINK\VINETLINK.exe () -> "www.hp.com/go/keepspring05"
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Hot Deals\NetSmartz.lnk -> C:\hp\VINETLINK\VINETLINK.exe () -> "www.hp.com/go/smartzspring05"
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Hot Deals\Online File Sharing.lnk -> C:\hp\VINETLINK\VINETLINK.exe () -> "www.hp.com/go/filesharespring05"

==================== Loaded Modules (Whitelisted) ==============

2015-07-09 00:18 - 2015-07-09 00:18 - 00794920 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\kpcengine.2.3.dll
2007-06-05 13:20 - 2007-06-05 13:20 - 00177704 _____ () C:\WINDOWS\system32\PSIService.exe
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2004-11-26 01:58 - 2013-01-01 23:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\zip.exe:SummaryInformation [43]
AlternateDataStreams: C:\WINDOWS\zip.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 [115]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 [104]
AlternateDataStreams: C:\Documents and Settings\HP_Administrator\fix.reg:SummaryInformation [43]
AlternateDataStreams: C:\Documents and Settings\HP_Administrator\fix.reg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Documents and Settings\HP_Administrator\Desktop\WacomTablet_496-8.exe:SummaryInformation [43]
AlternateDataStreams: C:\Documents and Settings\HP_Administrator\Desktop\WacomTablet_496-8.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSI_SVC_2 => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7881 more sites.

IE restricted site: HKU\S-1-5-19\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-19\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-19\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-19\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-19\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-19\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-19\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-19\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-19\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-19\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-19\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-19\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-19\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-19\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-19\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-19\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-19\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-19\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-19\...\171203.com -> 171203.com
IE restricted site: HKU\S-1-5-19\...\1800searchonline.com -> www.1800searchonline.com

There are 4172 more sites.

IE restricted site: HKU\S-1-5-20\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-20\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-20\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-20\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-20\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-20\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-20\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-20\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-20\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-20\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-20\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-20\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-20\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-20\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-20\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-20\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-20\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-20\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-20\...\171203.com -> 171203.com
IE restricted site: HKU\S-1-5-20\...\1800searchonline.com -> www.1800searchonline.com

There are 4172 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-11-05 00:24 - 2014-01-29 22:10 - 00449956 ____N C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15461 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2502786744-1622484038-505356971-1008\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.254
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnkStartup
MSCONFIG\startupreg: Adobe Photo Downloader => "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: Driver Mender => C:\Program Files\Driver Mender\Driver Mender\DriverMender.exe /applicationMode:systemTray /showWelcome:false
MSCONFIG\startupreg: ehTray => C:\WINDOWS\ehome\ehtray.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPConnectionsXP c5abd8b1-0f62-43f4-a9b8-938e04bb517e => C:\Program Files\Hewlett-Packard\HP Connections XP\HPConnectionsXP.exe
MSCONFIG\startupreg: HPHmon06 => C:\WINDOWS\system32\hphmon06.exe
MSCONFIG\startupreg: HPHUPD06 => "c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe"
MSCONFIG\startupreg: IPInSightMonitor 01 => "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LGODDFU => "C:\Program Files\lg_fwupdate\lgfw.exe" blrun
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: Search Protection => C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "C:\program files\real\realplayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: Uploader => C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
MSCONFIG\startupreg: VeohPlugin => "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
MSCONFIG\startupreg: Yahoo! Pager => C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
MSCONFIG\startupreg: YBrowser => C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
MSCONFIG\startupreg: YSearchProtection => "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [%ProgramFiles%\iTunes\iTunes.exe] => enabled:iTunes
DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe] => Enabled:AOL
DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe] => Enabled:AOL
DomainProfile\AuthorizedApplications: [C:\Program Files\America Online 9.0\waol.exe] => Enabled:America Online 9.0
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\livecall.exe] => Enabled:Windows Live Messenger (Phone)
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dpvsetup.exe] => Enabled:Microsoft DirectPlay Voice Test
StandardProfile\AuthorizedApplications: [C:\Program Files\interMute\SpySubtract\SpySub.exe] => Enabled:SpySubtract
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Software Update\HPWUCli.exe] => Enabled:HP Software Update Client
StandardProfile\AuthorizedApplications: [C:\Program Files\Real\RealPlayer\realplay.exe] => Enabled:RealPlayer
StandardProfile\AuthorizedApplications: [C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe] => Disabled:Adobe Photoshop Elements Media Server
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Google Earth\client\googleearth.exe] => Enabled:Google Earth
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Google Earth\plugin\geplugin.exe] => Enabled:Google Earth
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Program Files\Veoh Networks\VeohWebPlayer\VeohWebPlayer.exe] => Enabled:Veoh Web Player
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\sessmgr.exe] => Disabled:@xpsp2res.dll,-22019
StandardProfile\AuthorizedApplications: [C:\Program Files\NetMeeting\conf.exe] => Disabled:Windows® NetMeeting®
StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\yserver.exe] => Disabled:Yahoo! FT Server
StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YPAGER.EXE] => Disabled:Yahoo! Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe] => Enabled:Kaspersky Anti-Virus
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\HP_Administrator\Application Data\Spotify\Spotify.exe] => Enabled:Spotify
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [8888:TCP] => Enabled:BiuHTTP

==================== Restore Points =========================

04-02-2016 23:29:56 System Checkpoint
06-02-2016 09:39:28 System Checkpoint
08-02-2016 11:37:41 System Checkpoint
09-02-2016 15:48:43 System Checkpoint
09-02-2016 18:26:04 Software Distribution Service 3.0
11-02-2016 16:32:25 System Checkpoint
12-02-2016 16:48:46 System Checkpoint
13-02-2016 17:32:25 System Checkpoint
14-02-2016 18:40:30 System Checkpoint
15-02-2016 23:38:45 System Checkpoint
17-02-2016 08:46:36 System Checkpoint
18-02-2016 18:16:22 System Checkpoint
20-02-2016 11:02:27 System Checkpoint
22-02-2016 11:12:20 System Checkpoint
23-02-2016 12:31:21 System Checkpoint
25-02-2016 02:56:00 System Checkpoint
26-02-2016 20:07:45 System Checkpoint
28-02-2016 10:11:57 System Checkpoint
29-02-2016 22:47:44 System Checkpoint
01-03-2016 19:14:16 First Restore Point
03-03-2016 11:14:47 System Checkpoint
05-03-2016 12:09:03 System Checkpoint
06-03-2016 23:50:31 System Checkpoint
08-03-2016 10:49:31 System Checkpoint
09-03-2016 09:00:17 Software Distribution Service 3.0
10-03-2016 14:20:36 System Checkpoint
12-03-2016 08:46:34 System Checkpoint
14-03-2016 12:33:52 System Checkpoint
15-03-2016 16:19:26 System Checkpoint
17-03-2016 23:03:24 System Checkpoint
19-03-2016 17:18:44 System Checkpoint
21-03-2016 00:03:18 System Checkpoint
22-03-2016 09:45:50 System Checkpoint
24-03-2016 00:03:18 System Checkpoint
25-03-2016 16:18:50 System Checkpoint
29-03-2016 10:12:48 System Checkpoint
30-03-2016 18:44:28 System Checkpoint
01-04-2016 11:14:36 System Checkpoint
02-04-2016 14:40:27 System Checkpoint
03-04-2016 20:59:43 System Checkpoint
05-04-2016 05:56:54 System Checkpoint
06-04-2016 21:44:40 System Checkpoint
08-04-2016 01:24:46 System Checkpoint
10-04-2016 23:01:54 System Checkpoint
12-04-2016 04:40:13 System Checkpoint
12-04-2016 18:32:56 Software Distribution Service 3.0
14-04-2016 18:29:06 System Checkpoint
15-04-2016 21:08:25 System Checkpoint
18-04-2016 06:00:39 System Checkpoint
19-04-2016 11:25:42 System Checkpoint
20-04-2016 16:55:22 System Checkpoint
22-04-2016 16:13:59 System Checkpoint
24-04-2016 07:09:13 System Checkpoint
25-04-2016 18:55:46 System Checkpoint
27-04-2016 00:48:47 System Checkpoint
28-04-2016 13:06:44 System Checkpoint
29-04-2016 18:57:28 System Checkpoint
30-04-2016 13:00:55 Restore Operation
01-05-2016 23:09:48 System Checkpoint
03-05-2016 01:23:52 System Checkpoint
04-05-2016 12:16:35 System Checkpoint
06-05-2016 09:10:05 System Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/03/2016 02:53:19 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt>with error: The server name or address could not be resolved

Error: (05/03/2016 03:08:05 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040206.

Error: (05/03/2016 03:08:05 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 800706BF from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.

Error: (04/27/2016 12:02:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 45.0.2.5941, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/26/2016 05:19:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 45.0.2.5941, faulting module mozglue.dll, version 45.0.2.5941, fault address 0x0000ec22.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (04/21/2016 05:06:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application realconverter.exe, version 16.0.3.51, faulting module unknown, version 0.0.0.0, fault address 0x485c7367.
Processing media-specific event for [realconverter.exe!ws!]

Error: (04/18/2016 06:39:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 45.0.2.5941, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/09/2016 01:06:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 45.0.1.5918, faulting module mozglue.dll, version 45.0.1.5918, fault address 0x0000f0ea.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (03/25/2016 04:54:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 45.0.1.5918, faulting module mozglue.dll, version 45.0.1.5918, fault address 0x0000f0ea.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (03/10/2016 04:09:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 44.0.2.5884, faulting module mozglue.dll, version 44.0.2.5884, fault address 0x0000ed3b.
Processing media-specific event for [plugin-container.exe!ws!]


System errors:
=============
Error: (05/06/2016 09:58:41 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Active File Monitor V4 service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/06/2016 09:58:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Pml Driver HPZ12 service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/06/2016 08:50:41 AM) (Source: Windows Update Agent) (EventID: 16) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (05/04/2016 12:27:25 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (05/04/2016 12:43:59 AM) (Source: WPDMTPDriver) (EventID: 15300) (User: )
Description: MTP WPD Driver has failed to start. Error 0x8007001f.

Error: (05/04/2016 12:43:51 AM) (Source: WPDMTPDriver) (EventID: 15300) (User: )
Description: MTP WPD Driver has failed to start. Error 0x8007001f.

Error: (05/04/2016 12:43:44 AM) (Source: WPDMTPDriver) (EventID: 15300) (User: )
Description: MTP WPD Driver has failed to start. Error 0x8007001f.

Error: (05/03/2016 10:46:28 PM) (Source: Windows Update Agent) (EventID: 16) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (05/03/2016 03:30:35 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (05/03/2016 03:25:56 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}


==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 3.00GHz
Percentage of memory in use: 53%
Total physical RAM: 2047.29 MB
Available physical RAM: 948.31 MB
Total Virtual: 3388.63 MB
Available Virtual: 2323.48 MB

==================== Drives ================================

Drive c: (HP_PAVILION) (Fixed) (Total:226.12 GB) (Free:59.79 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (HP_RECOVERY) (Fixed) (Total:6.74 GB) (Free:0.67 GB) FAT32 ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 5FE34B69)
Partition 1: (Not Active) - (Size=6.8 GB) - (Type=0B)
Partition 2: (Active) - (Size=226.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Edited by wreekhavoc, 06 May 2016 - 12:45 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: koobface, hacked, remote access takeover

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP