Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

computer was hacked remotely, possible koobface infection


  • Please log in to reply
55 replies to this topic

#1 Goldwood

Goldwood

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:29 AM

Posted 06 May 2016 - 03:23 PM

Greetings,

I was recently given a link by a friend (who has since had the same problem), to download a song by Prince. I went to the site, once I clicked on the link for the download, a page with the AT&T logo pops up and I hear a bell sound. A recording comes on telling me my service is being interrupted because AT&T is picking up that my computer has been targeted and the line could be damaged which they could then charge me to repair the line. It looked legit. There was a number to call for Tech Support. I called the number and then the red flag. The person who answered told me they were working for another company who is hired by AT&T through Microsoft in order to fix these kind of problems. Mind you this was all happening as I was leaving for work, I thought I would be listening to a Prince song on my way, but, now my computer is being hacked. They had me open up the command line and type in a number of commands. I didn't think to write any of this down (stupid me). Eventually they told me I needed to go to one of two websites for tech support but it will cost me $249.99 at Right Help Desk and  $229.99 at Cyber Tech Help. I believe the telephone number I was prompted to call was 1-888-403-7230. Before I could give them permission to access my computer remotely, I saw my cursor moving and windows were opening and closing. I had managed to get the real AT&T on the phone by stalling with the hackers. The real AT&T tech told me to shut down the computer and unplug the internet line. I would now have to get my computer serviced by a local tech or re-install my OS (Windows XP). I ended up trying system restore and the computer seems fine now, however, I just want to be sure there are no remnants of malware or anything the hackers could've left behind to alert them that my computer is back online.

 

Here are the FRST and Addition logs as requested.

Thank you.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:06-05-2016 02
Ran by HP_Administrator (administrator) on NAKAMI (06-05-2016 10:58:40)
Running from C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Loaded Profiles: HP_Administrator (Available Profiles: HP_Administrator & Administrator & Guest)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\system32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\WINDOWS\system32\imapi.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
() C:\WINDOWS\system32\PSIService.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avpui.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
(Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe
(Sonic Solutions) C:\WINDOWS\system32\dla\tfswctrl.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
(RealTek Semicoductor Corp.) C:\WINDOWS\ALCWZRD.EXE
(Agere Systems) C:\WINDOWS\AGRSMMSG.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [86016 2005-09-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Recguard] => C:\WINDOWS\SMINST\RECGUARD.EXE [233472 2004-04-14] ()
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [LSBWatcher] => c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [253952 2005-05-10] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] => C:\HP\KBD\KBD.EXE [61440 2005-02-02] (Hewlett-Packard Company)
HKLM\...\Run: [hpsysdrv] => c:\windows\system\hpsysdrv.exe [52736 1998-05-07] (Hewlett-Packard Company)
HKLM\...\Run: [dla] => C:\WINDOWS\system32\dla\tfswctrl.exe [122939 2004-08-03] (Sonic Solutions)
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2004-09-09] (ATI Technologies, Inc.)
HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2807808 2005-09-21] (RealTek Semicoductor Corp.)
HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88209 2005-03-04] (Agere Systems)
HKLM\...\Run: [UpdatePSTShortCut] => "C:\Program Files\CyberLink\Media Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Media Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [UpdateLBPShortCut] => "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
HKLM\...\Run: [UCam_Menu] => "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
HKLM\...\Run: [UpdateP2GoShortCut] => "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\7.0"
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [295512 2014-06-24] (RealNetworks, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2004-09-10] (ATI Technologies Inc.)
Winlogon\Notify\GoToAssist Express Customer:
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20] (Intel Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-2502786744-1622484038-505356971-1008\...\Run: [Spotify Web Helper] => C:\Documents and Settings\HP_Administrator\Application Data\Spotify\SpotifyWebHelper.exe [2346096 2016-01-06] (Spotify Ltd)
HKU\S-1-5-21-2502786744-1622484038-505356971-1008\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [204288 2006-10-18] (Microsoft Corporation)
HKU\S-1-5-21-2502786744-1622484038-505356971-1008\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\space.scr [7093760 2004-08-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoTBar.exe [2003-09-30] (Hewlett-Packard)
BootExecute: autocheck autochk * SsiEfr.e

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2011-04-06] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{851C140C-E6EC-4521-B00A-3B6B83A56BF6}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2502786744-1622484038-505356971-1008\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2502786744-1622484038-505356971-1008\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2502786744-1622484038-505356971-1008\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
URLSearchHook: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn22\yt.dll No File
SearchScopes: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> {2C9E0EE4-2610-B903-9AF4-523D61CB8099} URL = hxxp://www.startnow.com/s/?q={searchTerms}&src=defsearch&provider=Bing&provider_code=Z095&partner_id=667&product_id=636&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110626&user_guid=FD9EA4BBD8914B69A4137887540C8B68&machine_id=ae9c155223e984dbed7b1be58818983b&browser=IE&os=win&os_version=5.1-x86-SP3
SearchScopes: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> {B69C22F5-7773-4177-89FF-61BFB58E2445} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MS8TDF&pc=MS8TDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> {F39FCA2F-421E-42AE-B7EE-5F038CE7DD7B} URL =
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn22\yt.dll => No File
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: No Name -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -> __BHODemonDisabled => No File
BHO: Yahoo! IE Services Button -> {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -> C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll => No File
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\system32\dla\tfswshx.dll [2004-08-03] (Sonic Solutions)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30] (Microsoft Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll => No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-11-27] (AO Kaspersky Lab)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
BHO: SidebarAutoLaunch Class -> {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} -> C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll [2005-02-03] (Yahoo! Inc.)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn17\YTSingleInstance.dll [2010-03-23] (Yahoo! Inc)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn22\yt.dll No File
Toolbar: HKLM - HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [2003-11-21] (Hewlett-Packard Company)
Toolbar: HKLM - Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll No File
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-11-27] (AO Kaspersky Lab)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [2003-11-21] (Hewlett-Packard Company)
Toolbar: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
Toolbar: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn22\yt.dll No File
Toolbar: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> No Name - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -  No File
Toolbar: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -  No File
Toolbar: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} -  No File
Toolbar: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} hxxp://download.microsoft.com/download/7/0/7/707a44ad-52ad-49af-b7ef-e21b6b0656e4/VirtualEarth3D.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94}
DPF: {15B782AF-55D8-11D1-B477-006097098764} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} hxxp://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {49232000-16E4-426C-A231-62846947304B} hxxp://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://by135w.bay135.mail.live.com/mail/resources/MsnPUpld.cab
DPF: {55027008-315F-4F45-BBC3-8BE119764741} hxxp://static.slide.com/uploader/SlideImageUploader.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll
DPF: {A526A2C7-723E-4081-BF70-A7A9913E8C4A} hxxp://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} hxxp://download.yahoo.com/dl/installs/yab_af.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} hxxp://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} hxxp://download.abacast.com/download/files/abasetup163.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} hxxp://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} hxxp://by103fd.bay103.hotmail.msn.com/activex/HMAtchmt.ocx
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

FireFox:
========
FF ProfilePath: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\qpxq73t5.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: about:home
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_197.dll [No File]
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-06-07] ()
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll [No File]
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin: @meadco.com/neptune plugin,version=2.0.0.29 -> C:\PROGRA~1\MEADCO~1\npmeadax.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=2.5 -> C:\Program Files\Virtual Earth 3D\ [] ()
FF Plugin: @microsoft.com/VirtualEarth3D,version=3.0 -> C:\Program Files\Virtual Earth 3D\ [] ()
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\ATT\8.4.1.12\ma\bin\npMotive.dll [No File]
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2014-06-24] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-08-05] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-08-05] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2014-06-24] (RealPlayer)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.1 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll [2007-09-18] (RealNetworks, Inc.)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @yverinfo.yahoo.com/YahooVersionInfoPlugin;version=1.0.0.1 -> C:\Program Files\Yahoo!\Shared\npYVerInfo.dll [No File]
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll [No File]
FF Plugin HKU\S-1-5-21-2502786744-1622484038-505356971-1008: @tools.google.com/Google Update;version=2 -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.2.121.9\npGoogleOneClick.dll [No File]
FF Plugin HKU\S-1-5-21-2502786744-1622484038-505356971-1008: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2009-11-30] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2502786744-1622484038-505356971-1008: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll [2012-07-24] (Amazon.com, Inc.)
FF user.js: detected! => C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\qpxq73t5.default\user.js [2015-06-12]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2009-09-25] (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2014-06-24] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-09-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-09-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-09-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-09-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-09-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2014-06-24] (RealPlayer)
FF SearchPlugin: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\qpxq73t5.default\searchplugins\bing-zugo.xml [2011-06-25]
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-26] [not signed]
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-06-24] [not signed]
FF Extension: Kaspersky Protection - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox [2016-03-01]
FF Extension: YouTube Video and Audio Downloader - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\qpxq73t5.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2016-05-06]
FF Extension: Media Converter and Muxer - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\qpxq73t5.default\Extensions\jid1-kps5PrGBNtzSLQ@jetpack.xpi [2016-04-10]
FF Extension: Yahoo! Toolbar - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\qpxq73t5.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2) [2014-09-13] [not signed]
FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2016-04-11] [not signed]
FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2016-04-11] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-09-11] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-08-05] [not signed]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox
FF HKLM\...\Thunderbird\Extensions: [{eea12ec4-729d-4703-bc37-106ce9879ce2}] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt => not found
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2011-06-09]

Chrome:
=======
CHR Profile: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Beatlab) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alnfdikmbdfgkcbdodjcbmedanjinmkk [2015-04-21]
CHR Extension: (Kaspersky Protection) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2015-10-30]
CHR Extension: (RealDownloader) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-09-16]
CHR Extension: (Until AM for Chrome) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mjafmkicbmhcbapadecadciafbkecofl [2014-10-27]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeActiveFileMonitor4.0; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [102400 2005-09-09] () [File not signed]
R2 AVP16.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe [194000 2015-11-27] (Kaspersky Lab ZAO)
S2 gupdate1c9c9d71833ca6e; C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-13] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-07-25] (Oracle Corporation)
R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2005-12-18] (Hewlett-Packard Company) [File not signed]
S4 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
S2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2006-03-02] (HP) [File not signed]
R2 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [177704 2007-06-05] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 SMTPSVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-13] (Microsoft Corporation)
S4 TabletService; C:\WINDOWS\system32\Tablet.exe [942080 2006-08-30] (Wacom Technology, Corp.) [File not signed]
R2 W3SVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-13] (Microsoft Corporation)
S4 YPCService; C:\WINDOWS\system32\YPCSER~1.EXE [86016 2003-05-19] (Yahoo! Inc.) [File not signed]
S4 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BCMNTIO; C:\Program Files\CheckIt\Diagnostics\BCMNTIO.SYS [3744 2004-03-05] () [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 Cinemsup; C:\WINDOWS\system32\Drivers\Cinemsup.sys [6656 2003-12-19] (Sonic Solutions) [File not signed]
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [201912 2015-07-06] (Kaspersky Lab ZAO)
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [87136 2004-08-04] (Sonic Solutions) [File not signed]
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40448 2004-07-14] (Sonic Solutions) [File not signed]
R3 hcwPP2; C:\WINDOWS\System32\DRIVERS\hcwPP2.sys [185728 2007-02-06] (Hauppauge Computer Works, Inc.)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2005-10-21] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-10-21] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2005-10-21] (HP)
R3 IrBus; C:\WINDOWS\System32\DRIVERS\IrBus.sys [46848 2013-07-16] (Microsoft Corporation)
R3 Iviaspi; C:\WINDOWS\System32\drivers\iviaspi.sys [21060 2003-09-11] (InterVideo, Inc.) [File not signed]
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [153784 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [46776 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [57712 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\WINDOWS\System32\DRIVERS\kldisk.sys [66976 2016-03-01] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\System32\DRIVERS\klflt.sys [150408 2015-11-27] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\DRIVERS\klhk.sys [44216 2015-11-27] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [766360 2016-03-01] (AO Kaspersky Lab)
R3 klim5; C:\WINDOWS\System32\DRIVERS\klim5.sys [36448 2013-04-19] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\WINDOWS\System32\DRIVERS\klkbdflt.sys [36024 2015-06-04] (Kaspersky Lab ZAO)
R3 klmouflt; C:\WINDOWS\System32\DRIVERS\klmouflt.sys [37040 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [39304 2015-11-27] (AO Kaspersky Lab)
R1 kltdf; C:\WINDOWS\System32\DRIVERS\kltdf.sys [73912 2015-06-10] (Kaspersky Lab ZAO)
R1 kltdi; C:\WINDOWS\System32\DRIVERS\kltdi.sys [54328 2015-06-11] (Kaspersky Lab ZAO)
R1 kneps; C:\WINDOWS\System32\DRIVERS\kneps.sys [156856 2015-06-23] (Kaspersky Lab ZAO)
R2 MAPMEM; C:\Program Files\CheckIt\Diagnostics\MAPMEM.SYS [3904 2004-03-05] () [File not signed]
R2 MDC8021X; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [15781 2004-04-13] (Meetinghouse Data Communications) [File not signed]
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 Nsynas32; C:\WINDOWS\system32\Drivers\Nsynas32.sys [17784 2000-06-16] (Syncrosoft Hard- und Software GmbH) [File not signed]
R3 Pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2003-09-19] (Padus, Inc.) [File not signed]
S3 PLTurbo; C:\WINDOWS\System32\drivers\plturbo.sys [18048 2009-06-26] (Prolific Technology Inc.)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [46976 2002-10-04] (Realtek Semiconductor Corporation       )
R1 sdcplh; C:\WINDOWS\System32\drivers\sdcplh.sys [55168 2006-01-03] (Macrovision Europe Ltd) [File not signed]
S3 SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [229888 2004-09-29] (Silicon Integrated Systems Corporation)
R1 SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [12928 2004-09-24] (Silicon Integrated Systems Corporation)
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions) [File not signed]
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions) [File not signed]
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25723 2004-08-03] (Sonic Solutions) [File not signed]
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34843 2004-08-03] (Sonic Solutions) [File not signed]
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4123 2004-08-03] (Sonic Solutions) [File not signed]
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2239 2004-08-03] (Sonic Solutions) [File not signed]
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86138 2004-08-03] (Sonic Solutions) [File not signed]
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [14715 2004-08-03] (Sonic Solutions) [File not signed]
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6363 2004-08-03] (Sonic Solutions) [File not signed]
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98714 2004-08-03] (Sonic Solutions) [File not signed]
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100603 2004-08-03] (Sonic Solutions) [File not signed]
S3 TVICHW32; C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [23600 2009-05-06] (EnTech Taiwan) [File not signed]
S3 110df677-84f6-4876-9ba3-3ff35ca08517; \??\F:\Player\cds300.dll [X]
S3 catchme; \??\C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys [X]
S3 cleanhlp; \??\C:\EEK\bin\cleanhlp32.sys [X]
S3 JL2005C; System32\Drivers\jl2005c.sys [X]
S3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [X]
S3 PLTurbh; system32\drivers\plturbh.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
U3 Winsock - Google Desktop Search Backup Before First Install; no ImagePath
U3 Winsock - Google Desktop Search Backup Before Last Install; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-06 10:58 - 2016-05-06 10:58 - 00000000 ____D C:\FRST
2016-05-03 03:03 - 2016-05-03 03:03 - 00122880 _____ C:\WINDOWS\Minidump\Mini050316-01.dmp
2016-05-03 02:04 - 2008-02-29 00:57 - 13171256 _____ C:\Documents and Settings\HP_Administrator\My Documents\DNS1200_ENGLISH.pdf
2016-04-29 16:42 - 2016-04-29 17:59 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\LogMeIn Rescue Applet
2016-04-21 13:24 - 2016-04-21 13:24 - 00000073 _____ C:\Documents and Settings\HP_Administrator\My Documents\erotic city link.txt
2016-04-13 17:59 - 2016-04-13 17:59 - 00002949 _____ C:\Documents and Settings\HP_Administrator\My Documents\Alkalizing foods.txt
2016-04-11 18:50 - 2016-04-13 00:34 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-06 10:59 - 2005-03-25 02:12 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Temp
2016-05-06 10:51 - 2014-01-15 12:27 - 00001830 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
2016-05-06 10:51 - 2014-01-15 12:27 - 00001824 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2016-05-06 10:51 - 2009-06-30 10:53 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-06 10:02 - 2013-01-10 21:44 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-05-06 09:58 - 2014-10-28 15:45 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2016-05-06 09:10 - 2004-11-04 17:29 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-05-06 08:54 - 2016-02-02 09:49 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d15dd9c1134ab0.job
2016-05-06 08:54 - 2015-12-06 22:50 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d130b32902c382.job
2016-05-06 08:53 - 2009-03-19 14:35 - 00000444 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{8FE3CB99-92E6-4DAE-A627-DA855E22B17F}.job
2016-05-06 08:49 - 2005-03-24 23:42 - 00000189 _____ C:\WINDOWS\system\hpsysdrv.DAT
2016-05-06 08:48 - 2004-11-05 01:56 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-06 08:48 - 2004-11-05 00:25 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2016-05-04 14:22 - 2013-10-29 03:39 - 01031214 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2502786744-1622484038-505356971-1008-0.dat
2016-05-04 14:22 - 2013-10-28 21:53 - 00235022 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2016-05-04 14:22 - 2005-03-25 02:12 - 00000178 ___SH C:\Documents and Settings\HP_Administrator\ntuser.ini
2016-05-04 14:22 - 2004-11-05 01:56 - 00031962 _____ C:\WINDOWS\SchedLgU.Txt
2016-05-04 13:55 - 2015-05-17 22:49 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0912e766d841a.job
2016-05-04 13:55 - 2014-11-12 18:51 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cffee44fc023e1.job
2016-05-04 12:54 - 2015-07-15 13:50 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0bf3fe6c9cf71.job
2016-05-04 12:27 - 2004-11-05 00:28 - 00000279 ___SH C:\boot.ini
2016-05-04 12:27 - 2004-11-05 00:25 - 00000678 _____ C:\WINDOWS\win.ini
2016-05-04 12:27 - 2004-11-05 00:25 - 00000300 _____ C:\WINDOWS\system.ini
2016-05-04 00:46 - 2005-03-25 02:12 - 00000000 ___RD C:\Documents and Settings\HP_Administrator\My Documents\My Pictures
2016-05-03 22:54 - 2015-02-07 14:50 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d043201b8e31a4.job
2016-05-03 21:55 - 2015-09-14 20:50 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0ef69a6406cc5.job
2016-05-03 20:55 - 2015-08-30 12:49 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0e35da3dd052.job
2016-05-03 18:55 - 2009-06-30 10:53 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-03 17:56 - 2014-10-17 18:50 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfea75db495c48.job
2016-05-03 15:23 - 2014-08-29 14:46 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2016-05-03 15:22 - 2007-01-23 15:09 - 02928318 _____ C:\WINDOWS\ntbtlog.txt
2016-05-03 14:31 - 2007-06-10 11:10 - 00000000 ____D C:\Program Files\Hijackthis
2016-05-03 03:43 - 2015-08-09 07:35 - 00000000 ____D C:\Program Files\lg_fwupdate
2016-05-03 03:43 - 2012-07-12 01:43 - 00000338 _____ C:\WINDOWS\lgfwup.ini
2016-05-03 03:03 - 2005-05-12 13:40 - 00000000 ____D C:\WINDOWS\Minidump
2016-05-03 02:13 - 2006-05-10 18:38 - 01292078 ___SH C:\Documents and Settings\HP_Administrator\My Documents\Thumbs.db
2016-05-03 02:04 - 2005-03-25 02:12 - 00000000 ___RD C:\Documents and Settings\HP_Administrator\My Documents
2016-05-03 01:32 - 2014-10-13 19:47 - 00002443 _____ C:\Documents and Settings\HP_Administrator\Desktop\DDJ Music Manager.lnk
2016-04-30 19:54 - 2005-03-25 02:12 - 00000000 ____D C:\Documents and Settings\HP_Administrator
2016-04-30 19:44 - 2015-06-12 10:06 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-04-30 18:33 - 2005-04-05 00:58 - 00081920 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\ALCFDRTM.VER
2016-04-30 18:25 - 2005-03-25 02:12 - 00000000 ___RD C:\Documents and Settings\HP_Administrator\My Documents\My Music
2016-04-30 17:52 - 2013-09-17 21:06 - 00000300 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2502786744-1622484038-505356971-1008.job
2016-04-30 17:52 - 2013-09-14 15:59 - 00000308 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2502786744-1622484038-505356971-1008.job
2016-04-30 15:11 - 2006-11-28 17:05 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2016-04-30 13:02 - 2007-05-20 16:00 - 00000000 ____D C:\Documents and Settings\Guest
2016-04-30 13:02 - 2004-11-05 01:57 - 00000000 ____D C:\Documents and Settings\Administrator
2016-04-30 13:02 - 2004-11-05 01:56 - 00000000 __SHD C:\Documents and Settings\NetworkService
2016-04-30 13:02 - 2004-11-05 01:56 - 00000000 __SHD C:\Documents and Settings\LocalService
2016-04-30 13:01 - 2004-11-05 01:44 - 00000000 ____D C:\WINDOWS\Registration
2016-04-30 12:47 - 2004-11-05 01:57 - 00000178 __SHC C:\Documents and Settings\Administrator\ntuser.ini
2016-04-30 12:45 - 2010-10-18 10:01 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2016-04-29 17:41 - 2013-08-11 10:59 - 00000330 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2502786744-1622484038-505356971-1008.job
2016-04-29 16:42 - 2009-03-29 06:36 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Deployment
2016-04-28 17:57 - 2016-01-06 22:36 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\Spotify
2016-04-28 17:56 - 2016-01-06 22:37 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Spotify
2016-04-28 04:44 - 2012-08-05 23:55 - 00000308 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2502786744-1622484038-505356971-1008.job
2016-04-26 17:32 - 2013-01-14 08:19 - 00000348 _____ C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2502786744-1622484038-505356971-1008.job
2016-04-13 07:06 - 2013-04-02 20:58 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-04-12 18:48 - 2013-07-31 09:30 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-12 18:33 - 2005-05-12 03:00 - 132539272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-10 20:44 - 2012-04-06 10:59 - 00797376 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-04-10 20:43 - 2011-05-13 08:18 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-04-08 15:00 - 2014-03-11 17:51 - 00000238 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2016-04-07 20:42 - 2005-03-25 23:48 - 00000196 _____ C:\Documents and Settings\HP_Administrator\Application Data\G-Force Prefs (WindowsMediaPlayer).txt

==================== Files in the root of some directories =======

2005-04-16 00:53 - 2005-04-16 00:53 - 0000251 ____C () C:\Program Files\wt3d.ini
2014-09-25 00:54 - 2015-12-15 21:14 - 0000395 _____ () C:\Documents and Settings\HP_Administrator\Application Data\FotoSketcher.ini
2005-03-25 23:48 - 2016-04-07 20:42 - 0000196 _____ () C:\Documents and Settings\HP_Administrator\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
2006-04-11 06:45 - 2007-01-25 15:38 - 0025074 ____C () C:\Documents and Settings\HP_Administrator\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
2005-03-25 13:42 - 2008-05-18 22:39 - 0007156 ____C () C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2005-03-25 03:21 - 2015-10-14 10:58 - 0168960 _____ () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2005-03-25 02:12 - 2005-03-25 02:45 - 0000139 _____ () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
2011-11-02 13:27 - 2011-11-02 13:27 - 0017408 ____C () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\WebpageIcons.db
2004-11-05 04:15 - 2009-10-06 11:46 - 0015140 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2006-08-03 01:11 - 2007-12-29 15:17 - 0002917 ____C () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Files to move or delete:
====================
C:\Documents and Settings\HP_Administrator\fix.reg
C:\Documents and Settings\HP_Administrator\g2ax_customer_downloadhelper_win32_x86.exe
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-6016B75E508}.job


Some files in TEMP:
====================
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp20rr8d.dll
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\DseShExt-x86.dll
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\DUNZIP32.dll
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\fp_pl_pfs_installer.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jre-7u55-windows-i586-iftw.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\lowproc.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\oi_{4BF13721-0387-4DC4-8711-6F0163C5B4DD}.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pcDesktopAlertNotifierX.dll
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\rnupdate0.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\RT150809.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\SDShelEx-win32.dll
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\SHSetup.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\stubhelper.dll
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Uninstall.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:06-05-2016 02
Ran by HP_Administrator (2016-05-06 11:00:57)
Running from C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) (2005-03-25 09:11:21)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2502786744-1622484038-505356971-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-2502786744-1622484038-505356971-1009 - Limited - Enabled)
Guest (S-1-5-21-2502786744-1622484038-505356971-501 - Limited - Disabled) => %SystemDrive%\Documents and Settings\Guest
HelpAssistant (S-1-5-21-2502786744-1622484038-505356971-1007 - Limited - Disabled)
HP_Administrator (S-1-5-21-2502786744-1622484038-505356971-1008 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\HP_Administrator
IUSR_NAKAMI (S-1-5-21-2502786744-1622484038-505356971-1011 - Limited - Enabled)
IWAM_NAKAMI (S-1-5-21-2502786744-1622484038-505356971-1012 - Limited - Enabled)
SUPPORT_388945a0 (S-1-5-21-2502786744-1622484038-505356971-1002 - Limited - Disabled)
SUPPORT_fddfa904 (S-1-5-21-2502786744-1622484038-505356971-1006 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Anti-Virus (Enabled - Up to date) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus (Disabled) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1600 (Version: 47.0.1.000 - Hewlett-Packard) Hidden
1600_Help (Version: 47.0.1.000 - Hewlett-Packard) Hidden
1600Trb (Version: 47.0.1.000 - Hewlett-Packard) Hidden
Abacast Client (HKLM\...\Abacast Client) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Photoshop Elements 4.0 (HKLM\...\Adobe Photoshop Elements 4) (Version: 4.0 - Adobe Systems Inc.)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Adobe® Photoshop® Album Starter Edition 3.0 (HKLM\...\{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}) (Version: 3.0.1 - Adobe Systems, Inc.)
Adobe® Photoshop® Album Starter Edition 3.0.1 (HKLM\...\{C9618743-1A5C-461E-91C4-E013A3D70F3C}) (Version: 3.0.1 - Adobe Systems, Inc.)
Agere Systems PCI Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - )
AiO_Scan (Version: 47.0.1.000 - Hewlett-Packard) Hidden
AiOSoftware (Version: 47.0.1.000 - Hewlett-Packard) Hidden
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C23CD6DA-1958-43A5-ADD0-59396572E02E}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArtRage 2 (HKLM\...\{12766F00-807F-4978-8D24-FDD0A3D60EE4}) (Version: 2.6.0 - Ambient Design)
ArtRage 2.2 (HKLM\...\ArtRage_is1) (Version:  - Ambient Design Ltd)
ArtRage Studio (HKLM\...\{DAE9A7CF-8619-482A-82CA-6D7F5D400239}) (Version: 3.5.5 - Ambient Design)
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5125 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.06-040909a-018560C-HP - )
AXIS Media Control Embedded (HKLM\...\AXIS Media Control Embedded) (Version:  - )
Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{C2E4B5BD-32DB-4817-A060-341AB17C3F90}) (Version: 2.0.5.0 - Apple Inc.)
BufferChm (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CheckIt  Diagnostics (HKLM\...\CheckIt  Diagnostics) (Version: 7.1 - Smith Micro Software, Inc.)
Copy (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CP_AtenaShokunin1Config (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CP_CalendarTemplates1 (Version: 60.0.155.000 - Hewlett-Packard) Hidden
cp_dwShrek2Albums1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
cp_dwShrek2Cards1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
cp_OnlineProjectsConfig (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CP_Package_Basic1 (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CP_Panorama1Config (Version: 60.0.155.000 - Hewlett-Packard) Hidden
cp_PosterPrintConfig (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CreativeProjects (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CreativeProjectsTemplates (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
CueTour (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Dassault Systemes Software Prerequisites x86 (HKLM\...\{42C4AFF5-EFAA-433B-9DED-076FF8B0B833}) (Version: 8.1.2 - Dassault Systemes)
DDJMMAN (HKLM\...\{4DC44CCC-3248-44D7-A655-E13FEE6F5FB9}) (Version: 1.2.3 - DENON_DJ)
Destinations (Version: 60.0.155.000 - Hewlett-Packard) Hidden
DeviceFunctionQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DocProc (Version: 4.5.0.0 - Hewlett-Packard) Hidden
DocumentViewer (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-2502786744-1622484038-505356971-1008\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - )
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Fax (Version: 47.0.1.000 - Hewlett-Packard) Hidden
FaxTools (HKLM\...\{F45298E5-0083-426F-A668-1A2C5F04B8A0}) (Version: 5.10 - BVRP Software)
Filter Forge 1.021 (HKLM\...\Filter Forge_is1) (Version:  - Filter Forge, Inc.)
FotoSketcher 3.20 (HKLM\...\{E7C6D565-2E48-4303-A114-AFE7B2E561AF}_is1) (Version:  - David THOIRON)
FoxyTunes for Firefox (HKLM\...\FoxyTunesForFirefox) (Version:  - )
Free Video To Audio Converter 2014 4.6.1 (HKLM\...\Free Video To Audio Converter 2014_is1) (Version:  - FAEMedia Co., Ltd.)
FullDPAppQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
GdiplusUpgrade (Version: 1.00.01 - Hewlett-Packard) Hidden
GemMaster Mystic (HKLM\...\12133444-BF36-4d4e-B7FB-A3424C645DE4) (Version:  - )
getPlus®_ocx (HKLM\...\getPlus®_ocx) (Version:  - )
G-Force (HKLM\...\G-Force) (Version: 3.5.6 - SoundSpectrum)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth (HKLM\...\{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}) (Version: 6.2.1.6014 - Google)
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Firefox (HKLM\...\{2CCBABCB-6427-4A55-B091-49864623C43F}) (Version: 7.1.20100830 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
Help and Support Additions (HKLM\...\Help and Support Additions) (Version:  - )
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
Highlight Viewer (Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation) Hidden
HighMAT Extension to Microsoft Windows XP CD Writing Wizard (HKLM\...\{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}) (Version: 1.1.1905.1 - Microsoft Corporation)
HijackThis 1.99.1 (HKLM\...\HijackThis) (Version: 1.99.1 - Soeperman Enterprises Ltd.)
Hijackthis 1.99.1 (HKLM\...\Hijackthis_is1) (Version:  - Soeperman Enterprises Ltd)
HP Connections XP (HKLM\...\{DCA27D8C-8144-4CF3-9A38-920548C06ED5}) (Version: 1.00.0000 - Hewlett-Packard)
HP Deskjet Preloaded Printer Drivers (HKLM\...\{F419D20A-7719-4639-8E30-C073A040D878}) (Version: 8.3.3.0 - Hewlett-Packard Company)
HP Extended Capabilities 4.7 (HKLM\...\HPExtendedCapabilities) (Version: 4.7 - HP)
HP Image Zone for Media Center PC (HKLM\...\{8D0C57BC-4942-4960-BB6D-142456D6F233}) (Version: 1.01.001 - Hewlett-Packard Company)
HP Image Zone Plus 4.2.3 (HKLM\...\{0D182A5E-AEE0-42ca-BD1D-4EEB2FFA256D}) (Version: 4.2.3 - HP)
HP Imaging Device Functions 6.0 (HKLM\...\HP Imaging Device Functions) (Version: 6.0 - HP)
HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Photosmart Premier Software 6.0 (HKLM\...\HP Photo & Imaging) (Version: 6.0 - HP)
HP Product Detection (HKLM\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company)
HP PSC & OfficeJet 4.7 (HKLM\...\{342C7C88-D335-4bc2-8CF1-281857629CE2}) (Version:  - HP)
HP Software Update (HKLM\...\{457791C5-D702-4143-A7B2-2744BE9573F2}) (Version: 2.0.39.20040212 - Hewlett-Packard)
HP Solution Center and Imaging Support Tools 6.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 6.0 - HP)
HP Tunes (HKLM\...\{D54193B7-D2DF-4977-B546-86CA48DB214E}) (Version: 2.1.0.5 - Hewlett-Packard Company)
HP Update (HKLM\...\{FE57DE70-95DE-4B64-9266-84DA811053DB}) (Version: 4.000.012.001 - Hewlett-Packard)
HPHDiscovery (Version: 1.0.0.0 - Hewlett-Packard) Hidden
HPIZ423 (Version: 42.2.3 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 60.0.155.000 - Hewlett-Packard) Hidden
HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden
HPSystemDiagnostics (Version: 1.6.0.0 - Your Company Name) Hidden
InstantShare (Version: 45.4.157.000 - Hewlett-Packard) Hidden
InstantShareDevices (Version: 60.0.155.000 - Hewlett-Packard) Hidden
InterActual Player (HKLM\...\InterActual Player) (Version:  - )
InterVideo DiscLabel (HKLM\...\{C3F058C0-A21C-452D-8D99-95B1A45F417D}) (Version:  - )
InterVideo WinDVD Creator (HKLM\...\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}) (Version: 2.5.14.382 - InterVideo Inc.)
InterVideo WinDVD Player (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.896 - InterVideo Inc.)
iTunes (HKLM\...\{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}) (Version: 10.3.1.55 - Apple Inc.)
Kaspersky Anti-Virus (HKLM\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Anti-Virus (Version: 16.0.0.614 - Kaspersky Lab) Hidden
Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version:  - )
LG CyberLink LabelPrint (Version: 2.5.3624 - CyberLink Corp.) Hidden
LG CyberLink Media Suite (Version: 8.0.2808 - CyberLink Corp.) Hidden
LG CyberLink PowerBackup (HKLM\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.6023 - CyberLink Corp.)
LG CyberLink YouCam (Version: 2.0.3718 - CyberLink Corp.) Hidden
LG ODD Auto Firmware Update (HKLM\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
LightScribe  1.4.62.1 (Version: 1.4.62.1 - hxxp://www.lightscribe.com) Hidden
LP_Flash (Version: 1.00.0000 - Hewlett-Packard) Hidden
Map Button (Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation) Hidden
MarketResearch (Version: 45.4.158.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB953295) (HKLM\...\KB953295) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM\...\KB979904) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Picture It! Express 7.0 (HKLM\...\{369B36BE-3D64-4641-9AEA-808D436FE130}) (Version: 7.0.0.0000 - Microsoft Corporation)
Microsoft Plus! Digital Media Edition (HKLM\...\{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}) (Version: 1.1.0.2423 - Microsoft Corporation)
Microsoft Plus! Digital Media Edition Installer (HKLM\...\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}) (Version: 1.1.0.3500 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
MSN (HKLM\...\MSNINST) (Version:  - )
MSN Music Assistant (HKLM\...\MSN Music Assistant) (Version:  - )
MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
muvee autoProducer 3.5 magicMoments - HPD (HKLM\...\{B103C8A7-D1CC-4B1A-BD41-883F652E097D}) (Version: 3.50.151 - muvee Technologies)
muvee autoProducer unPlugged - HPD (HKLM\...\{D8E4A88B-E35A-4F3B-AB60-42E7DB0EC765}) (Version: 1.0.000 - muvee Technologies)
MyFonts Order M3653804 (HKLM\...\{D5091BF6-A839-E388-A6F0-09F79D5CE6E7}) (Version: 1.0 - MyFonts.com, Inc.)
Netflix Movie Viewer (HKLM\...\{BCE72AED-3332-4863-9567-C5DCB9052CA2}) (Version: 1.2.211 - Netflix)
nik Color Efex Pro 2.0 IE (HKLM\...\nik Color Efex Pro 2.0 IE) (Version:  - )
Otto (HKLM\...\B3EE3001-DC24-4cd1-8743-5692C716659F) (Version:  - )
PanoStandAlone (Version: 60.0.155.000 - Hewlett-Packard) Hidden
PC-Doctor for Windows (HKLM\...\InstallShield_{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}) (Version: 1.06.002 - PC-Doctor, Inc.)
PC-Doctor for Windows (Version: 1.06.002 - PC-Doctor, Inc.) Hidden
PhotoGallery (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Photosmart 320,370,7400,8100,8400 Series (HKLM\...\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}) (Version: 2.0 - HP)
PrintScreen (Version: 43.1.5.000 - Hewlett-Packard) Hidden
ProductContext (Version: 47.0.1.000 - Hewlett-Packard) Hidden
PS2 (HKLM\...\PS2) (Version:  - )
PSPrinters06 (Version: 1.00.0000 - HP) Hidden
Python 2.2 combined Win32 extensions (HKLM\...\Python 2.2 combined Win32 extensions) (Version:  - )
Python 2.2.1 (HKLM\...\Python 2.2.1) (Version: 2.2.1 - PythonLabs at Zope Corporation)
QuickProjects (Version: 43.1.5.000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
RandMap (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Readme (Version: 47.0.1.000 - Hewlett-Packard) Hidden
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Rhapsody Player Engine (HKLM\...\{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}) (Version: 1.1.0 - RealNetworks)
Scan (Version: 4.5.0.0 - Hewlett-Packard) Hidden
ScannerCopy (Version: 4.5.0.0 - Hewlett-Packard) Hidden
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
SkinsHP1 (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Smart Menus (Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation) Hidden
SolutionCenter (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Sonic Audio Module (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 1.5.0 - Sonic Solutions)
Sonic CinePlayer (HKLM\...\{26792CA7-D87A-4DBE-896B-C2F66B344511}) (Version: 2.0.0 - Sonic Solutions)
Sonic Copy Module (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 1.5.0 - Sonic Solutions)
Sonic Data Module (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 1.5.0 - Sonic Solutions)
Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.95 - Sonic Solutions)
Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions)
Sonic Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 1.0.0 - Sonic Solutions)
Sonic MyDVD Studio Deluxe (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.0 - Sonic Solutions)
Sonic RecordNow! (HKLM\...\{9541FED0-327F-4DF0-8B96-EF57EF622F19}) (Version: 7.22 - Hewlett-Packard)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Sonic_PrimoSDK (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spotify (HKU\S-1-5-21-2502786744-1622484038-505356971-1008\...\Spotify) (Version: 1.0.20.94.g8f8543b3 - Spotify AB)
SpySubtract (HKLM\...\SpySubtract) (Version:  - interMute, Inc.)
Status (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Steinberg Cubase VST (HKLM\...\Steinberg Cubase VST) (Version:  - )
Steinberg Halion (HKLM\...\Steinberg Halion) (Version:  - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tablet (HKLM\...\Tablet Driver) (Version:  - Wacom Technology Corp.)
The Font Thing (HKLM\...\The Font Thing) (Version:  - )
Tomb Raider III (HKLM\...\Tomb Raider III) (Version:  - )
TrayApp (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Universal Media Player (HKLM\...\Universal Media Player) (Version:  - )
Unload (Version: 6.1.0 - Hewlett-Packard) Hidden
Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version:  - Microsoft Corporation)
USBFast (HKLM\...\{AED142A8-96EA-42DE-B212-60BFC98D6CC7}) (Version: 1.3.0.23 - Prolific Technology Inc.)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{10A44844-4465-456E-8C97-80BDD4F68845}) (Version: 6.500.3146.0 - Microsoft Corporation)
Windows Live OneCare safety scanner (HKLM\...\Windows Live OneCare safety scanner) (Version:  - )
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB925766 (HKLM\...\KB925766) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version:  - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
Yahoo! Search Protection (HKLM\...\Yahoo! Search Defender) (Version:  - ) <==== ATTENTION
Yahoo! SiteBuilder (HKLM\...\Yahoo! SiteBuilder) (Version: 2.2.0 - )
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{0C378864-D5C4-4D9C-854C-432E3BEC9CCB}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{152F97BA-E8EA-4FDC-B9BB-32589B6AD4F0}\localserver32 -> F:\__CDS.exe => No File
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{17E67D4A-23A1-40D8-A049-EE34C0AF756A}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{294E9835-D0F1-4815-8C52-3C08FBB1403E}\InprocServer32 -> C:\Program Files\Hp\Common\RulesEngine.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{36385AE6-F389-41E3-97DF-7412F61418F8}\InprocServer32 -> C:\Program Files\Hp\Common\InternetUtil.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{42C68651-1700-4750-A81F-A1F5110E0F66}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{4774922A-8983-4ECC-94FD-7235F06F53A1}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{59B15028-399E-4B6D-A5F3-A8D7BFE17E1B}\InprocServer32 -> C:\Program Files\Hp\Common\HPeSupport.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{5A494E87-262C-4340-A539-2FAC0A85D935}\InprocServer32 -> C:\Program Files\Hp\Common\RulesEngine.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{5E6F22B3-7DF6-4C64-8AD0-1A6CC1351085}\InprocServer32 -> C:\Program Files\Hp\Common\HPScripting.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{60178279-6D62-43AF-A336-77925651A4C6}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{63B3EC14-9F70-4129-B935-46EFB37013E8}\InprocServer32 -> C:\Program Files\Hp\Common\HPeSupport.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{6470DE80-1635-4B5D-93A3-3701CE148A79}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{684E4896-6EFC-4A3D-B967-6105894A6796}\InprocServer32 -> C:\Program Files\Hp\Common\RulesEngine.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{6D84BC07-7979-4E59-9589-17E1E5A8FF55}\InprocServer32 -> C:\Program Files\Hp\Common\InternetUtil.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{784F2933-6BDD-4E5F-B1BA-A8D99B603649}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{7CB9D4F5-C492-42A4-93B1-3F7D6946470D}\InprocServer32 -> C:\Program Files\Hp\Common\RulesEngine.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{7DB9052D-4CDD-45F7-9EDF-8FE44F19678B}\InprocServer32 -> C:\Program Files\Hp\Common\InternetUtil.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{910E7ADE-7F75-402D-A4A6-BB1A82362FCA}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{93441C07-E57E-4086-B912-F323D741A9D8}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{9986CC36-7FA8-4E9A-ADE1-E197FCC5484B}\InprocServer32 -> C:\Program Files\Hp\Common\RulesEngine.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{A95845D8-8463-4605-B5FB-4F8CFBAC5C47}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{AB049B11-607B-46C8-BBF7-F4D6AF301046}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{AB237044-8A3B-42BB-9EE1-9BFA6721D9ED}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{B00FBC78-73CB-4216-8D01-96770CC020C3}\InprocServer32 -> C:\Program Files\HP\HP Software Update\HpuFunction.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{B5201019-B9A8-411C-A7AC-CEA856A63C00}\InprocServer32 -> C:\Program Files\Hp\Common\HPScripting.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{B9C13CD0-5A97-4C6B-8A50-7638020E2462}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{BC2971B9-2A4F-44C8-8D7F-04E027544828}\InprocServer32 -> C:\Program Files\Hp\Common\HPScripting.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{BC31D83D-B1F3-4B73-A8BF-6FE416AA8F85}\InprocServer32 -> C:\Program Files\HP\HP Software Update\HpuFunction.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{BE65189A-4770-47A0-9B7B-68827DB1C317}\InprocServer32 -> C:\Program Files\Hp\Common\RulesEngine.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{BF931895-AF82-467A-8819-917C6EE2D1F3}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{C70D0641-DDE1-4FD7-A4D4-DA187B80741D}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{C94188F6-0F9F-46B3-8B78-D71907BD8B77}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{CDAF9CEC-F3EC-4B22-ABA3-9726713560F8}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{CF6866F9-B67C-4B24-9957-F91E91E788DC}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{DC4F9DA0-DB05-4BB0-8FB2-03A80FE98772}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{DE233AFF-8BD5-457E-B7F0-702DBEA5A828}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{DF1F1C17-6A29-45FB-A3C6-9825908E062E}\InprocServer32 -> C:\Program Files\Hp\Common\RulesEngine.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{E12DA4F2-BDFB-4EAD-B12F-2725251FA6B0}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{EA084E0F-B62E-406E-B672-CE909626918B}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\HPBasicDetection3.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{FA9C5110-071C-4964-9DD0-610806FF0F81}\InprocServer32 -> C:\Program Files\HP\Common\HPDeviceDetection.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_18_0_0_203_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfea75db495c48.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cffee44fc023e1.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d043201b8e31a4.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0912e766d841a.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0bf3fe6c9cf71.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0e35da3dd052.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0ef69a6406cc5.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d130b32902c382.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d15dd9c1134ab0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2502786744-1622484038-505356971-1008.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2502786744-1622484038-505356971-1008.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2502786744-1622484038-505356971-1008.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2502786744-1622484038-505356971-1008.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2502786744-1622484038-505356971-1008.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2502786744-1622484038-505356971-1008.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2502786744-1622484038-505356971-1008.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{8FE3CB99-92E6-4DAE-A627-DA855E22B17F}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-6016B75E508}.job => E:\. I right clicked on properties for both the CD-ROM  and the DVD-RW drives to make sure the settings are correct for opening the drive when a disc is inserted. I have the autoplay set to prompt me each time to chose an action but the CD drive never opens when the disc is inserted. I have changed both settings to Select an action to perform, and that is set to play through my Windows Media player, but nothing happens. I have to open the disc up by clicking on the drive and opening it up manually. The strange thing is, I can copy the files by using my RecordNow software by Roxio. I would prefer the disc to open up when I insert it into the drive. I am wondering if there is any infection in my computer that may be switching my settings and/or functions causing my machine to act this way.

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Yahoo!\SiteBuilder\SiteBuilder.lnk -> C:\Program Files\Yahoo SiteBuilder\ysitebuilder.bat ()
Shortcut: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Yahoo!\SiteBuilder\Update SiteBuilder.lnk -> C:\Program Files\Yahoo SiteBuilder\update.bat ()

ShortcutWithArgument: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Yahoo!\Yahoo! SiteBuilder2.6-J.lnk -> C:\Program Files\Java\jre7\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://sitebuilder.yahoo.com/sitebuilder/webstart/sitebuilder.jnlp "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\57\26ab71b9-5c632978"
ShortcutWithArgument: C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AT&T Yahoo! Mail.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~1\Yahoo!\Common\Ymmapi.dll,OpenURL hxxp://mail.yahoo.com/?.redir=ymmapi10
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Hot Deals\Adobe Store.lnk -> C:\hp\VINETLINK\VINETLINK.exe () -> "www.hp.com/go/adobespring05"
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Hot Deals\Keep Media.lnk -> C:\hp\VINETLINK\VINETLINK.exe () -> "www.hp.com/go/keepspring05"
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Hot Deals\NetSmartz.lnk -> C:\hp\VINETLINK\VINETLINK.exe () -> "www.hp.com/go/smartzspring05"
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Hot Deals\Online File Sharing.lnk -> C:\hp\VINETLINK\VINETLINK.exe () -> "www.hp.com/go/filesharespring05"

==================== Loaded Modules (Whitelisted) ==============

2015-07-09 00:18 - 2015-07-09 00:18 - 00794920 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\kpcengine.2.3.dll
2007-06-05 13:20 - 2007-06-05 13:20 - 00177704 _____ () C:\WINDOWS\system32\PSIService.exe
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2004-11-26 01:58 - 2013-01-01 23:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\zip.exe:SummaryInformation [43]
AlternateDataStreams: C:\WINDOWS\zip.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 [115]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 [104]
AlternateDataStreams: C:\Documents and Settings\HP_Administrator\fix.reg:SummaryInformation [43]
AlternateDataStreams: C:\Documents and Settings\HP_Administrator\fix.reg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Documents and Settings\HP_Administrator\Desktop\WacomTablet_496-8.exe:SummaryInformation [43]
AlternateDataStreams: C:\Documents and Settings\HP_Administrator\Desktop\WacomTablet_496-8.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSI_SVC_2 => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7881 more sites.

IE restricted site: HKU\S-1-5-19\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-19\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-19\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-19\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-19\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-19\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-19\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-19\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-19\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-19\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-19\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-19\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-19\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-19\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-19\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-19\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-19\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-19\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-19\...\171203.com -> 171203.com
IE restricted site: HKU\S-1-5-19\...\1800searchonline.com -> www.1800searchonline.com

There are 4172 more sites.

IE restricted site: HKU\S-1-5-20\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-20\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-20\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-20\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-20\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-20\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-20\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-20\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-20\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-20\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-20\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-20\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-20\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-20\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-20\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-20\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-20\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-20\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-20\...\171203.com -> 171203.com
IE restricted site: HKU\S-1-5-20\...\1800searchonline.com -> www.1800searchonline.com

There are 4172 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-11-05 00:24 - 2014-01-29 22:10 - 00449956 ____N C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15461 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2502786744-1622484038-505356971-1008\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.254
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnkStartup
MSCONFIG\startupreg: Adobe Photo Downloader => "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: Driver Mender => C:\Program Files\Driver Mender\Driver Mender\DriverMender.exe /applicationMode:systemTray /showWelcome:false
MSCONFIG\startupreg: ehTray => C:\WINDOWS\ehome\ehtray.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPConnectionsXP c5abd8b1-0f62-43f4-a9b8-938e04bb517e => C:\Program Files\Hewlett-Packard\HP Connections XP\HPConnectionsXP.exe
MSCONFIG\startupreg: HPHmon06 => C:\WINDOWS\system32\hphmon06.exe
MSCONFIG\startupreg: HPHUPD06 => "c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe"
MSCONFIG\startupreg: IPInSightMonitor 01 => "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LGODDFU => "C:\Program Files\lg_fwupdate\lgfw.exe" blrun
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: Search Protection => C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "C:\program files\real\realplayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: Uploader => C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
MSCONFIG\startupreg: VeohPlugin => "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
MSCONFIG\startupreg: Yahoo! Pager => C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
MSCONFIG\startupreg: YBrowser => C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
MSCONFIG\startupreg: YSearchProtection => "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [%ProgramFiles%\iTunes\iTunes.exe] => enabled:iTunes
DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe] => Enabled:AOL
DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe] => Enabled:AOL
DomainProfile\AuthorizedApplications: [C:\Program Files\America Online 9.0\waol.exe] => Enabled:America Online 9.0
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\livecall.exe] => Enabled:Windows Live Messenger (Phone)
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dpvsetup.exe] => Enabled:Microsoft DirectPlay Voice Test
StandardProfile\AuthorizedApplications: [C:\Program Files\interMute\SpySubtract\SpySub.exe] => Enabled:SpySubtract
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Software Update\HPWUCli.exe] => Enabled:HP Software Update Client
StandardProfile\AuthorizedApplications: [C:\Program Files\Real\RealPlayer\realplay.exe] => Enabled:RealPlayer
StandardProfile\AuthorizedApplications: [C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe] => Disabled:Adobe Photoshop Elements Media Server
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Google Earth\client\googleearth.exe] => Enabled:Google Earth
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Google Earth\plugin\geplugin.exe] => Enabled:Google Earth
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Program Files\Veoh Networks\VeohWebPlayer\VeohWebPlayer.exe] => Enabled:Veoh Web Player
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\sessmgr.exe] => Disabled:@xpsp2res.dll,-22019
StandardProfile\AuthorizedApplications: [C:\Program Files\NetMeeting\conf.exe] => Disabled:Windows® NetMeeting®
StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\yserver.exe] => Disabled:Yahoo! FT Server
StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YPAGER.EXE] => Disabled:Yahoo! Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe] => Enabled:Kaspersky Anti-Virus
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\HP_Administrator\Application Data\Spotify\Spotify.exe] => Enabled:Spotify
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [8888:TCP] => Enabled:BiuHTTP

==================== Restore Points =========================

04-02-2016 23:29:56 System Checkpoint
06-02-2016 09:39:28 System Checkpoint
08-02-2016 11:37:41 System Checkpoint
09-02-2016 15:48:43 System Checkpoint
09-02-2016 18:26:04 Software Distribution Service 3.0
11-02-2016 16:32:25 System Checkpoint
12-02-2016 16:48:46 System Checkpoint
13-02-2016 17:32:25 System Checkpoint
14-02-2016 18:40:30 System Checkpoint
15-02-2016 23:38:45 System Checkpoint
17-02-2016 08:46:36 System Checkpoint
18-02-2016 18:16:22 System Checkpoint
20-02-2016 11:02:27 System Checkpoint
22-02-2016 11:12:20 System Checkpoint
23-02-2016 12:31:21 System Checkpoint
25-02-2016 02:56:00 System Checkpoint
26-02-2016 20:07:45 System Checkpoint
28-02-2016 10:11:57 System Checkpoint
29-02-2016 22:47:44 System Checkpoint
01-03-2016 19:14:16 First Restore Point
03-03-2016 11:14:47 System Checkpoint
05-03-2016 12:09:03 System Checkpoint
06-03-2016 23:50:31 System Checkpoint
08-03-2016 10:49:31 System Checkpoint
09-03-2016 09:00:17 Software Distribution Service 3.0
10-03-2016 14:20:36 System Checkpoint
12-03-2016 08:46:34 System Checkpoint
14-03-2016 12:33:52 System Checkpoint
15-03-2016 16:19:26 System Checkpoint
17-03-2016 23:03:24 System Checkpoint
19-03-2016 17:18:44 System Checkpoint
21-03-2016 00:03:18 System Checkpoint
22-03-2016 09:45:50 System Checkpoint
24-03-2016 00:03:18 System Checkpoint
25-03-2016 16:18:50 System Checkpoint
29-03-2016 10:12:48 System Checkpoint
30-03-2016 18:44:28 System Checkpoint
01-04-2016 11:14:36 System Checkpoint
02-04-2016 14:40:27 System Checkpoint
03-04-2016 20:59:43 System Checkpoint
05-04-2016 05:56:54 System Checkpoint
06-04-2016 21:44:40 System Checkpoint
08-04-2016 01:24:46 System Checkpoint
10-04-2016 23:01:54 System Checkpoint
12-04-2016 04:40:13 System Checkpoint
12-04-2016 18:32:56 Software Distribution Service 3.0
14-04-2016 18:29:06 System Checkpoint
15-04-2016 21:08:25 System Checkpoint
18-04-2016 06:00:39 System Checkpoint
19-04-2016 11:25:42 System Checkpoint
20-04-2016 16:55:22 System Checkpoint
22-04-2016 16:13:59 System Checkpoint
24-04-2016 07:09:13 System Checkpoint
25-04-2016 18:55:46 System Checkpoint
27-04-2016 00:48:47 System Checkpoint
28-04-2016 13:06:44 System Checkpoint
29-04-2016 18:57:28 System Checkpoint
30-04-2016 13:00:55 Restore Operation
01-05-2016 23:09:48 System Checkpoint
03-05-2016 01:23:52 System Checkpoint
04-05-2016 12:16:35 System Checkpoint
06-05-2016 09:10:05 System Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/03/2016 02:53:19 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (05/03/2016 03:08:05 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040206.

Error: (05/03/2016 03:08:05 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 800706BF from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.

Error: (04/27/2016 12:02:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 45.0.2.5941, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/26/2016 05:19:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 45.0.2.5941, faulting module mozglue.dll, version 45.0.2.5941, fault address 0x0000ec22.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (04/21/2016 05:06:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application realconverter.exe, version 16.0.3.51, faulting module unknown, version 0.0.0.0, fault address 0x485c7367.
Processing media-specific event for [realconverter.exe!ws!]

Error: (04/18/2016 06:39:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 45.0.2.5941, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/09/2016 01:06:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 45.0.1.5918, faulting module mozglue.dll, version 45.0.1.5918, fault address 0x0000f0ea.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (03/25/2016 04:54:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 45.0.1.5918, faulting module mozglue.dll, version 45.0.1.5918, fault address 0x0000f0ea.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (03/10/2016 04:09:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 44.0.2.5884, faulting module mozglue.dll, version 44.0.2.5884, fault address 0x0000ed3b.
Processing media-specific event for [plugin-container.exe!ws!]


System errors:
=============
Error: (05/06/2016 09:58:41 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Active File Monitor V4 service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/06/2016 09:58:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Pml Driver HPZ12 service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/06/2016 08:50:41 AM) (Source: Windows Update Agent) (EventID: 16) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (05/04/2016 12:27:25 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (05/04/2016 12:43:59 AM) (Source: WPDMTPDriver) (EventID: 15300) (User: )
Description: MTP WPD Driver has failed to start. Error 0x8007001f.

Error: (05/04/2016 12:43:51 AM) (Source: WPDMTPDriver) (EventID: 15300) (User: )
Description: MTP WPD Driver has failed to start. Error 0x8007001f.

Error: (05/04/2016 12:43:44 AM) (Source: WPDMTPDriver) (EventID: 15300) (User: )
Description: MTP WPD Driver has failed to start. Error 0x8007001f.

Error: (05/03/2016 10:46:28 PM) (Source: Windows Update Agent) (EventID: 16) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (05/03/2016 03:30:35 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (05/03/2016 03:25:56 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}


==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 3.00GHz
Percentage of memory in use: 53%
Total physical RAM: 2047.29 MB
Available physical RAM: 948.31 MB
Total Virtual: 3388.63 MB
Available Virtual: 2323.48 MB

==================== Drives ================================

Drive c: (HP_PAVILION) (Fixed) (Total:226.12 GB) (Free:59.79 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (HP_RECOVERY) (Fixed) (Total:6.74 GB) (Free:0.67 GB) FAT32 ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 5FE34B69)
Partition 1: (Not Active) - (Size=6.8 GB) - (Type=0B)
Partition 2: (Active) - (Size=226.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:29 PM

Posted 06 May 2016 - 06:13 PM

Hello Goldwood and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
 
Please Uninstall:
Yahoo! Search Protection
Yahoo! SiteBuilder
Yahoo! Software Update

And PC restart now.

=========================================================================

Step 1:

Scan with Zemana AntiMalware Free:

  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program .
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Scan type > Smart scan (Default)
  • Close all open files, folders and browsers
  • Click scan now ''Run as Administrator'' and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.
  • Please PC restart now.

Step 2:

 FRST Script:

Close all open files,folders and browsers.

 Please download this attached Attached File  Fixlist.txt   16.88KB   11 downloads  and save it in the same directory as FRST

  • Close any open browsers or any other programs that are open
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 3:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan then Clean / Delete.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 4:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 Goldwood

Goldwood
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:29 AM

Posted 09 May 2016 - 03:09 AM

Zemana scan:

 

Zemana AntiMalware 2.20.179.613 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/5/8
Operating System       : Windows XP 32-bit
Processor              : 2X  Intel® Pentium® 4 CPU 3.00GHz
BIOS Mode              : Legacy
CUID                   : 0021B1E4E4C8904B36A4E0
Scan Type              : Smart Scan
Duration               : 4m 38s
Scanned Objects        : 11099
Detected Objects       : 0
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : ON
Detect All Extensions  : OFF
Scan Documents         : OFF
Domain Info            : MSHOME,0,2

Detected Objects
-------------------------------------------------------

There are no detected objects
 



#4 Goldwood

Goldwood
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:29 AM

Posted 09 May 2016 - 03:18 AM

FRST scan:

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-05-2016
Ran by HP_Administrator (administrator) on NAKAMI (08-05-2016 23:40:55)
Running from C:\Documents and Settings\HP_Administrator\Desktop
Loaded Profiles: HP_Administrator (Available Profiles: HP_Administrator & Administrator & Guest)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\system32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\WINDOWS\system32\imapi.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
() C:\WINDOWS\system32\PSIService.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
(Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe
(Sonic Solutions) C:\WINDOWS\system32\dla\tfswctrl.exe
(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
(RealTek Semicoductor Corp.) C:\WINDOWS\ALCWZRD.EXE
(Agere Systems) C:\WINDOWS\AGRSMMSG.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Zemana Ltd.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Zemana Ltd.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Zemana Ltd.) C:\Program Files\Zemana AntiMalware\ZAM.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [86016 2005-09-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Recguard] => C:\WINDOWS\SMINST\RECGUARD.EXE [233472 2004-04-14] ()
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [LSBWatcher] => c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [253952 2005-05-10] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] => C:\HP\KBD\KBD.EXE [61440 2005-02-02] (Hewlett-Packard Company)
HKLM\...\Run: [hpsysdrv] => c:\windows\system\hpsysdrv.exe [52736 1998-05-07] (Hewlett-Packard Company)
HKLM\...\Run: [dla] => C:\WINDOWS\system32\dla\tfswctrl.exe [122939 2004-08-03] (Sonic Solutions)
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2004-09-09] (ATI Technologies, Inc.)
HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2807808 2005-09-21] (RealTek Semicoductor Corp.)
HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88209 2005-03-04] (Agere Systems)
HKLM\...\Run: [UpdatePSTShortCut] => "C:\Program Files\CyberLink\Media Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Media Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [UpdateLBPShortCut] => "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
HKLM\...\Run: [UCam_Menu] => "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
HKLM\...\Run: [UpdateP2GoShortCut] => "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\7.0"
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [295512 2014-06-24] (RealNetworks, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [13317960 2016-04-27] (Zemana Ltd.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2004-09-10] (ATI Technologies Inc.)
Winlogon\Notify\GoToAssist Express Customer:
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20] (Intel Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-2502786744-1622484038-505356971-1008\...\Run: [Spotify Web Helper] => C:\Documents and Settings\HP_Administrator\Application Data\Spotify\SpotifyWebHelper.exe [2346096 2016-01-06] (Spotify Ltd)
HKU\S-1-5-21-2502786744-1622484038-505356971-1008\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [204288 2006-10-18] (Microsoft Corporation)
HKU\S-1-5-21-2502786744-1622484038-505356971-1008\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\space.scr [7093760 2004-08-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoTBar.exe [2003-09-30] (Hewlett-Packard)
BootExecute: autocheck autochk * SsiEfr.e

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2011-04-06] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{851C140C-E6EC-4521-B00A-3B6B83A56BF6}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> {B69C22F5-7773-4177-89FF-61BFB58E2445} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MS8TDF&pc=MS8TDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> {F39FCA2F-421E-42AE-B7EE-5F038CE7DD7B} URL =
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn22\yt.dll => No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: No Name -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -> __BHODemonDisabled => No File
BHO: Yahoo! IE Services Button -> {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -> C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll => No File
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\system32\dla\tfswshx.dll [2004-08-03] (Sonic Solutions)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30] (Microsoft Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll => No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-11-27] (AO Kaspersky Lab)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
BHO: SidebarAutoLaunch Class -> {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} -> C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll [2005-02-03] (Yahoo! Inc.)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn17\YTSingleInstance.dll [2010-03-23] (Yahoo! Inc)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn22\yt.dll No File
Toolbar: HKLM - HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [2003-11-21] (Hewlett-Packard Company)
Toolbar: HKLM - Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll No File
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-11-27] (AO Kaspersky Lab)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [2003-11-21] (Hewlett-Packard Company)
Toolbar: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
Toolbar: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn22\yt.dll No File
Toolbar: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> No Name - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -  No File
Toolbar: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -  No File
Toolbar: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} -  No File
Toolbar: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} hxxp://download.microsoft.com/download/7/0/7/707a44ad-52ad-49af-b7ef-e21b6b0656e4/VirtualEarth3D.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94}
DPF: {15B782AF-55D8-11D1-B477-006097098764} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} hxxp://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {49232000-16E4-426C-A231-62846947304B} hxxp://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://by135w.bay135.mail.live.com/mail/resources/MsnPUpld.cab
DPF: {55027008-315F-4F45-BBC3-8BE119764741} hxxp://static.slide.com/uploader/SlideImageUploader.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll
DPF: {A526A2C7-723E-4081-BF70-A7A9913E8C4A} hxxp://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} hxxp://download.yahoo.com/dl/installs/yab_af.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} hxxp://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} hxxp://download.abacast.com/download/files/abasetup163.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} hxxp://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} hxxp://by103fd.bay103.hotmail.msn.com/activex/HMAtchmt.ocx
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

FireFox:
========
FF ProfilePath: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\qpxq73t5.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: about:home
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_197.dll [No File]
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-06-07] ()
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll [No File]
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin: @meadco.com/neptune plugin,version=2.0.0.29 -> C:\PROGRA~1\MEADCO~1\npmeadax.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=2.5 -> C:\Program Files\Virtual Earth 3D\ [] ()
FF Plugin: @microsoft.com/VirtualEarth3D,version=3.0 -> C:\Program Files\Virtual Earth 3D\ [] ()
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\ATT\8.4.1.12\ma\bin\npMotive.dll [No File]
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2014-06-24] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-08-05] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-08-05] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2014-06-24] (RealPlayer)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.1 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll [2007-09-18] (RealNetworks, Inc.)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @yverinfo.yahoo.com/YahooVersionInfoPlugin;version=1.0.0.1 -> C:\Program Files\Yahoo!\Shared\npYVerInfo.dll [No File]
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll [No File]
FF Plugin HKU\S-1-5-21-2502786744-1622484038-505356971-1008: @tools.google.com/Google Update;version=2 -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.2.121.9\npGoogleOneClick.dll [No File]
FF Plugin HKU\S-1-5-21-2502786744-1622484038-505356971-1008: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2009-11-30] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2502786744-1622484038-505356971-1008: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll [2012-07-24] (Amazon.com, Inc.)
FF user.js: detected! => C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\qpxq73t5.default\user.js [2015-06-12]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2009-09-25] (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2014-06-24] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-09-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-09-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-09-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-09-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-09-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2014-06-24] (RealPlayer)
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-26] [not signed]
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-06-24] [not signed]
FF Extension: Kaspersky Protection - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox [2016-03-01]
FF Extension: YouTube Video and Audio Downloader - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\qpxq73t5.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2016-05-06]
FF Extension: Media Converter and Muxer - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\qpxq73t5.default\Extensions\jid1-kps5PrGBNtzSLQ@jetpack.xpi [2016-04-10]
FF Extension: Yahoo! Toolbar - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\qpxq73t5.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2) [2014-09-13] [not signed]
FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2016-05-06] [not signed]
FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2016-05-06] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-09-11] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-08-05] [not signed]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox
FF HKLM\...\Thunderbird\Extensions: [{eea12ec4-729d-4703-bc37-106ce9879ce2}] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt => not found
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2011-06-09]

Chrome:
=======
CHR Profile: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Beatlab) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alnfdikmbdfgkcbdodjcbmedanjinmkk [2015-04-21]
CHR Extension: (Kaspersky Protection) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2015-10-30]
CHR Extension: (RealDownloader) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-09-16]
CHR Extension: (Until AM for Chrome) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mjafmkicbmhcbapadecadciafbkecofl [2014-10-27]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeActiveFileMonitor4.0; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [102400 2005-09-09] () [File not signed]
S2 AVP16.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe [194000 2015-11-27] (Kaspersky Lab ZAO)
S2 gupdate1c9c9d71833ca6e; C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-13] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-07-25] (Oracle Corporation)
R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2005-12-18] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S4 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
S2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2006-03-02] (HP) [File not signed]
R2 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [177704 2007-06-05] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 SMTPSVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-13] (Microsoft Corporation)
S4 TabletService; C:\WINDOWS\system32\Tablet.exe [942080 2006-08-30] (Wacom Technology, Corp.) [File not signed]
R2 W3SVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-13] (Microsoft Corporation)
S4 YPCService; C:\WINDOWS\system32\YPCSER~1.EXE [86016 2003-05-19] (Yahoo! Inc.) [File not signed]
R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [13317960 2016-04-27] (Zemana Ltd.) [File not signed]
S4 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BCMNTIO; C:\Program Files\CheckIt\Diagnostics\BCMNTIO.SYS [3744 2004-03-05] () [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 Cinemsup; C:\WINDOWS\system32\Drivers\Cinemsup.sys [6656 2003-12-19] (Sonic Solutions) [File not signed]
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [201912 2015-07-06] (Kaspersky Lab ZAO)
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [87136 2004-08-04] (Sonic Solutions) [File not signed]
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40448 2004-07-14] (Sonic Solutions) [File not signed]
R3 hcwPP2; C:\WINDOWS\System32\DRIVERS\hcwPP2.sys [185728 2007-02-06] (Hauppauge Computer Works, Inc.)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2005-10-21] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-10-21] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2005-10-21] (HP)
R3 IrBus; C:\WINDOWS\System32\DRIVERS\IrBus.sys [46848 2013-07-16] (Microsoft Corporation)
R3 Iviaspi; C:\WINDOWS\System32\drivers\iviaspi.sys [21060 2003-09-11] (InterVideo, Inc.) [File not signed]
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [153784 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [46776 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [57712 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\WINDOWS\System32\DRIVERS\kldisk.sys [66976 2016-03-01] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\System32\DRIVERS\klflt.sys [150408 2015-11-27] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\DRIVERS\klhk.sys [44216 2015-11-27] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [766360 2016-03-01] (AO Kaspersky Lab)
R3 klim5; C:\WINDOWS\System32\DRIVERS\klim5.sys [36448 2013-04-19] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\WINDOWS\System32\DRIVERS\klkbdflt.sys [36024 2015-06-04] (Kaspersky Lab ZAO)
R3 klmouflt; C:\WINDOWS\System32\DRIVERS\klmouflt.sys [37040 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [39304 2015-11-27] (AO Kaspersky Lab)
R1 kltdf; C:\WINDOWS\System32\DRIVERS\kltdf.sys [73912 2015-06-10] (Kaspersky Lab ZAO)
R1 kltdi; C:\WINDOWS\System32\DRIVERS\kltdi.sys [54328 2015-06-11] (Kaspersky Lab ZAO)
R1 kneps; C:\WINDOWS\System32\DRIVERS\kneps.sys [156856 2015-06-23] (Kaspersky Lab ZAO)
R2 MAPMEM; C:\Program Files\CheckIt\Diagnostics\MAPMEM.SYS [3904 2004-03-05] () [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2016-05-08] (Malwarebytes)
R2 MDC8021X; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [15781 2004-04-13] (Meetinghouse Data Communications) [File not signed]
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 Nsynas32; C:\WINDOWS\system32\Drivers\Nsynas32.sys [17784 2000-06-16] (Syncrosoft Hard- und Software GmbH) [File not signed]
R3 Pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2003-09-19] (Padus, Inc.) [File not signed]
S3 PLTurbo; C:\WINDOWS\System32\drivers\plturbo.sys [18048 2009-06-26] (Prolific Technology Inc.)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [46976 2002-10-04] (Realtek Semiconductor Corporation       )
R1 sdcplh; C:\WINDOWS\System32\drivers\sdcplh.sys [55168 2006-01-03] (Macrovision Europe Ltd) [File not signed]
S3 SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [229888 2004-09-29] (Silicon Integrated Systems Corporation)
R1 SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [12928 2004-09-24] (Silicon Integrated Systems Corporation)
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions) [File not signed]
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions) [File not signed]
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25723 2004-08-03] (Sonic Solutions) [File not signed]
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34843 2004-08-03] (Sonic Solutions) [File not signed]
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4123 2004-08-03] (Sonic Solutions) [File not signed]
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2239 2004-08-03] (Sonic Solutions) [File not signed]
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86138 2004-08-03] (Sonic Solutions) [File not signed]
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [14715 2004-08-03] (Sonic Solutions) [File not signed]
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6363 2004-08-03] (Sonic Solutions) [File not signed]
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98714 2004-08-03] (Sonic Solutions) [File not signed]
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100603 2004-08-03] (Sonic Solutions) [File not signed]
S3 TVICHW32; C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [23600 2009-05-06] (EnTech Taiwan) [File not signed]
R1 ZAM; C:\WINDOWS\System32\drivers\zam32.sys [179960 2016-05-08] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard32.sys [179960 2016-05-07] (Zemana Ltd.)
S3 110df677-84f6-4876-9ba3-3ff35ca08517; \??\F:\Player\cds300.dll [X]
S3 catchme; \??\C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys [X]
S3 cleanhlp; \??\C:\EEK\bin\cleanhlp32.sys [X]
S3 JL2005C; System32\Drivers\jl2005c.sys [X]
S3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [X]
S3 PLTurbh; system32\drivers\plturbh.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
U3 Winsock - Google Desktop Search Backup Before First Install; no ImagePath
U3 Winsock - Google Desktop Search Backup Before Last Install; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-08 23:40 - 2016-05-08 23:41 - 00036889 _____ C:\Documents and Settings\HP_Administrator\Desktop\FRST.txt
2016-05-08 23:39 - 2016-05-08 23:39 - 00023406 _____ C:\Documents and Settings\HP_Administrator\Desktop\Fixlog.txt
2016-05-08 23:39 - 2016-05-08 23:39 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\FRST-OlderVersion
2016-05-08 23:36 - 2016-05-08 23:36 - 00000000 ____D C:\Documents and Settings\HP_Administrator\My Documents\Frst results
2016-05-08 21:29 - 2016-05-08 21:29 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Zemana
2016-05-07 16:06 - 2016-05-07 16:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Zemana AntiMalware
2016-05-07 16:05 - 2016-05-08 23:41 - 00031260 _____ C:\WINDOWS\ZAM.krnl.trace
2016-05-07 16:05 - 2016-05-08 23:20 - 00179960 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam32.sys
2016-05-07 16:05 - 2016-05-08 21:28 - 00000119 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2016-05-07 16:05 - 2016-05-07 16:06 - 00001616 _____ C:\Documents and Settings\All Users\Desktop\Zemana AntiMalware.lnk
2016-05-07 16:05 - 2016-05-07 16:06 - 00000000 ____D C:\Program Files\Zemana AntiMalware
2016-05-07 16:05 - 2016-05-07 16:05 - 00179960 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard32.sys
2016-05-07 16:05 - 2016-05-07 16:05 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Zemana
2016-05-07 16:05 - 2016-05-07 16:05 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Zemana
2016-05-07 15:37 - 2016-05-07 15:37 - 00004231 _____ C:\Documents and Settings\HP_Administrator\My Documents\Bleeping computer help 3.txt
2016-05-07 15:36 - 2016-05-07 15:36 - 00004231 _____ C:\Documents and Settings\HP_Administrator\Desktop\Bleeping computer help.txt
2016-05-07 15:32 - 2016-05-07 15:33 - 01610816 _____ (Malwarebytes) C:\Documents and Settings\HP_Administrator\Desktop\JRT.exe
2016-05-07 15:32 - 2016-05-07 15:32 - 03615296 _____ C:\Documents and Settings\HP_Administrator\Desktop\adwcleaner_5.115.exe
2016-05-07 15:31 - 2016-05-07 15:31 - 00017289 _____ C:\Documents and Settings\HP_Administrator\Desktop\Fixlist.txt
2016-05-07 15:28 - 2016-05-07 15:28 - 05543656 _____ ( ) C:\Documents and Settings\HP_Administrator\Desktop\Zemana.AntiMalware.Setup.exe
2016-05-06 14:05 - 2016-05-08 21:56 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-05-06 14:05 - 2016-05-06 14:07 - 00000788 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-06 14:05 - 2016-05-06 14:07 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-05-06 14:05 - 2016-05-06 14:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-06 14:05 - 2016-05-06 14:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2016-05-06 14:05 - 2016-03-10 14:09 - 00123264 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-05-06 14:05 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-05-06 12:57 - 2016-05-06 12:57 - 22908888 _____ (Malwarebytes ) C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup-2.2.0.1024.exe
2016-05-06 11:14 - 2016-05-06 15:27 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-05-06 10:58 - 2016-05-08 23:40 - 00000000 ____D C:\FRST
2016-05-06 10:54 - 2016-05-08 23:39 - 01730048 _____ (Farbar) C:\Documents and Settings\HP_Administrator\Desktop\FRST.exe
2016-05-03 03:03 - 2016-05-03 03:03 - 00122880 _____ C:\WINDOWS\Minidump\Mini050316-01.dmp
2016-05-03 02:04 - 2008-02-29 00:57 - 13171256 _____ C:\Documents and Settings\HP_Administrator\My Documents\DNS1200_ENGLISH.pdf
2016-04-29 16:42 - 2016-04-29 17:59 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\LogMeIn Rescue Applet
2016-04-21 13:24 - 2016-04-21 13:24 - 00000073 _____ C:\Documents and Settings\HP_Administrator\My Documents\erotic city link.txt
2016-04-13 17:59 - 2016-04-13 17:59 - 00002949 _____ C:\Documents and Settings\HP_Administrator\My Documents\Alkalizing foods.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-08 23:41 - 2005-03-25 02:12 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Temp
2016-05-08 23:39 - 2006-03-18 22:22 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Yahoo!
2016-05-08 23:39 - 2004-11-04 17:29 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-05-08 23:36 - 2005-03-25 02:12 - 00000000 ___RD C:\Documents and Settings\HP_Administrator\My Documents
2016-05-08 23:24 - 2005-03-25 02:12 - 00000000 ____D C:\Documents and Settings\HP_Administrator
2016-05-08 23:02 - 2013-01-10 21:44 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-05-08 21:34 - 2014-10-28 15:45 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2016-05-08 21:32 - 2009-03-19 14:35 - 00000444 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{8FE3CB99-92E6-4DAE-A627-DA855E22B17F}.job
2016-05-08 21:32 - 2005-03-24 23:42 - 00000189 _____ C:\WINDOWS\system\hpsysdrv.DAT
2016-05-08 21:32 - 2004-11-05 00:25 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2016-05-08 21:28 - 2004-11-05 01:56 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-07 18:26 - 2013-10-29 03:39 - 01031214 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2502786744-1622484038-505356971-1008-0.dat
2016-05-07 18:26 - 2013-10-28 21:53 - 00235022 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2016-05-07 18:26 - 2005-03-25 02:12 - 00000178 ___SH C:\Documents and Settings\HP_Administrator\ntuser.ini
2016-05-07 18:26 - 2004-11-05 01:56 - 00032538 _____ C:\WINDOWS\SchedLgU.Txt
2016-05-07 17:51 - 2013-09-17 21:06 - 00000300 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2502786744-1622484038-505356971-1008.job
2016-05-07 17:51 - 2013-09-14 15:59 - 00000308 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2502786744-1622484038-505356971-1008.job
2016-05-07 17:44 - 2015-06-12 10:06 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-05-07 17:12 - 2005-03-25 02:12 - 00000000 ___RD C:\Documents and Settings\HP_Administrator\My Documents\My Music
2016-05-07 15:26 - 2005-03-31 12:12 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\Yahoo!
2016-05-07 15:26 - 2005-03-31 02:41 - 00000000 ____D C:\Program Files\Yahoo!
2016-05-07 15:25 - 2006-05-11 15:25 - 00000000 __RHD C:\Documents and Settings\All Users\Application Data\yahoo!
2016-05-07 15:25 - 2006-03-18 22:22 - 00000000 ____D C:\Program Files\Yahoo SiteBuilder
2016-05-07 15:11 - 2006-11-28 17:05 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2016-05-07 11:08 - 2005-04-05 00:58 - 00081920 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\ALCFDRTM.VER
2016-05-06 17:41 - 2013-08-11 10:59 - 00000330 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2502786744-1622484038-505356971-1008.job
2016-05-06 17:32 - 2013-01-14 08:19 - 00000348 _____ C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2502786744-1622484038-505356971-1008.job
2016-05-06 16:06 - 2013-04-02 20:58 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-05-06 16:05 - 2010-10-13 17:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB979687$
2016-05-06 15:13 - 2015-06-19 13:40 - 00005632 ___SH C:\Documents and Settings\HP_Administrator\Thumbs.db
2016-05-06 15:13 - 2006-05-10 18:38 - 01292078 ___SH C:\Documents and Settings\HP_Administrator\My Documents\Thumbs.db
2016-05-06 10:51 - 2014-01-15 12:27 - 00001830 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
2016-05-06 10:51 - 2014-01-15 12:27 - 00001824 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2016-05-04 12:27 - 2004-11-05 00:28 - 00000279 ___SH C:\boot.ini
2016-05-04 12:27 - 2004-11-05 00:25 - 00000678 _____ C:\WINDOWS\win.ini
2016-05-04 12:27 - 2004-11-05 00:25 - 00000300 _____ C:\WINDOWS\system.ini
2016-05-04 00:46 - 2005-03-25 02:12 - 00000000 ___RD C:\Documents and Settings\HP_Administrator\My Documents\My Pictures
2016-05-03 15:23 - 2014-08-29 14:46 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2016-05-03 15:22 - 2007-01-23 15:09 - 02928318 _____ C:\WINDOWS\ntbtlog.txt
2016-05-03 14:31 - 2007-06-10 11:10 - 00000000 ____D C:\Program Files\Hijackthis
2016-05-03 03:43 - 2015-08-09 07:35 - 00000000 ____D C:\Program Files\lg_fwupdate
2016-05-03 03:43 - 2012-07-12 01:43 - 00000338 _____ C:\WINDOWS\lgfwup.ini
2016-05-03 03:03 - 2005-05-12 13:40 - 00000000 ____D C:\WINDOWS\Minidump
2016-05-03 01:32 - 2014-10-13 19:47 - 00002443 _____ C:\Documents and Settings\HP_Administrator\Desktop\DDJ Music Manager.lnk
2016-04-30 13:02 - 2007-05-20 16:00 - 00000000 ____D C:\Documents and Settings\Guest
2016-04-30 13:02 - 2004-11-05 01:57 - 00000000 ____D C:\Documents and Settings\Administrator
2016-04-30 13:02 - 2004-11-05 01:56 - 00000000 __SHD C:\Documents and Settings\NetworkService
2016-04-30 13:02 - 2004-11-05 01:56 - 00000000 __SHD C:\Documents and Settings\LocalService
2016-04-30 13:01 - 2004-11-05 01:44 - 00000000 ____D C:\WINDOWS\Registration
2016-04-30 12:47 - 2004-11-05 01:57 - 00000178 __SHC C:\Documents and Settings\Administrator\ntuser.ini
2016-04-30 12:45 - 2010-10-18 10:01 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2016-04-29 16:42 - 2009-03-29 06:36 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Deployment
2016-04-28 17:57 - 2016-01-06 22:36 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\Spotify
2016-04-28 17:56 - 2016-01-06 22:37 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Spotify
2016-04-28 04:44 - 2012-08-05 23:55 - 00000308 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2502786744-1622484038-505356971-1008.job
2016-04-12 18:48 - 2013-07-31 09:30 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-12 18:33 - 2005-05-12 03:00 - 132539272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-10 20:44 - 2012-04-06 10:59 - 00797376 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-04-10 20:43 - 2011-05-13 08:18 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2005-04-16 00:53 - 2005-04-16 00:53 - 0000251 ____C () C:\Program Files\wt3d.ini
2014-09-25 00:54 - 2015-12-15 21:14 - 0000395 _____ () C:\Documents and Settings\HP_Administrator\Application Data\FotoSketcher.ini
2005-03-25 23:48 - 2016-04-07 20:42 - 0000196 _____ () C:\Documents and Settings\HP_Administrator\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
2006-04-11 06:45 - 2007-01-25 15:38 - 0025074 ____C () C:\Documents and Settings\HP_Administrator\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
2005-03-25 13:42 - 2008-05-18 22:39 - 0007156 ____C () C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2005-03-25 03:21 - 2015-10-14 10:58 - 0168960 _____ () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2005-03-25 02:12 - 2005-03-25 02:45 - 0000139 _____ () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
2011-11-02 13:27 - 2011-11-02 13:27 - 0017408 ____C () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\WebpageIcons.db
2004-11-05 04:15 - 2009-10-06 11:46 - 0015140 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2006-08-03 01:11 - 2007-12-29 15:17 - 0002917 ____C () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Files to move or delete:
====================
C:\Documents and Settings\HP_Administrator\fix.reg
C:\Documents and Settings\HP_Administrator\g2ax_customer_downloadhelper_win32_x86.exe


Some files in TEMP:
====================
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp20rr8d.dll
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\DseShExt-x86.dll
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\DUNZIP32.dll
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\fp_pl_pfs_installer.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jre-7u55-windows-i586-iftw.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\lowproc.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\oi_{4BF13721-0387-4DC4-8711-6F0163C5B4DD}.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pcDesktopAlertNotifierX.dll
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\rnupdate0.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\RT150809.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\SDShelEx-win32.dll
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\SHSetup.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\stubhelper.dll
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Uninstall.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================



#5 Goldwood

Goldwood
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:29 AM

Posted 09 May 2016 - 03:20 AM

FRST Addition:

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:07-05-2016
Ran by HP_Administrator (2016-05-08 23:42:21)
Running from C:\Documents and Settings\HP_Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2005-03-25 09:11:21)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2502786744-1622484038-505356971-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-2502786744-1622484038-505356971-1009 - Limited - Enabled)
Guest (S-1-5-21-2502786744-1622484038-505356971-501 - Limited - Disabled) => %SystemDrive%\Documents and Settings\Guest
HelpAssistant (S-1-5-21-2502786744-1622484038-505356971-1007 - Limited - Disabled)
HP_Administrator (S-1-5-21-2502786744-1622484038-505356971-1008 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\HP_Administrator
IUSR_NAKAMI (S-1-5-21-2502786744-1622484038-505356971-1011 - Limited - Enabled)
IWAM_NAKAMI (S-1-5-21-2502786744-1622484038-505356971-1012 - Limited - Enabled)
SUPPORT_388945a0 (S-1-5-21-2502786744-1622484038-505356971-1002 - Limited - Disabled)
SUPPORT_fddfa904 (S-1-5-21-2502786744-1622484038-505356971-1006 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Anti-Virus (Disabled - Up to date) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus (Disabled) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1600 (Version: 47.0.1.000 - Hewlett-Packard) Hidden
1600_Help (Version: 47.0.1.000 - Hewlett-Packard) Hidden
1600Trb (Version: 47.0.1.000 - Hewlett-Packard) Hidden
Abacast Client (HKLM\...\Abacast Client) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Photoshop Elements 4.0 (HKLM\...\Adobe Photoshop Elements 4) (Version: 4.0 - Adobe Systems Inc.)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Adobe® Photoshop® Album Starter Edition 3.0 (HKLM\...\{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}) (Version: 3.0.1 - Adobe Systems, Inc.)
Adobe® Photoshop® Album Starter Edition 3.0.1 (HKLM\...\{C9618743-1A5C-461E-91C4-E013A3D70F3C}) (Version: 3.0.1 - Adobe Systems, Inc.)
Agere Systems PCI Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - )
AiO_Scan (Version: 47.0.1.000 - Hewlett-Packard) Hidden
AiOSoftware (Version: 47.0.1.000 - Hewlett-Packard) Hidden
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C23CD6DA-1958-43A5-ADD0-59396572E02E}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArtRage 2 (HKLM\...\{12766F00-807F-4978-8D24-FDD0A3D60EE4}) (Version: 2.6.0 - Ambient Design)
ArtRage 2.2 (HKLM\...\ArtRage_is1) (Version:  - Ambient Design Ltd)
ArtRage Studio (HKLM\...\{DAE9A7CF-8619-482A-82CA-6D7F5D400239}) (Version: 3.5.5 - Ambient Design)
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5125 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.06-040909a-018560C-HP - )
AXIS Media Control Embedded (HKLM\...\AXIS Media Control Embedded) (Version:  - )
Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{C2E4B5BD-32DB-4817-A060-341AB17C3F90}) (Version: 2.0.5.0 - Apple Inc.)
BufferChm (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CheckIt  Diagnostics (HKLM\...\CheckIt  Diagnostics) (Version: 7.1 - Smith Micro Software, Inc.)
Copy (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CP_AtenaShokunin1Config (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CP_CalendarTemplates1 (Version: 60.0.155.000 - Hewlett-Packard) Hidden
cp_dwShrek2Albums1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
cp_dwShrek2Cards1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
cp_OnlineProjectsConfig (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CP_Package_Basic1 (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CP_Panorama1Config (Version: 60.0.155.000 - Hewlett-Packard) Hidden
cp_PosterPrintConfig (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CreativeProjects (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CreativeProjectsTemplates (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
CueTour (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Dassault Systemes Software Prerequisites x86 (HKLM\...\{42C4AFF5-EFAA-433B-9DED-076FF8B0B833}) (Version: 8.1.2 - Dassault Systemes)
DDJMMAN (HKLM\...\{4DC44CCC-3248-44D7-A655-E13FEE6F5FB9}) (Version: 1.2.3 - DENON_DJ)
Destinations (Version: 60.0.155.000 - Hewlett-Packard) Hidden
DeviceFunctionQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DocProc (Version: 4.5.0.0 - Hewlett-Packard) Hidden
DocumentViewer (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-2502786744-1622484038-505356971-1008\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - )
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Fax (Version: 47.0.1.000 - Hewlett-Packard) Hidden
FaxTools (HKLM\...\{F45298E5-0083-426F-A668-1A2C5F04B8A0}) (Version: 5.10 - BVRP Software)
Filter Forge 1.021 (HKLM\...\Filter Forge_is1) (Version:  - Filter Forge, Inc.)
FotoSketcher 3.20 (HKLM\...\{E7C6D565-2E48-4303-A114-AFE7B2E561AF}_is1) (Version:  - David THOIRON)
FoxyTunes for Firefox (HKLM\...\FoxyTunesForFirefox) (Version:  - )
Free Video To Audio Converter 2014 4.6.1 (HKLM\...\Free Video To Audio Converter 2014_is1) (Version:  - FAEMedia Co., Ltd.)
FullDPAppQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
GdiplusUpgrade (Version: 1.00.01 - Hewlett-Packard) Hidden
GemMaster Mystic (HKLM\...\12133444-BF36-4d4e-B7FB-A3424C645DE4) (Version:  - )
getPlus®_ocx (HKLM\...\getPlus®_ocx) (Version:  - )
G-Force (HKLM\...\G-Force) (Version: 3.5.6 - SoundSpectrum)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth (HKLM\...\{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}) (Version: 6.2.1.6014 - Google)
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Firefox (HKLM\...\{2CCBABCB-6427-4A55-B091-49864623C43F}) (Version: 7.1.20100830 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
Help and Support Additions (HKLM\...\Help and Support Additions) (Version:  - )
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
Highlight Viewer (Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation) Hidden
HighMAT Extension to Microsoft Windows XP CD Writing Wizard (HKLM\...\{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}) (Version: 1.1.1905.1 - Microsoft Corporation)
HijackThis 1.99.1 (HKLM\...\HijackThis) (Version: 1.99.1 - Soeperman Enterprises Ltd.)
Hijackthis 1.99.1 (HKLM\...\Hijackthis_is1) (Version:  - Soeperman Enterprises Ltd)
HP Connections XP (HKLM\...\{DCA27D8C-8144-4CF3-9A38-920548C06ED5}) (Version: 1.00.0000 - Hewlett-Packard)
HP Deskjet Preloaded Printer Drivers (HKLM\...\{F419D20A-7719-4639-8E30-C073A040D878}) (Version: 8.3.3.0 - Hewlett-Packard Company)
HP Extended Capabilities 4.7 (HKLM\...\HPExtendedCapabilities) (Version: 4.7 - HP)
HP Image Zone for Media Center PC (HKLM\...\{8D0C57BC-4942-4960-BB6D-142456D6F233}) (Version: 1.01.001 - Hewlett-Packard Company)
HP Image Zone Plus 4.2.3 (HKLM\...\{0D182A5E-AEE0-42ca-BD1D-4EEB2FFA256D}) (Version: 4.2.3 - HP)
HP Imaging Device Functions 6.0 (HKLM\...\HP Imaging Device Functions) (Version: 6.0 - HP)
HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Photosmart Premier Software 6.0 (HKLM\...\HP Photo & Imaging) (Version: 6.0 - HP)
HP Product Detection (HKLM\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company)
HP PSC & OfficeJet 4.7 (HKLM\...\{342C7C88-D335-4bc2-8CF1-281857629CE2}) (Version:  - HP)
HP Software Update (HKLM\...\{457791C5-D702-4143-A7B2-2744BE9573F2}) (Version: 2.0.39.20040212 - Hewlett-Packard)
HP Solution Center and Imaging Support Tools 6.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 6.0 - HP)
HP Tunes (HKLM\...\{D54193B7-D2DF-4977-B546-86CA48DB214E}) (Version: 2.1.0.5 - Hewlett-Packard Company)
HP Update (HKLM\...\{FE57DE70-95DE-4B64-9266-84DA811053DB}) (Version: 4.000.012.001 - Hewlett-Packard)
HPHDiscovery (Version: 1.0.0.0 - Hewlett-Packard) Hidden
HPIZ423 (Version: 42.2.3 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 60.0.155.000 - Hewlett-Packard) Hidden
HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden
HPSystemDiagnostics (Version: 1.6.0.0 - Your Company Name) Hidden
InstantShare (Version: 45.4.157.000 - Hewlett-Packard) Hidden
InstantShareDevices (Version: 60.0.155.000 - Hewlett-Packard) Hidden
InterActual Player (HKLM\...\InterActual Player) (Version:  - )
InterVideo DiscLabel (HKLM\...\{C3F058C0-A21C-452D-8D99-95B1A45F417D}) (Version:  - )
InterVideo WinDVD Creator (HKLM\...\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}) (Version: 2.5.14.382 - InterVideo Inc.)
InterVideo WinDVD Player (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.896 - InterVideo Inc.)
iTunes (HKLM\...\{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}) (Version: 10.3.1.55 - Apple Inc.)
Kaspersky Anti-Virus (HKLM\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Anti-Virus (Version: 16.0.0.614 - Kaspersky Lab) Hidden
Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version:  - )
LG CyberLink LabelPrint (Version: 2.5.3624 - CyberLink Corp.) Hidden
LG CyberLink Media Suite (Version: 8.0.2808 - CyberLink Corp.) Hidden
LG CyberLink PowerBackup (HKLM\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.6023 - CyberLink Corp.)
LG CyberLink YouCam (Version: 2.0.3718 - CyberLink Corp.) Hidden
LG ODD Auto Firmware Update (HKLM\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
LightScribe  1.4.62.1 (Version: 1.4.62.1 - hxxp://www.lightscribe.com) Hidden
LP_Flash (Version: 1.00.0000 - Hewlett-Packard) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Map Button (Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation) Hidden
MarketResearch (Version: 45.4.158.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB953295) (HKLM\...\KB953295) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM\...\KB979904) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Picture It! Express 7.0 (HKLM\...\{369B36BE-3D64-4641-9AEA-808D436FE130}) (Version: 7.0.0.0000 - Microsoft Corporation)
Microsoft Plus! Digital Media Edition (HKLM\...\{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}) (Version: 1.1.0.2423 - Microsoft Corporation)
Microsoft Plus! Digital Media Edition Installer (HKLM\...\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}) (Version: 1.1.0.3500 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
MSN (HKLM\...\MSNINST) (Version:  - )
MSN Music Assistant (HKLM\...\MSN Music Assistant) (Version:  - )
MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
muvee autoProducer 3.5 magicMoments - HPD (HKLM\...\{B103C8A7-D1CC-4B1A-BD41-883F652E097D}) (Version: 3.50.151 - muvee Technologies)
muvee autoProducer unPlugged - HPD (HKLM\...\{D8E4A88B-E35A-4F3B-AB60-42E7DB0EC765}) (Version: 1.0.000 - muvee Technologies)
MyFonts Order M3653804 (HKLM\...\{D5091BF6-A839-E388-A6F0-09F79D5CE6E7}) (Version: 1.0 - MyFonts.com, Inc.)
Netflix Movie Viewer (HKLM\...\{BCE72AED-3332-4863-9567-C5DCB9052CA2}) (Version: 1.2.211 - Netflix)
nik Color Efex Pro 2.0 IE (HKLM\...\nik Color Efex Pro 2.0 IE) (Version:  - )
Otto (HKLM\...\B3EE3001-DC24-4cd1-8743-5692C716659F) (Version:  - )
PanoStandAlone (Version: 60.0.155.000 - Hewlett-Packard) Hidden
PC-Doctor for Windows (HKLM\...\InstallShield_{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}) (Version: 1.06.002 - PC-Doctor, Inc.)
PC-Doctor for Windows (Version: 1.06.002 - PC-Doctor, Inc.) Hidden
PhotoGallery (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Photosmart 320,370,7400,8100,8400 Series (HKLM\...\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}) (Version: 2.0 - HP)
PrintScreen (Version: 43.1.5.000 - Hewlett-Packard) Hidden
ProductContext (Version: 47.0.1.000 - Hewlett-Packard) Hidden
PS2 (HKLM\...\PS2) (Version:  - )
PSPrinters06 (Version: 1.00.0000 - HP) Hidden
Python 2.2 combined Win32 extensions (HKLM\...\Python 2.2 combined Win32 extensions) (Version:  - )
Python 2.2.1 (HKLM\...\Python 2.2.1) (Version: 2.2.1 - PythonLabs at Zope Corporation)
QuickProjects (Version: 43.1.5.000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
RandMap (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Readme (Version: 47.0.1.000 - Hewlett-Packard) Hidden
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Rhapsody Player Engine (HKLM\...\{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}) (Version: 1.1.0 - RealNetworks)
Scan (Version: 4.5.0.0 - Hewlett-Packard) Hidden
ScannerCopy (Version: 4.5.0.0 - Hewlett-Packard) Hidden
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
SkinsHP1 (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Smart Menus (Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation) Hidden
SolutionCenter (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Sonic Audio Module (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 1.5.0 - Sonic Solutions)
Sonic CinePlayer (HKLM\...\{26792CA7-D87A-4DBE-896B-C2F66B344511}) (Version: 2.0.0 - Sonic Solutions)
Sonic Copy Module (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 1.5.0 - Sonic Solutions)
Sonic Data Module (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 1.5.0 - Sonic Solutions)
Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.95 - Sonic Solutions)
Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions)
Sonic Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 1.0.0 - Sonic Solutions)
Sonic MyDVD Studio Deluxe (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.0 - Sonic Solutions)
Sonic RecordNow! (HKLM\...\{9541FED0-327F-4DF0-8B96-EF57EF622F19}) (Version: 7.22 - Hewlett-Packard)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Sonic_PrimoSDK (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spotify (HKU\S-1-5-21-2502786744-1622484038-505356971-1008\...\Spotify) (Version: 1.0.20.94.g8f8543b3 - Spotify AB)
SpySubtract (HKLM\...\SpySubtract) (Version:  - interMute, Inc.)
Status (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Steinberg Cubase VST (HKLM\...\Steinberg Cubase VST) (Version:  - )
Steinberg Halion (HKLM\...\Steinberg Halion) (Version:  - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tablet (HKLM\...\Tablet Driver) (Version:  - Wacom Technology Corp.)
The Font Thing (HKLM\...\The Font Thing) (Version:  - )
Tomb Raider III (HKLM\...\Tomb Raider III) (Version:  - )
TrayApp (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Universal Media Player (HKLM\...\Universal Media Player) (Version:  - )
Unload (Version: 6.1.0 - Hewlett-Packard) Hidden
Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version:  - Microsoft Corporation)
USBFast (HKLM\...\{AED142A8-96EA-42DE-B212-60BFC98D6CC7}) (Version: 1.3.0.23 - Prolific Technology Inc.)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{10A44844-4465-456E-8C97-80BDD4F68845}) (Version: 6.500.3146.0 - Microsoft Corporation)
Windows Live OneCare safety scanner (HKLM\...\Windows Live OneCare safety scanner) (Version:  - )
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB925766 (HKLM\...\KB925766) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version:  - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.20.613 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{0C378864-D5C4-4D9C-854C-432E3BEC9CCB}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{17E67D4A-23A1-40D8-A049-EE34C0AF756A}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{294E9835-D0F1-4815-8C52-3C08FBB1403E}\InprocServer32 -> C:\Program Files\Hp\Common\RulesEngine.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{36385AE6-F389-41E3-97DF-7412F61418F8}\InprocServer32 -> C:\Program Files\Hp\Common\InternetUtil.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{42C68651-1700-4750-A81F-A1F5110E0F66}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{4774922A-8983-4ECC-94FD-7235F06F53A1}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{59B15028-399E-4B6D-A5F3-A8D7BFE17E1B}\InprocServer32 -> C:\Program Files\Hp\Common\HPeSupport.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{5A494E87-262C-4340-A539-2FAC0A85D935}\InprocServer32 -> C:\Program Files\Hp\Common\RulesEngine.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{5E6F22B3-7DF6-4C64-8AD0-1A6CC1351085}\InprocServer32 -> C:\Program Files\Hp\Common\HPScripting.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{60178279-6D62-43AF-A336-77925651A4C6}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{63B3EC14-9F70-4129-B935-46EFB37013E8}\InprocServer32 -> C:\Program Files\Hp\Common\HPeSupport.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{6470DE80-1635-4B5D-93A3-3701CE148A79}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{684E4896-6EFC-4A3D-B967-6105894A6796}\InprocServer32 -> C:\Program Files\Hp\Common\RulesEngine.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{6D84BC07-7979-4E59-9589-17E1E5A8FF55}\InprocServer32 -> C:\Program Files\Hp\Common\InternetUtil.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{784F2933-6BDD-4E5F-B1BA-A8D99B603649}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{7CB9D4F5-C492-42A4-93B1-3F7D6946470D}\InprocServer32 -> C:\Program Files\Hp\Common\RulesEngine.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{7DB9052D-4CDD-45F7-9EDF-8FE44F19678B}\InprocServer32 -> C:\Program Files\Hp\Common\InternetUtil.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{910E7ADE-7F75-402D-A4A6-BB1A82362FCA}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{93441C07-E57E-4086-B912-F323D741A9D8}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{9986CC36-7FA8-4E9A-ADE1-E197FCC5484B}\InprocServer32 -> C:\Program Files\Hp\Common\RulesEngine.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{A95845D8-8463-4605-B5FB-4F8CFBAC5C47}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{AB049B11-607B-46C8-BBF7-F4D6AF301046}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{AB237044-8A3B-42BB-9EE1-9BFA6721D9ED}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{B00FBC78-73CB-4216-8D01-96770CC020C3}\InprocServer32 -> C:\Program Files\HP\HP Software Update\HpuFunction.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{B5201019-B9A8-411C-A7AC-CEA856A63C00}\InprocServer32 -> C:\Program Files\Hp\Common\HPScripting.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{B9C13CD0-5A97-4C6B-8A50-7638020E2462}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{BC2971B9-2A4F-44C8-8D7F-04E027544828}\InprocServer32 -> C:\Program Files\Hp\Common\HPScripting.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{BC31D83D-B1F3-4B73-A8BF-6FE416AA8F85}\InprocServer32 -> C:\Program Files\HP\HP Software Update\HpuFunction.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{BE65189A-4770-47A0-9B7B-68827DB1C317}\InprocServer32 -> C:\Program Files\Hp\Common\RulesEngine.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{BF931895-AF82-467A-8819-917C6EE2D1F3}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{C70D0641-DDE1-4FD7-A4D4-DA187B80741D}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{C94188F6-0F9F-46B3-8B78-D71907BD8B77}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{CDAF9CEC-F3EC-4B22-ABA3-9726713560F8}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{CF6866F9-B67C-4B24-9957-F91E91E788DC}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{DC4F9DA0-DB05-4BB0-8FB2-03A80FE98772}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{DE233AFF-8BD5-457E-B7F0-702DBEA5A828}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{DF1F1C17-6A29-45FB-A3C6-9825908E062E}\InprocServer32 -> C:\Program Files\Hp\Common\RulesEngine.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{E12DA4F2-BDFB-4EAD-B12F-2725251FA6B0}\InprocServer32 -> C:\Program Files\Hp\Common\HPeDiag.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{EA084E0F-B62E-406E-B672-CE909626918B}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\HPBasicDetection3.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{FA9C5110-071C-4964-9DD0-610806FF0F81}\InprocServer32 -> C:\Program Files\HP\Common\HPDeviceDetection.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_18_0_0_203_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2502786744-1622484038-505356971-1008.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2502786744-1622484038-505356971-1008.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2502786744-1622484038-505356971-1008.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2502786744-1622484038-505356971-1008.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2502786744-1622484038-505356971-1008.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2502786744-1622484038-505356971-1008.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2502786744-1622484038-505356971-1008.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{8FE3CB99-92E6-4DAE-A627-DA855E22B17F}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Hot Deals\Adobe Store.lnk -> C:\hp\VINETLINK\VINETLINK.exe () -> "www.hp.com/go/adobespring05"
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Hot Deals\Keep Media.lnk -> C:\hp\VINETLINK\VINETLINK.exe () -> "www.hp.com/go/keepspring05"
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Hot Deals\NetSmartz.lnk -> C:\hp\VINETLINK\VINETLINK.exe () -> "www.hp.com/go/smartzspring05"
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Hot Deals\Online File Sharing.lnk -> C:\hp\VINETLINK\VINETLINK.exe () -> "www.hp.com/go/filesharespring05"

==================== Loaded Modules (Whitelisted) ==============

2007-06-05 13:20 - 2007-06-05 13:20 - 00177704 _____ () C:\WINDOWS\system32\PSIService.exe
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2016-05-07 16:05 - 2016-05-07 16:05 - 00101744 _____ () C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\zip.exe:SummaryInformation [43]
AlternateDataStreams: C:\Documents and Settings\HP_Administrator\fix.reg:SummaryInformation [43]
AlternateDataStreams: C:\Documents and Settings\HP_Administrator\Desktop\WacomTablet_496-8.exe:SummaryInformation [43]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSI_SVC_2 => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7881 more sites.

IE restricted site: HKU\S-1-5-19\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-19\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-19\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-19\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-19\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-19\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-19\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-19\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-19\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-19\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-19\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-19\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-19\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-19\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-19\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-19\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-19\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-19\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-19\...\171203.com -> 171203.com
IE restricted site: HKU\S-1-5-19\...\1800searchonline.com -> www.1800searchonline.com

There are 4172 more sites.

IE restricted site: HKU\S-1-5-20\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-20\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-20\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-20\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-20\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-20\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-20\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-20\...\1-extreme.biz -> www.1-extreme.biz
IE restricted site: HKU\S-1-5-20\...\1001-search.info -> www.1001-search.info
IE restricted site: HKU\S-1-5-20\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-20\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-20\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-20\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-20\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-20\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-20\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-20\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-20\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-20\...\171203.com -> 171203.com
IE restricted site: HKU\S-1-5-20\...\1800searchonline.com -> www.1800searchonline.com

There are 4172 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-11-05 00:24 - 2014-01-29 22:10 - 00449956 ____N C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15461 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2502786744-1622484038-505356971-1008\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.254
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnkStartup

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [%ProgramFiles%\iTunes\iTunes.exe] => enabled:iTunes
DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe] => Enabled:AOL
DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe] => Enabled:AOL
DomainProfile\AuthorizedApplications: [C:\Program Files\America Online 9.0\waol.exe] => Enabled:America Online 9.0
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\livecall.exe] => Enabled:Windows Live Messenger (Phone)
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dpvsetup.exe] => Enabled:Microsoft DirectPlay Voice Test
StandardProfile\AuthorizedApplications: [C:\Program Files\interMute\SpySubtract\SpySub.exe] => Enabled:SpySubtract
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Software Update\HPWUCli.exe] => Enabled:HP Software Update Client
StandardProfile\AuthorizedApplications: [C:\Program Files\Real\RealPlayer\realplay.exe] => Enabled:RealPlayer
StandardProfile\AuthorizedApplications: [C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe] => Disabled:Adobe Photoshop Elements Media Server
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Google Earth\client\googleearth.exe] => Enabled:Google Earth
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Google Earth\plugin\geplugin.exe] => Enabled:Google Earth
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Program Files\Veoh Networks\VeohWebPlayer\VeohWebPlayer.exe] => Enabled:Veoh Web Player
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\sessmgr.exe] => Disabled:@xpsp2res.dll,-22019
StandardProfile\AuthorizedApplications: [C:\Program Files\NetMeeting\conf.exe] => Disabled:Windows® NetMeeting®
StandardProfile\AuthorizedApplications: [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe] => Enabled:Kaspersky Anti-Virus
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\HP_Administrator\Application Data\Spotify\Spotify.exe] => Enabled:Spotify
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [8888:TCP] => Enabled:BiuHTTP

==================== Restore Points =========================

08-02-2016 11:37:41 System Checkpoint
09-02-2016 15:48:43 System Checkpoint
09-02-2016 18:26:04 Software Distribution Service 3.0
11-02-2016 16:32:25 System Checkpoint
12-02-2016 16:48:46 System Checkpoint
13-02-2016 17:32:25 System Checkpoint
14-02-2016 18:40:30 System Checkpoint
15-02-2016 23:38:45 System Checkpoint
17-02-2016 08:46:36 System Checkpoint
18-02-2016 18:16:22 System Checkpoint
20-02-2016 11:02:27 System Checkpoint
22-02-2016 11:12:20 System Checkpoint
23-02-2016 12:31:21 System Checkpoint
25-02-2016 02:56:00 System Checkpoint
26-02-2016 20:07:45 System Checkpoint
28-02-2016 10:11:57 System Checkpoint
29-02-2016 22:47:44 System Checkpoint
01-03-2016 19:14:16 First Restore Point
03-03-2016 11:14:47 System Checkpoint
05-03-2016 12:09:03 System Checkpoint
06-03-2016 23:50:31 System Checkpoint
08-03-2016 10:49:31 System Checkpoint
09-03-2016 09:00:17 Software Distribution Service 3.0
10-03-2016 14:20:36 System Checkpoint
12-03-2016 08:46:34 System Checkpoint
14-03-2016 12:33:52 System Checkpoint
15-03-2016 16:19:26 System Checkpoint
17-03-2016 23:03:24 System Checkpoint
19-03-2016 17:18:44 System Checkpoint
21-03-2016 00:03:18 System Checkpoint
22-03-2016 09:45:50 System Checkpoint
24-03-2016 00:03:18 System Checkpoint
25-03-2016 16:18:50 System Checkpoint
29-03-2016 10:12:48 System Checkpoint
30-03-2016 18:44:28 System Checkpoint
01-04-2016 11:14:36 System Checkpoint
02-04-2016 14:40:27 System Checkpoint
03-04-2016 20:59:43 System Checkpoint
05-04-2016 05:56:54 System Checkpoint
06-04-2016 21:44:40 System Checkpoint
08-04-2016 01:24:46 System Checkpoint
10-04-2016 23:01:54 System Checkpoint
12-04-2016 04:40:13 System Checkpoint
12-04-2016 18:32:56 Software Distribution Service 3.0
14-04-2016 18:29:06 System Checkpoint
15-04-2016 21:08:25 System Checkpoint
18-04-2016 06:00:39 System Checkpoint
19-04-2016 11:25:42 System Checkpoint
20-04-2016 16:55:22 System Checkpoint
22-04-2016 16:13:59 System Checkpoint
24-04-2016 07:09:13 System Checkpoint
25-04-2016 18:55:46 System Checkpoint
27-04-2016 00:48:47 System Checkpoint
28-04-2016 13:06:44 System Checkpoint
29-04-2016 18:57:28 System Checkpoint
30-04-2016 13:00:55 Restore Operation
01-05-2016 23:09:48 System Checkpoint
03-05-2016 01:23:52 System Checkpoint
04-05-2016 12:16:35 System Checkpoint
06-05-2016 09:10:05 System Checkpoint
07-05-2016 17:35:45 System Checkpoint
08-05-2016 23:39:32 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/08/2016 11:40:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 7.5.2016.0, faulting module frst.exe, version 7.5.2016.0, fault address 0x000211de.
Processing media-specific event for [frst.exe!ws!]

Error: (05/06/2016 02:25:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 2.3.173.0, faulting module version.dll, version 5.1.2600.5512, fault address 0x00001ddc.
Processing media-specific event for [mbam.exe!ws!]

Error: (05/03/2016 02:53:19 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (05/03/2016 03:08:05 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040206.

Error: (05/03/2016 03:08:05 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 800706BF from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.

Error: (04/27/2016 12:02:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 45.0.2.5941, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/26/2016 05:19:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 45.0.2.5941, faulting module mozglue.dll, version 45.0.2.5941, fault address 0x0000ec22.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (04/21/2016 05:06:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application realconverter.exe, version 16.0.3.51, faulting module unknown, version 0.0.0.0, fault address 0x485c7367.
Processing media-specific event for [realconverter.exe!ws!]

Error: (04/18/2016 06:39:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 45.0.2.5941, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/09/2016 01:06:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 45.0.1.5918, faulting module mozglue.dll, version 45.0.1.5918, fault address 0x0000f0ea.
Processing media-specific event for [plugin-container.exe!ws!]


System errors:
=============
Error: (05/08/2016 09:34:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Active File Monitor V4 service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/08/2016 09:34:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Pml Driver HPZ12 service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/08/2016 09:34:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the ZAM Controller Service service to connect.

Error: (05/08/2016 09:34:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
%%1053

Error: (05/08/2016 09:34:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Windows Media Player Network Sharing Service service to connect.

Error: (05/08/2016 09:29:53 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (05/08/2016 09:29:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the ZAM Controller Service service to connect.

Error: (05/07/2016 05:12:52 PM) (Source: DCOM) (EventID: 10005) (User: NAKAMI)
Description: DCOM got error "%%1058" attempting to start the service iPod Service with arguments ""
in order to run the server:
{7A7FB085-6068-4898-8CCA-480A9187277C}

Error: (05/07/2016 04:02:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/07/2016 04:02:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).


==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 3.00GHz
Percentage of memory in use: 44%
Total physical RAM: 2047.29 MB
Available physical RAM: 1133.21 MB
Total Virtual: 3388.63 MB
Available Virtual: 2751.13 MB

==================== Drives ================================

Drive c: (HP_PAVILION) (Fixed) (Total:226.12 GB) (Free:59.04 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (HP_RECOVERY) (Fixed) (Total:6.74 GB) (Free:0.67 GB) FAT32 ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 5FE34B69)
Partition 1: (Not Active) - (Size=6.8 GB) - (Type=0B)
Partition 2: (Active) - (Size=226.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#6 Goldwood

Goldwood
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:29 AM

Posted 09 May 2016 - 03:24 AM

FRST Fixlog:

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version:07-05-2016
Ran by HP_Administrator (2016-05-08 23:51:27) Run:2
Running from C:\Documents and Settings\HP_Administrator\Desktop
Loaded Profiles: HP_Administrator (Available Profiles: HP_Administrator & Administrator & Guest)
Boot Mode: Normal

==============================================

fixlist content:
*****************

start
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{152F97BA-E8EA-4FDC-B9BB-32589B6AD4F0}\localserver32 -> F:\__CDS.exe => No File
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfea75db495c48.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cffee44fc023e1.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d043201b8e31a4.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0912e766d841a.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0bf3fe6c9cf71.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0e35da3dd052.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0ef69a6406cc5.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d130b32902c382.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d15dd9c1134ab0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-6016B75E508}.job => E:\. I right clicked on properties for both the CD-ROM  and the DVD-RW drives to make sure the settings are correct for opening the drive when a disc is inserted. I have the autoplay set to prompt me each time to chose an action but the CD drive never opens when the disc is inserted. I have changed both settings to Select an action to perform, and that is set to play through my Windows Media player, but nothing happens. I have to open the disc up by clicking on the drive and opening it up manually. The strange thing is, I can copy the files by using my RecordNow software by Roxio. I would prefer the disc to open up when I insert it into the drive. I am wondering if there is any infection in my computer that may be switching my settings and/or functions causing my machine to act this way.
Shortcut: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Yahoo!\SiteBuilder\SiteBuilder.lnk -> C:\Program Files\Yahoo SiteBuilder\ysitebuilder.bat ()
Shortcut: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Yahoo!\SiteBuilder\Update SiteBuilder.lnk -> C:\Program Files\Yahoo SiteBuilder\update.bat ()
ShortcutWithArgument: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Yahoo!\Yahoo! SiteBuilder2.6-J.lnk -> C:\Program Files\Java\jre7\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://sitebuilder.yahoo.com/sitebuilder/webstart/sitebuilder.jnlp "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\57\26ab71b9-5c632978"
ShortcutWithArgument: C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AT&T Yahoo! Mail.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~1\Yahoo!\Common\Ymmapi.dll,OpenURL hxxp://mail.yahoo.com/?.redir=ymmapi10
AlternateDataStreams: C:\WINDOWS\zip.exe:SummaryInformation [43]
AlternateDataStreams: C:\WINDOWS\zip.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 [115]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 [104]
AlternateDataStreams: C:\Documents and Settings\HP_Administrator\fix.reg:SummaryInformation [43]
AlternateDataStreams: C:\Documents and Settings\HP_Administrator\fix.reg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Documents and Settings\HP_Administrator\Desktop\WacomTablet_496-8.exe:SummaryInformation [43]
AlternateDataStreams: C:\Documents and Settings\HP_Administrator\Desktop\WacomTablet_496-8.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\yserver.exe] => Disabled:Yahoo! FT Server
StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YPAGER.EXE] => Disabled:Yahoo! Messenger
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2502786744-1622484038-505356971-1008\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2502786744-1622484038-505356971-1008\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2502786744-1622484038-505356971-1008\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
URLSearchHook: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn22\yt.dll No File
SearchScopes: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> {2C9E0EE4-2610-B903-9AF4-523D61CB8099} URL = hxxp://www.startnow.com/s/?q={searchTerms}&src=defsearch&provider=Bing&provider_code=Z095&partner_id=667&product_id=636&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110626&user_guid=FD9EA4BBD8914B69A4137887540C8B68&machine_id=ae9c155223e984dbed7b1be58818983b&browser=IE&os=win&os_version=5.1-x86-SP3
SearchScopes: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> {B69C22F5-7773-4177-89FF-61BFB58E2445} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MS8TDF&pc=MS8TDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> {F39FCA2F-421E-42AE-B7EE-5F038CE7DD7B} URL =
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn22\yt.dll => No File
BHO: No Name -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -> __BHODemonDisabled => No File
BHO: Yahoo! IE Services Button -> {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -> C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll => No File
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll => No File
BHO: SidebarAutoLaunch Class -> {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} -> C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll [2005-02-03] (Yahoo! Inc.)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn17\YTSingleInstance.dll [2010-03-23] (Yahoo! Inc)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn22\yt.dll No File
Toolbar: HKLM - Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll No File
Toolbar: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
Toolbar: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn22\yt.dll No File
Toolbar: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> No Name - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -  No File
Toolbar: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -  No File
Toolbar: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} -  No File
Toolbar: HKU\S-1-5-21-2502786744-1622484038-505356971-1008 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} hxxp://download.yahoo.com/dl/installs/yab_af.cab
DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} hxxp://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_197.dll [No File]
FF Plugin: @meadco.com/neptune plugin,version=2.0.0.29 -> C:\PROGRA~1\MEADCO~1\npmeadax.dll [No File]
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\ATT\8.4.1.12\ma\bin\npMotive.dll [No File]
FF Plugin: @yverinfo.yahoo.com/YahooVersionInfoPlugin;version=1.0.0.1 -> C:\Program Files\Yahoo!\Shared\npYVerInfo.dll [No File]
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll [No File]
FF Plugin HKU\S-1-5-21-2502786744-1622484038-505356971-1008: @tools.google.com/Google Update;version=2 -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.2.121.9\npGoogleOneClick.dll [No File]
FF SearchPlugin: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\qpxq73t5.default\searchplugins\bing-zugo.xml [2011-06-25]
FF Extension: Yahoo! Toolbar - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\qpxq73t5.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2) [2014-09-13] [not signed]
FF HKLM\...\Thunderbird\Extensions: [{eea12ec4-729d-4703-bc37-106ce9879ce2}] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt => not found
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2011-06-09]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
S2 gupdate1c9c9d71833ca6e; C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-07-25] (Oracle Corporation)
S4 YPCService; C:\WINDOWS\system32\YPCSER~1.EXE [86016 2003-05-19] (Yahoo! Inc.) [File not signed]
S4 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe" [X]
S3 110df677-84f6-4876-9ba3-3ff35ca08517; \??\F:\Player\cds300.dll [X]
S3 catchme; \??\C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys [X]
S3 cleanhlp; \??\C:\EEK\bin\cleanhlp32.sys [X]
S3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [X]
U3 Winsock - Google Desktop Search Backup Before First Install; no ImagePath
U3 Winsock - Google Desktop Search Backup Before Last Install; no ImagePath
2016-04-21 13:24 - 2016-04-21 13:24 - 00000073 _____ C:\Documents and Settings\HP_Administrator\My Documents\erotic city link.txt
2016-05-04 13:55 - 2015-05-17 22:49 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0912e766d841a.job
2016-05-04 13:55 - 2014-11-12 18:51 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cffee44fc023e1.job
2016-05-04 12:54 - 2015-07-15 13:50 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0bf3fe6c9cf71.job
2016-05-06 08:54 - 2016-02-02 09:49 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d15dd9c1134ab0.job
2016-05-06 08:54 - 2015-12-06 22:50 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d130b32902c382.job
2016-05-03 22:54 - 2015-02-07 14:50 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d043201b8e31a4.job
2016-05-03 21:55 - 2015-09-14 20:50 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0ef69a6406cc5.job
2016-05-03 20:55 - 2015-08-30 12:49 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0e35da3dd052.job
2016-05-03 18:55 - 2009-06-30 10:53 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-03 17:56 - 2014-10-17 18:50 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfea75db495c48.job
2016-05-03 15:23 - 2014-08-29 14:46 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
C:\Documents and Settings\HP_Administrator\My Documents\Thumbs.db
2016-04-30 19:44 - 2015-06-12 10:06 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2502786744-1622484038-505356971-1008.job
2016-04-30 17:52 - 2013-09-14 15:59 - 00000308 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2502786744-1622484038-505356971-1008.job
2016-04-30 15:11 - 2006-11-28 17:05 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2502786744-1622484038-505356971-1008.job
2016-04-28 04:44 - 2012-08-05 23:55 - 00000308 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2502786744-1622484038-505356971-1008.job
2016-04-26 17:32 - 2013-01-14 08:19 - 00000348 _____ C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2502786744-1622484038-505356971-1008.job
C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2016-04-07 20:42 - 2005-03-25 23:48 - 00000196 _____ C:\Documents and Settings\HP_Administrator\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
 2005-03-25 13:42 - 2008-05-18 22:39 - 0007156 ____C () C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
C:\Documents and Settings\HP_Administrator\fix.reg
C:\Documents and Settings\HP_Administrator\g2ax_customer_downloadhelper_win32_x86.exe
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-6016B75E508}.job
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp20rr8d.dll
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\DseShExt-x86.dll
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\DUNZIP32.dll
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\fp_pl_pfs_installer.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jre-7u55-windows-i586-iftw.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\lowproc.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\oi_{4BF13721-0387-4DC4-8711-6F0163C5B4DD}.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pcDesktopAlertNotifierX.dll
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\rnupdate0.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\RT150809.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\SDShelEx-win32.dll
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\SHSetup.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\stubhelper.dll
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Uninstall.exe
Emptytemp:
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ip reset
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: netsh winsock reset
Reboot:




*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2502786744-1622484038-505356971-1008_Classes\CLSID\{152F97BA-E8EA-4FDC-B9BB-32589B6AD4F0} => key not found.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => not found.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfea75db495c48.job => not found.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cffee44fc023e1.job => not found.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d043201b8e31a4.job => not found.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0912e766d841a.job => not found.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0bf3fe6c9cf71.job => not found.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0e35da3dd052.job => not found.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0ef69a6406cc5.job => not found.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d130b32902c382.job => not found.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d15dd9c1134ab0.job => not found.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => not found.
C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => not found.
C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-6016B75E508}.job => not found.
Shortcut: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Yahoo!\SiteBuilder\SiteBuilder.lnk -> C:\Program Files\Yahoo SiteBuilder\ysitebuilder.bat () => Error: No automatic fix found for this entry.
Shortcut: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Yahoo!\SiteBuilder\Update SiteBuilder.lnk -> C:\Program Files\Yahoo SiteBuilder\update.bat () => Error: No automatic fix found for this entry.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Yahoo!\Yahoo! SiteBuilder2.6-J.lnk => Shortcut argument removed successfully..
C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AT&T Yahoo! Mail.lnk => Shortcut argument removed successfully..
"C:\WINDOWS\zip.exe" => ":SummaryInformation" ADS not found.
"C:\WINDOWS\zip.exe" => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS not found.
"C:\Documents and Settings\All Users\Application Data\TEMP" => ":5C321E34" ADS not found.
"C:\Documents and Settings\All Users\Application Data\TEMP" => ":D1B5B4F1" ADS not found.
"C:\Documents and Settings\HP_Administrator\fix.reg" => ":SummaryInformation" ADS not found.
"C:\Documents and Settings\HP_Administrator\fix.reg" => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS not found.
"C:\Documents and Settings\HP_Administrator\Desktop\WacomTablet_496-8.exe" => ":SummaryInformation" ADS not found.
"C:\Documents and Settings\HP_Administrator\Desktop\WacomTablet_496-8.exe" => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS not found.

========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F =========


The operation completed successfully


========= End of Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F =========


The operation completed successfully


========= End of Reg: =========


========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========


The operation completed successfully


========= End of Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========


The operation completed successfully


========= End of Reg: =========


========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========


The operation completed successfully


========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========


The operation completed successfully


========= End of Reg: =========

HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => key not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => key not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => key not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => key not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\yserver.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YPAGER.EXE => value not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-2502786744-1622484038-505356971-1008\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value not found.
HKU\S-1-5-21-2502786744-1622484038-505356971-1008\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-2502786744-1622484038-505356971-1008\Software\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL => value not found.
HKU\S-1-5-21-2502786744-1622484038-505356971-1008\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => value not found.
"HKCR\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}" => key removed successfully.
HKU\S-1-5-21-2502786744-1622484038-505356971-1008\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2C9E0EE4-2610-B903-9AF4-523D61CB8099} => key not found.
HKCR\CLSID\{2C9E0EE4-2610-B903-9AF4-523D61CB8099} => key not found.
"HKU\S-1-5-21-2502786744-1622484038-505356971-1008\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B69C22F5-7773-4177-89FF-61BFB58E2445}" => key removed successfully.
HKCR\CLSID\{B69C22F5-7773-4177-89FF-61BFB58E2445} => key not found.
"HKU\S-1-5-21-2502786744-1622484038-505356971-1008\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}" => key removed successfully.
HKCR\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4} => key not found.
"HKU\S-1-5-21-2502786744-1622484038-505356971-1008\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F39FCA2F-421E-42AE-B7EE-5F038CE7DD7B}" => key removed successfully.
HKCR\CLSID\{F39FCA2F-421E-42AE-B7EE-5F038CE7DD7B} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully.
"HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}" => key removed successfully.
"HKCR\CLSID\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" => key removed successfully.
"HKCR\CLSID\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}" => key removed successfully.
"HKCR\CLSID\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}" => key removed successfully.
"HKCR\CLSID\{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}" => key removed successfully.
"HKCR\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value removed successfully.
"HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} => value removed successfully.
"HKCR\CLSID\{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC}" => key removed successfully.
HKU\S-1-5-21-2502786744-1622484038-505356971-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} => value removed successfully.
HKCR\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} => key not found.
HKU\S-1-5-21-2502786744-1622484038-505356971-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value removed successfully.
HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => key not found.
HKU\S-1-5-21-2502786744-1622484038-505356971-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} => value removed successfully.
HKCR\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C} => key not found.
HKU\S-1-5-21-2502786744-1622484038-505356971-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} => value removed successfully.
HKCR\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} => key not found.
HKU\S-1-5-21-2502786744-1622484038-505356971-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} => value removed successfully.
HKCR\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} => key not found.
HKU\S-1-5-21-2502786744-1622484038-505356971-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value removed successfully.
"HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}" => key removed successfully.
"HKCR\CLSID\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A17E30C4-A9BA-11D4-8673-60DB54C10000}" => key removed successfully.
"HKCR\CLSID\{A17E30C4-A9BA-11D4-8673-60DB54C10000}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B9191F79-5613-4C76-AA2A-398534BB8999}" => key removed successfully.
"HKCR\CLSID\{B9191F79-5613-4C76-AA2A-398534BB8999}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D18F962A-3722-4B59-B08D-28BB9EB2281E}" => key removed successfully.
"HKCR\CLSID\{D18F962A-3722-4B59-B08D-28BB9EB2281E}" => key removed successfully.
"HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer" => key removed successfully.
"HKLM\Software\MozillaPlugins\@meadco.com/neptune plugin,version=2.0.0.29" => key removed successfully.
"HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0" => key removed successfully.
"HKLM\Software\MozillaPlugins\@yverinfo.yahoo.com/YahooVersionInfoPlugin;version=1.0.0.1" => key removed successfully.
"HKLM\Software\MozillaPlugins\Adobe Reader" => key removed successfully.
C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => moved successfully
"HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1" => key removed successfully.
"HKU\S-1-5-21-2502786744-1622484038-505356971-1008\Software\MozillaPlugins\@tools.google.com/Google Update;version=2" => key removed successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.2.121.9\npGoogleOneClick.dll => not found.
"C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\qpxq73t5.default\searchplugins\bing-zugo.xml" => not found.
C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\qpxq73t5.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2) => moved successfully
HKLM\Software\Mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2} => value removed successfully.
C:\Program Files\mozilla firefox\defaults\pref\itms.js => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\eahebamiopdhefndnmappcihfajigkka" => key removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji" => key removed successfully.
C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx => moved successfully
gupdate1c9c9d71833ca6e => service removed successfully.
JavaQuickStarterService => service removed successfully.
YPCService => service removed successfully.
McComponentHostService => service removed successfully.
110df677-84f6-4876-9ba3-3ff35ca08517 => service removed successfully.
catchme => service removed successfully.
cleanhlp => service removed successfully.
MREMP50 => service removed successfully.
MREMPR5 => service removed successfully.
MRENDIS5 => service removed successfully.
MRESP50 => service removed successfully.
Winsock - Google Desktop Search Backup Before First Install => service removed successfully.
Winsock - Google Desktop Search Backup Before Last Install => service removed successfully.
C:\Documents and Settings\HP_Administrator\My Documents\erotic city link.txt => moved successfully
"C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0912e766d841a.job" => not found.
"C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cffee44fc023e1.job" => not found.
"C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0bf3fe6c9cf71.job" => not found.
"C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d15dd9c1134ab0.job" => not found.
"C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d130b32902c382.job" => not found.
"C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d043201b8e31a4.job" => not found.
"C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0ef69a6406cc5.job" => not found.
"C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0e35da3dd052.job" => not found.
"C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job" => not found.
"C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfea75db495c48.job" => not found.
C:\WINDOWS\system32\d3d9caps.dat => moved successfully
C:\Documents and Settings\HP_Administrator\My Documents\Thumbs.db => moved successfully
C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => moved successfully
C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2502786744-1622484038-505356971-1008.job => moved successfully
C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2502786744-1622484038-505356971-1008.job => moved successfully
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => moved successfully
C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2502786744-1622484038-505356971-1008.job => moved successfully
C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2502786744-1622484038-505356971-1008.job => moved successfully
C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2502786744-1622484038-505356971-1008.job => moved successfully
"C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job" => not found.
C:\Documents and Settings\HP_Administrator\Application Data\G-Force Prefs (WindowsMediaPlayer).txt => moved successfully
C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat => moved successfully
C:\Documents and Settings\HP_Administrator\fix.reg => moved successfully
C:\Documents and Settings\HP_Administrator\g2ax_customer_downloadhelper_win32_x86.exe => moved successfully
"C:\Windows\Tasks\{22116563-108C-42c0-A7CE-6016B75E508}.job" => not found.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp20rr8d.dll => moved successfully
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\DseShExt-x86.dll => moved successfully
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\DUNZIP32.dll => moved successfully
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\fp_pl_pfs_installer.exe => moved successfully
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jre-7u55-windows-i586-iftw.exe => moved successfully
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe => moved successfully
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\lowproc.exe => moved successfully
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\oi_{4BF13721-0387-4DC4-8711-6F0163C5B4DD}.exe => moved successfully
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\pcDesktopAlertNotifierX.dll => moved successfully
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\rnupdate0.exe => moved successfully
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\RT150809.exe => moved successfully
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\SDShelEx-win32.dll => moved successfully
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\SHSetup.exe => moved successfully
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\stubhelper.dll => moved successfully
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Uninstall.exe => moved successfully

=========  bitsadmin /reset /allusers =========

'bitsadmin' is not recognized as an internal or external command,
operable program or batch file.

========= End of CMD: =========


=========  ipconfig /flushdns =========



Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========= End of CMD: =========


=========  ipconfig /release =========



Windows IP Configuration





Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . :

        IP Address. . . . . . . . . . . . : 0.0.0.0

        Subnet Mask . . . . . . . . . . . : 0.0.0.0

        Default Gateway . . . . . . . . . :


========= End of CMD: =========


=========  ipconfig /renew =========



Windows IP Configuration





Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . : attlocal.net

        IP Address. . . . . . . . . . . . : 192.168.1.64

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.1.254


========= End of CMD: =========


=========  netsh advfirewall reset =========

The following command was not found: advfirewall reset.

========= End of CMD: =========


=========  netsh advfirewall set allprofiles state ON =========

The following command was not found: advfirewall set allprofiles state ON.

========= End of CMD: =========


=========  netsh int ip reset =========

One or more essential parameters were not entered.
Verify the required parameters, and reenter them.
The syntax supplied for this command is not valid. Check help for the correct syntax.

Usage: reset [name=]<string>
 
Parameters:
 
      Tag            Value
      name         - The name of a file to which to append information
                     regarding what settings were reset.
 
Remarks: Resets TCP/IP and related components to a clean state.
 
Examples:
 
       reset resetlog.txt


========= End of CMD: =========


=========  netsh int ipv4 reset =========

The following command was not found: int ipv4 reset.

========= End of CMD: =========


=========  netsh int ipv6 reset =========

IPv6 is not installed.


========= End of CMD: =========


=========  netsh winsock reset =========


Sucessfully reset the Winsock Catalog.
You must restart the machine in order to complete the reset.


========= End of CMD: =========

EmptyTemp: => 6.6 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 23:55:26 ====



#7 Goldwood

Goldwood
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:29 AM

Posted 09 May 2016 - 03:29 AM

AdwCleaner [S1] scan:

 

 

 

# AdwCleaner v5.116 - Logfile created 09/05/2016 at 00:17:48
# Updated 09/05/2016 by Xplode
# Database : 2016-05-09.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (X86)
# Username : HP_Administrator - NAKAMI
# Running from : C:\Documents and Settings\HP_Administrator\Desktop\adwcleaner_5.116.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\Documents and Settings\All Users\Application Data\SecTaskMan
Folder Found : C:\Documents and Settings\All Users\Documents\Downloaded Installers
Folder Found : C:\Program Files\Yahoo!\Companion
Folder Found : C:\Program Files\advanced registry optimizer

***** [ Files ] *****


***** [ DLL ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\AppID\YCAPlugin.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YPUBC.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\yt.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YTabBar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\YTBM.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YTMsgr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YTNavAssist.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YTSingleInstance.DLL
Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector
Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Key Found : HKLM\SOFTWARE\Classes\ToolbarSvr.ToolbarServer
Key Found : HKLM\SOFTWARE\Classes\ToolbarSvr.ToolbarServer.1
Key Found : HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin
Key Found : HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin.6
Key Found : HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin
Key Found : HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4
Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
Key Found : HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin
Key Found : HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin.1
Key Found : HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin
Key Found : HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1
Key Found : HKLM\SOFTWARE\Classes\YMERemote.YMERemoteCtl
Key Found : HKLM\SOFTWARE\Classes\YMERemote.YMERemoteCtl.1
Key Found : HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl
Key Found : HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1
Key Found : HKLM\SOFTWARE\Classes\YPUBC.DataStore
Key Found : HKLM\SOFTWARE\Classes\YPUBC.DataStore.1
Key Found : HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler
Key Found : HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1
Key Found : HKLM\SOFTWARE\Classes\YPUBC.StringList
Key Found : HKLM\SOFTWARE\Classes\YPUBC.StringList.1
Key Found : HKLM\SOFTWARE\Classes\yt.CacheLoader
Key Found : HKLM\SOFTWARE\Classes\yt.CacheLoader.1
Key Found : HKLM\SOFTWARE\Classes\yt.Clickstream
Key Found : HKLM\SOFTWARE\Classes\yt.Clickstream.1
Key Found : HKLM\SOFTWARE\Classes\yt.YTHelper
Key Found : HKLM\SOFTWARE\Classes\yt.YTHelper.2
Key Found : HKLM\SOFTWARE\Classes\yt.YToolbarBand
Key Found : HKLM\SOFTWARE\Classes\yt.YToolbarBand.1
Key Found : HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl
Key Found : HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl.1
Key Found : HKLM\SOFTWARE\Classes\ytbbroker.YCAAssistant
Key Found : HKLM\SOFTWARE\Classes\ytbbroker.YCAAssistant.1
Key Found : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant
Key Found : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant.1
Key Found : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant
Key Found : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant.1
Key Found : HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant
Key Found : HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant.1
Key Found : HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant
Key Found : HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant.1
Key Found : HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant
Key Found : HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant.1
Key Found : HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant
Key Found : HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant.1
Key Found : HKLM\SOFTWARE\Classes\YTBM.YTBMButton
Key Found : HKLM\SOFTWARE\Classes\YTBM.YTBMButton.1
Key Found : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF
Key Found : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF.1
Key Found : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP
Key Found : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP.1
Key Found : HKLM\SOFTWARE\Classes\YTNavAssist.YTNavAssistPlugin
Key Found : HKLM\SOFTWARE\Classes\YTNavAssist.YTNavAssistPlugin.1
Key Found : HKLM\SOFTWARE\Classes\YTSingleInstance.SingleInstance
Key Found : HKLM\SOFTWARE\Classes\YTSingleInstance.SingleInstance.1
Key Found : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Found : HKLM\SOFTWARE\Classes\AppID\{07CDAAD9-1226-4C6D-B774-C00E7B323484}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35860EFB-1589-4F32-A618-99E847A502B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{39DCCEAF-C749-4390-9953-527CF916935C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{41D7CEE0-D91F-498C-BC88-4A6BEE46C2BC}
Key Found : HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9EDCCD11-960D-49AE-B523-C6B5AB7E1345}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EB2BA65E-41F6-4F64-92A6-216CDFFDF577}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
Key Found : HKLM\SOFTWARE\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B7A0E898-93E5-43f4-B99A-6C70B303699C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D40A62D1-8FC0-4F03-90C4-0DE03BE73A41}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F9A10D86-182A-4946-869B-70C3D109D14D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Found : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
Key Found : HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
Key Found : HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
Key Found : HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
Key Found : HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}
Key Found : HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}
Key Found : HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
Key Found : HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
Key Found : HKLM\SOFTWARE\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}
Key Found : HKLM\SOFTWARE\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F9A10D86-182A-4946-869B-70C3D109D14D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B82D18E0-1649-48DE-92D7-AA89BBB5F0AD}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D2EA97F6-6235-4B2D-B5AA-A4472B9CE557}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{0548C79F-7B8C-455D-B228-97D35371BB62}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00011268-E188-40DF-A514-835FCD78B1BF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00011268-E188-40DF-A514-835FCD78B1BF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\eSupport.com
Key Found : HKCU\Software\SlimWare Utilities Inc
Key Found : HKCU\Software\Yahoo\Companion
Key Found : HKCU\Software\Yahoo\YFriendsBar
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Software\Zugo
Key Found : HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKLM\SOFTWARE\SlimWare Utilities Inc
Key Found : HKLM\SOFTWARE\Viewpoint
Key Found : HKLM\SOFTWARE\Yahoo\Companion
Key Found : HKLM\SOFTWARE\Yahoo\YFriendsBar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{36415915-0B92-4F82-A240-42D3C14304F0}
Key Found : HKU\.DEFAULT\Software\Yahoo\Companion
Key Found : HKU\.DEFAULT\Software\Yahoo\YFriendsBar
Key Found : HKU\S-1-5-21-2502786744-1622484038-505356971-1008\Software\eSupport.com
Key Found : HKU\S-1-5-21-2502786744-1622484038-505356971-1008\Software\SlimWare Utilities Inc
Key Found : HKU\S-1-5-21-2502786744-1622484038-505356971-1008\Software\Yahoo\Companion
Key Found : HKU\S-1-5-21-2502786744-1622484038-505356971-1008\Software\Yahoo\YFriendsBar
Key Found : HKU\S-1-5-21-2502786744-1622484038-505356971-1008\Software\YahooPartnerToolbar
Key Found : HKU\S-1-5-21-2502786744-1622484038-505356971-1008\Software\Zugo
Key Found : HKU\S-1-5-21-2502786744-1622484038-505356971-1008\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKU\S-1-5-18\Software\Yahoo\Companion
Key Found : HKU\S-1-5-18\Software\Yahoo\YFriendsBar

***** [ Web browsers ] *****


*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [15110 bytes] - [09/05/2016 00:17:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [15184 bytes] ##########
 



#8 Goldwood

Goldwood
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:29 AM

Posted 09 May 2016 - 03:32 AM

JunkWare Removal Tool scan:

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Microsoft Windows XP x86
Ran by HP_Administrator (Administrator) on Mon 05/09/2016 at  0:33:54.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 4

Successfully deleted: C:\Documents and Settings\All Users\Start Menu\Programs\hot deals (Folder)
Successfully deleted: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\qpxq73t5.default\user.js (File)
Successfully deleted: C:\Documents and Settings\HP_Administrator\Application Data\yahoocouponaddon (Folder)
Successfully deleted: C:\WINDOWS\wininit.ini (File)

Deleted the following from C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\qpxq73t5.default\prefs.js
user_pref({5911488E-9D1E-40ec-8CBB-06B231CC153F}.update_url, hxxp://tbupdate.zugo.com/ztb/update?partner_id={partner_id}&product_id={product_id}&affiliate_id={affiliate_id}



Registry: 3

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 05/09/2016 at  0:37:13.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#9 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:29 PM

Posted 10 May 2016 - 08:52 AM

Hi again,

 

Step 1:

Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step 2:

MalwareBytes Anti-Rootkit scan:

  • Close all the running processes
  • Be sure to temporarily disable all antivirus/anti-spyware softwares
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.

:step1: Download MalwareBytes Anti-Rootkit software from here to your desktop.

  • Right-click on Mbar 1.09.1.1004.exe and select Run As Administrator  to launch the application.

:step2: Open a folder with MBAR name on desktop.
:step3: The MBAR folder in the list you find.
:step4: Click once. :step5:  Now click the OK button. :step6: Click the OK button again.

Ashampoo_Snap_2015.05.21_21h16m53s_002__
 
:step7: Then Next and click on the Uptade button
:step8: Now click on the scan button

  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
  • Could not load protection driver'. Click 'OK'.
  • Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the 'Cleanup' button yet. Click 'Exit'.
  • Please  attach the two log files created by the tool within the folder from which it was run.
  • The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt

Step 3:

RogueKiller scan:

  • Please download and run RogueKiller  32/64 bit to your desktop
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
  • Click Scan to scan the system.
  • When the scan completes > Close out the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!
  • Post back the report which should be located on your desktop.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 Goldwood

Goldwood
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:29 AM

Posted 10 May 2016 - 03:18 PM

MALWAREBYTES LOG:

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/10/2016
Scan Time: 10:27:44 AM
Logfile: mbam-application log.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.05.10.05
Rootkit Database: v2016.05.06.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: HP_Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 358665
Time Elapsed: 23 min, 38 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#11 Goldwood

Goldwood
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:29 AM

Posted 10 May 2016 - 03:21 PM

MALWAREBYTES ANTI-ROOTKIT BETA log:

 

 

 

 

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2016.05.10.05
  rootkit: v2016.05.06.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
HP_Administrator :: NAKAMI [administrator]

5/10/2016 11:11:16 AM
mbar-log-2016-05-10 (11-11-16).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 335169
Time elapsed: 5 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 



#12 Goldwood

Goldwood
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:29 AM

Posted 10 May 2016 - 03:23 PM

MALWAREBYTES ANTI-ROOTKIT BETA SYSTEM-LOG:

 

 

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.000000 GHz
Memory total: 2146742272, free: 1540653056

Downloaded database version: v2016.05.10.05
Downloaded database version: v2016.05.06.01
Downloaded database version: v2016.05.06.01
Initializing...
======================
Driver version: 0.3.0.4
------------ Kernel report ------------
     05/10/2016 11:09:33
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
kl1.sys
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
cm_km.sys
intelide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
klbackupdisk.sys
\WINDOWS\system32\DRIVERS\FLTMGR.SYS
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
sr.sys
drvmcdb.sys
PxHelp20.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
SISAGPX.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
Mup.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\Rtnicxp.sys
\SystemRoot\system32\DRIVERS\hcwPP2.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\AGRSM.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\drivers\pfc.sys
\SystemRoot\system32\drivers\iviaspi.sys
\SystemRoot\system32\drivers\sscdbhk5.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\wacomvhid.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\klim5.sys
\SystemRoot\system32\DRIVERS\klflt.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\wacommousefilter.sys
\SystemRoot\system32\DRIVERS\klmouflt.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\klbackupflt.sys
\SystemRoot\system32\DRIVERS\klif.sys
\SystemRoot\system32\DRIVERS\klhk.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\IrBus.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\klpd.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\drivers\ssrtln.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\kltdi.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\kltdf.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\??\C:\WINDOWS\System32\drivers\zamguard32.sys
\??\C:\WINDOWS\System32\drivers\zam32.sys
\SystemRoot\system32\DRIVERS\srvkp.sys
\SystemRoot\System32\drivers\sdcplh.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\kneps.sys
\SystemRoot\system32\DRIVERS\hidir.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\klkbdflt.sys
\SystemRoot\System32\Drivers\Cinemsup.SYS
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\drvnddm.sys
\SystemRoot\system32\dla\tfsndres.sys
\SystemRoot\system32\dla\tfsnifs.sys
\SystemRoot\system32\dla\tfsnopio.sys
\SystemRoot\system32\dla\tfsnpool.sys
\SystemRoot\system32\dla\tfsnboio.sys
\SystemRoot\system32\dla\tfsncofs.sys
\SystemRoot\system32\dla\tfsndrct.sys
\SystemRoot\system32\dla\tfsnudf.sys
\SystemRoot\system32\dla\tfsnudfa.sys
\SystemRoot\system32\DRIVERS\mdc8021x.sys
\SystemRoot\System32\Drivers\Nsynas32.SYS
\??\C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\kldisk.sys
\SystemRoot\system32\DRIVERS\srv.sys
\??\C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys
\SystemRoot\system32\DRIVERS\ipfltdrv.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2016.05.10.05
  rootkit: v2016.05.06.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8ae9cab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8ae83e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8ae9cab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8af08b00, DeviceName: \Device\Ide\IdeDeviceP2T0L0-e\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
The directory C:\WINDOWS\SYSTEM32\drivers seems inaccessible or encrypted.
Drivers scan is aborted.
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 5FE34B69

Partition information:

    Partition 0 type is Other (0xb)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 14167377
    Partition is bootable
    Partition file system is FAT32

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 14167440  Numsec = 474208560
    Partition is bootable
    Partition file system is NTFS

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff8a569618, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a743400, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a569618, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a52d9b8, DeviceName: Unknown, DriverName: \Driver\drvmcdb\
DevicePointer: 0xffffffff8a561a18, DeviceName: \Device\0000008f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff8a52f250, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a528cb8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a52f250, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a528ed0, DeviceName: Unknown, DriverName: \Driver\drvmcdb\
DevicePointer: 0xffffffff8a52e370, DeviceName: \Device\00000090\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff8a521ab8, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a535248, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a521ab8, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a535460, DeviceName: Unknown, DriverName: \Driver\drvmcdb\
DevicePointer: 0xffffffff8a5643e8, DeviceName: \Device\00000091\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff8a534998, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a564578, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a534998, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a564790, DeviceName: Unknown, DriverName: \Driver\drvmcdb\
DevicePointer: 0xffffffff8a52d030, DeviceName: \Device\00000092\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-1-14167440-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 



#13 Goldwood

Goldwood
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:29 AM

Posted 10 May 2016 - 03:27 PM

ROGUEKILLER REPORT:

 

 

 

 

RogueKiller V12.2.0.0 [May 10 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : HP_Administrator [Administrator]
Started from : C:\Documents and Settings\HP_Administrator\Desktop\RogueKiller.exe
Mode : Scan -- Date : 05/10/2016 12:34:50

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 6 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\Software\SlimWare Utilities Inc -> Found
[PUP] HKEY_LOCAL_MACHINE\Software\Viewpoint -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme (\??\C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys) -> Found
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\YahooAUService ("C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe") -> Found
[PUM.Https] HKEY_USERS\S-1-5-21-2502786744-1622484038-505356971-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings | WarnOnHTTPSToHTTPRedirect : 0  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2502786744-1622484038-505356971-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Maxtor 6B250S0 +++++
--- User ---
[MBR] 0ca6e40f8f0f3dfaa3d89e09d02c303c
[BSP] 08a4caf1d22b529f4f76b815581806d1 : Legit.Unknown|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 63 | Size: 6917 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 14167440 | Size: 231547 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic USB SM Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 



#14 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:29 PM

Posted 10 May 2016 - 05:36 PM

Hi,

Please open adwcleaner and press delete button.
============================================================
You must be offline to complete the following steps.
Please restart your computer in safe mode, (How to start Windows in Safe Mode - Windows 7/Vista)
Run RogueKiller again.

  • when the pre-scan finishes hit the Scan button.
  • when the scan completes, remove the check mark next to these entries:
[PUP] HKEY_LOCAL_MACHINE\Software\SlimWare Utilities Inc -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme (\??\C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys) -> Found
[PUM.Https] HKEY_USERS\S-1-5-21-2502786744-1622484038-505356971-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings | WarnOnHTTPSToHTTPRedirect : 0  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2502786744-1622484038-505356971-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2  -> Found
  • hit the Delete button.
  • click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the log should be found as RKreport[1].txt on your Desktop

Please restart your computer and run RogueKiller again and send the result of that log also.


Edited by olgun52, 12 May 2016 - 04:53 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 Goldwood

Goldwood
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:29 AM

Posted 11 May 2016 - 08:28 PM

Are you sure I should delete all of my Yahoo keys with AdwCleaner? Doesn't seem right. The last time I was told to delete everything from the Adware Cleaner scan results, my CD burner stopped working. I just don't want to delete anything that may affect the way some programs work.


Edited by Goldwood, 11 May 2016 - 08:31 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users