Jump to content
poppy2

trojan.dropper/svchost-fake has infected my computer

Recommended Posts

Hi, I found trojan.dropper/svchost-fake when doing a scan with super antispyware free edition.  I removed it but I would like to make sure it is gone.  I ran Farbar recovery snanner and the results are attached.  I tried to paste the results and send it but my browser got hung up.    My browser has been getting hung up after a few minutes all the time now when I try to go to another page or click on a link.   The computer has been running extremely slow and everything I do takes forever.   thanks!!

 

FRST.txt

Addition.txt

Share this post


Link to post
Share on other sites

forgot to mention I had recently installed bitdefender free edition since windows xp is no longer being updated.  I had Microsoft Security Essentials.  I am thinking of switching to Avast to see if the browser hangups is being caused by bitdefender.  That is the only thing that is new on the computer. Thanks.

Share this post


Link to post
Share on other sites

Welcome to the forum.

Please run a Quick Scan with Malwarebytes like this:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

If you're using Malwarebytes 2.0, please run a Threat Scan

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

Then.......

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Share this post


Link to post
Share on other sites

Thanks, Mr. Charlie,

 

Here are the reports:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.04.08.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Compaq_Administrator :: BETSY [administrator]

4/8/2014 10:55:06 PM
mbam-log-2014-04-08 (22-55-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | PUP | PUM
Scan options disabled: Heuristics/Shuriken | P2P
Objects scanned: 261871
Time elapsed: 15 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Compaq_Administrator [Admin rights]
Mode : Scan -- Date : 04/08/2014 23:23:41
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[sUSP PATH] arservice.exe -- C:\WINDOWS\arservice.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[WALLPAPER][PUM] HKCU\[...]\Desktop : Wallpaper (C:\Documents and Settings\Compaq_Administrator\My Documents\My Pictures\Picasa\Backgrounds\picasabackground-001b.bmp) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 1 ¤¤¤
[FF][PUP] lnz31fjj.default : Yahoo Toolbar

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : PUP ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Maxtor 6L200M0 +++++
--- User ---
[MBR] 397b623dbac3e08eb39e69b8f21d1d9d
[bSP] 8a7884da59e414827f91c43dcf324e78 : Toshiba MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 8205 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16803990 | Size: 182574 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic USB SD Reader USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) Generic USB CF Reader USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Generic USB SM Reader USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) Generic USB MS Reader USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_04082014_232341.txt >>



 

Share this post


Link to post
Share on other sites

OK, lets run some scans:

Make sure you have created that system restore point before you continue!

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (Leave the KSN box checked)

    image000q.png

  • Put a checkmark beside loaded modules.

    2012081514h0118.png

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    clip.jpg

  • Click the Start Scan button.

    19695967.jpg

  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If in doubt about an entry....please ask or choose Skip

  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

Then...........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

http://www.bleepingcomputer.com/download/combofix/dl/12/ <---ComboFix direct download

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Share this post


Link to post
Share on other sites

Run TDSSKiller again and choose Delete for this one only: (no need to post the log)

13:31:25.0750 0x085c \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

13:31:25.0750 0x085c \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Then.........

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Next..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

MrC

Share this post


Link to post
Share on other sites

Ok thanks MrC.  While running AdwCleaner scan Bitdefender (my virus protection program that was running in the background) found & quarantined 2 files -trojan.generic 6524559 and trojan generic7655897.  another log that was posted in bitdefender today had rootkit.tdss.bk twice.  These were quarantined also.  Could be rootkit.tdss just be tdsskiller program that I ran?

 

Anyway here are the logs:

 

# AdwCleaner v3.023 - Report created 10/04/2014 at 09:41:17
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Compaq_Administrator - BETSY
# Running from : C:\Documents and Settings\Compaq_Administrator\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : CltMngSvc

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\registry mechanic
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\SearchProtect
Folder Deleted : C:\Documents and Settings\Compaq_Administrator\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\lnz31fjj.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\eBay.lnk
File Deleted : C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\lnz31fjj.default\searchplugins\conduit-search.xml
File Deleted : C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\lnz31fjj.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF0118D4-63FF-4138-9327-F3028FB1A578}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PlaySushi

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\lnz31fjj.default\prefs.js ]


Line Deleted : user_pref("browser.search.defaultenginename", "Conduit Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Conduit Search");
Line Deleted : user_pref("playsushi.position.button", true);

-\\ Google Chrome v34.0.1847.116

[ File : C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : icon_url

*************************

AdwCleaner[R0].txt - [5296 octets] - [10/04/2014 08:44:54]
AdwCleaner[s0].txt - [4646 octets] - [10/04/2014 09:41:17]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4706 octets] ##########
 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.04.10.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Compaq_Administrator :: BETSY [administrator]

4/10/2014 9:54:11 AM
MBAM-log-2014-04-10 (10-16-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | PUP | PUM
Scan options disabled: Heuristics/Shuriken | P2P
Objects scanned: 264039
Time elapsed: 17 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Compaq_Administrator\My Documents\Downloads\setup_ic.exe (PUP.Optional.Bundlore) -> No action taken.

(end)

Share this post


Link to post
Share on other sites

Could be rootkit.tdss just be tdsskiller program that I ran?

Yes, most likely.

 

Just to be sure lets run TDSSKiller as before.

 

If nothing is found..no need to post the logs.

 

Let me know how it is......MrC

Share this post


Link to post
Share on other sites

Browser was still getting hung up so I changed antivirus from bitdefender to avast thinking that since bitdefender was a new program I had just installed a few days ago maybe it was causing problems.  Avast did an initial scan and found something then recommended some type of scan before windows opened up.  I followed through on that and it found:

 

HTML:Object-inf

win32:Dropper-gen (Drp)

HTML: Bankfraud A (Trj)

Win32 Somoto-Nm (pup)

MBR:Alureon-B (Rtk)

Win32:Alureon-MJ@mbr (Rtk)

Win, Win64:Alureon-B@mber (Rtk)

Java:CVE-2012 (Expl)

 

I tried using the browser again after this and it did not get hung up so hopefully it found the problem there.  With all this stuff I'm thinking there still may be other problems though.  Any other suggestions?

Thanks!!!

Share this post


Link to post
Share on other sites

What browser is giving you the problem??

Run another scan with FRST.exe and make sure the Addition box is checked.

MrC

Share this post


Link to post
Share on other sites

I'm using firefox browser.  Here are the FRST results:

Thanks!

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by Compaq_Administrator at 2014-04-11 08:50:55
Running from C:\Documents and Settings\Compaq_Administrator\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.2.602 - Adobe Systems, Inc.)
Agere Systems PCI-SV92PP Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - )
Amazon Kindle For PC v1.1 (HKLM\...\Amazon Kindle For PC) (Version:  - )
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}) (Version: 3.0.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5166 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.17-050813a1-025991C-HP - )
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2016 - Avast Software)
Bonjour (HKLM\...\{8A253629-0511-4854-8B4E-46E57E66005C}) (Version: 2.0.1.2 - Apple Inc.)
c4200_Help (Version: 82.0.203.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Compaq Connections (remove only) (HKLM\...\HPOOVClient-5577497 Uninstaller) (Version:  - )
Compaq Game Console and games (HKLM\...\Compaq Game Console) (Version:  - WildTangent)
Compaq Multimedia Keyboard Software (HKLM\...\KBD) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Control Center for KODAK Webcams (HKLM\...\Control Center for KODAK Webcams) (Version:  - )
CorelDRAW Graphics Suite 12 (HKLM\...\{505AFDC0-5E72-4928-8368-5DEA385E3647}) (Version: 12.0.0.536 - Corel Corporation)
cp_LightScribeConfig (Version: 53.0.24.000 - Hewlett-Packard) Hidden
cp_LightScribePlugin (Version: 53.0.24.000 - Hewlett-Packard) Hidden
CP_Package_Variety1 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CP_Package_Variety2 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CP_Package_Variety3 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
Epson Event Manager (HKLM\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 630 Series Printer Uninstall (HKLM\...\EPSON WorkForce 630 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4i - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION)
ffdshow [rev 2527] [2008-12-19] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden
InterVideo WinDVD Player (HKLM\...\{3912A629-0020-0005-3757-2FBA74D4DF0A}) (Version:  - )
InterVideo WinDVD Player (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.896 - InterVideo Inc.)
iTunes (HKLM\...\{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}) (Version: 9.1.1.12 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LightScribe  1.4.52.1 (Version: 1.4.52.1 - Integrator) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB953295) (HKLM\...\KB953295) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM\...\KB979904) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Away Mode (HKLM\...\AwayMode160) (Version: 6.0.0160.0 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Flight Simulator 98 (HKLM\...\Flight Simulator 98) (Version:  - )
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
Microsoft Midtown Madness 2 (HKLM\...\Midtown Madness 2.0) (Version:  - )
Microsoft Money 2005 (HKLM\...\Money2005b) (Version: 14 - Microsoft)
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office 2000 Standard (HKLM\...\{00020409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
Move Networks Media Player for Internet Explorer (HKCU\...\Move Networks Player - IE) (Version:  - )
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Myst III: Exile (HKLM\...\{9F05B89E-2873-11D5-9E9D-0050DA1EA555}) (Version:  - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Project64 1.6 (HKLM\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
PS_AIO_ProductContext (Version: 82.0.203.000 - Hewlett-Packard) Hidden
PS2 (HKLM\...\PS2) (Version:  - )
QuickBooks Pro 2006 (HKLM\...\{69B02159-7622-4DBB-B9EE-F933039830AD}) (Version:  - )
Quicken 2006 (HKLM\...\{2818095F-FB6C-42C8-827E-0A406CC9AFF5}) (Version: 15.1.1.29 - Intuit)
SCRABBLE from Compaq (remove only) (HKLM\...\FA6A73EB-40AB-4B58-851D-3892B3C10EF6) (Version:  - WildTangent)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sonic Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Sonic Solutions)
Sonic MyDVD Plus (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.2.0 - Sonic Solutions)
Sonic RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.4 - Sonic Solutions)
Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.4 - Sonic Solutions)
Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.4 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SpywareBlaster 4.4 (HKLM\...\SpywareBlaster_is1) (Version: 4.4.0 - Javacool Software LLC)
Street Atlas USA 5.0 (HKLM\...\Street Atlas USA 5.0) (Version:  - )
SUPERAntiSpyware Free Edition (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.25.0.1012 - SUPERAntiSpyware.com)
TaxACT 2007 (HKLM\...\TaxACT 2007) (Version:  - 2nd Story Software, Inc.)
TaxACT 2008 (HKLM\...\TaxACT 2008) (Version:  - 2nd Story Software, Inc.)
TaxACT 2008 New Jersey (HKLM\...\TaxACT 2008 New Jersey) (Version:  - 2nd Story Software, Inc.)
TaxACT 2009 (HKLM\...\TaxACT 2009) (Version:  - 2nd Story Software, Inc.)
TaxACT 2009 New Jersey (HKLM\...\TaxACT 2009 New Jersey) (Version:  - 2nd Story Software, Inc.)
TaxACT 2010 (HKLM\...\TaxACT 2010) (Version:  - 2nd Story Software, Inc.)
TaxACT 2010 New Jersey (HKLM\...\TaxACT 2010 New Jersey) (Version:  - 2nd Story Software, Inc.)
TaxACT 2011 - 1040 Edition (HKLM\...\TaxACT 2011 - 1040 Edition) (Version:  - 2nd Story Software, Inc.)
TaxACT 2011 New Jersey (HKLM\...\TaxACT 2011 New Jersey) (Version:  - 2nd Story Software, Inc.)
TaxACT 2012 - 1040 Edition (HKLM\...\TaxACT 2012 - 1040 Edition) (Version:  - 2nd Story Software, Inc.)
TaxACT 2012 New Jersey (HKLM\...\TaxACT 2012 New Jersey) (Version:  - 2nd Story Software, Inc.)
TaxACT New Jersey 2007 (HKLM\...\TaxACT New Jersey 2007) (Version:  - 2nd Story Software, Inc.)
The Sims Makin' Magic (HKLM\...\{9A00D1BA-D03A-44E5-AF28-86A1F377DF61}) (Version:  - )
TurboTax Basic 2005 (HKLM\...\TurboTax Basic 2005) (Version:  - )
TurboTax Basic 2006 (HKLM\...\TurboTax Basic 2006) (Version:  - )
TurboTax ItsDeductible 2005 (HKLM\...\{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}) (Version: 9.05.0000 - Intuit)
TurboTax ItsDeductible 2006 (HKLM\...\{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}) (Version: 10.00.0000 - Intuit)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB971930) (HKLM\...\KB971930-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976749) (HKLM\...\KB976749-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Media Player 10 (KB910393) (Version:  - Microsoft Corporation) Hidden
Update for Windows Media Player 10 (KB913800) (Version:  - Microsoft Corporation) Hidden
Update for Windows Media Player 10 (KB926251) (Version:  - Microsoft Corporation) Hidden
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951072-v2) (HKLM\...\KB951072-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB953356) (HKLM\...\KB953356) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version:  - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WexTech AnswerWorks (HKLM\...\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}) (Version: 1.00.000 - )
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.7.0018.5 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows PowerShell 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB925766 (HKLM\...\KB925766) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version:  - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinZip Self-Extractor (HKLM\...\WinZip Self-Extractor) (Version:  - WinZip Computing, S.L.)

==================== Restore Points  =========================

11-01-2014 17:02:38 Software Distribution Service 3.0
12-01-2014 17:15:18 Software Distribution Service 3.0
14-01-2014 01:09:21 Software Distribution Service 3.0
14-01-2014 18:14:11 Software Distribution Service 3.0
15-01-2014 02:54:32 Software Distribution Service 3.0
16-01-2014 01:00:20 Software Distribution Service 3.0
17-01-2014 00:55:22 Software Distribution Service 3.0
18-01-2014 15:47:10 Software Distribution Service 3.0
19-01-2014 17:28:00 Software Distribution Service 3.0
20-01-2014 22:50:10 Software Distribution Service 3.0
21-01-2014 23:17:53 Software Distribution Service 3.0
22-01-2014 23:38:20 Software Distribution Service 3.0
24-01-2014 00:53:55 Software Distribution Service 3.0
25-01-2014 18:42:27 Software Distribution Service 3.0
27-01-2014 03:06:11 Software Distribution Service 3.0
28-01-2014 22:38:49 Software Distribution Service 3.0
29-01-2014 22:40:34 System Checkpoint
30-01-2014 21:22:28 Software Distribution Service 3.0
31-01-2014 21:30:16 Software Distribution Service 3.0
02-02-2014 17:49:44 Software Distribution Service 3.0
03-02-2014 21:13:26 Software Distribution Service 3.0
04-02-2014 23:18:38 Software Distribution Service 3.0
05-02-2014 23:51:15 System Checkpoint
06-02-2014 13:26:04 Software Distribution Service 3.0
07-02-2014 23:29:59 Software Distribution Service 3.0
09-02-2014 00:25:46 Software Distribution Service 3.0
10-02-2014 22:04:28 Software Distribution Service 3.0
11-02-2014 23:12:54 System Checkpoint
12-02-2014 00:47:25 Software Distribution Service 3.0
12-02-2014 01:00:19 Software Distribution Service 3.0
13-02-2014 19:34:00 Software Distribution Service 3.0
15-02-2014 22:32:41 Software Distribution Service 3.0
17-02-2014 21:33:57 Software Distribution Service 3.0
18-02-2014 00:25:55 Software Distribution Service 3.0
19-02-2014 00:43:38 System Checkpoint
19-02-2014 03:39:37 Software Distribution Service 3.0
20-02-2014 22:44:10 Software Distribution Service 3.0
22-02-2014 19:08:30 Software Distribution Service 3.0
23-02-2014 19:29:12 System Checkpoint
24-02-2014 21:12:14 Software Distribution Service 3.0
24-02-2014 23:54:12 Software Distribution Service 3.0
26-02-2014 03:39:34 Software Distribution Service 3.0
27-02-2014 21:29:14 Software Distribution Service 3.0
28-02-2014 21:31:32 System Checkpoint
01-03-2014 12:58:41 Software Distribution Service 3.0
02-03-2014 16:15:41 Software Distribution Service 3.0
04-03-2014 00:26:29 Software Distribution Service 3.0
05-03-2014 00:49:08 System Checkpoint
05-03-2014 01:37:17 Software Distribution Service 3.0
06-03-2014 01:58:06 System Checkpoint
06-03-2014 03:37:11 Software Distribution Service 3.0
06-03-2014 13:02:59 Installed Java 7 Update 51
07-03-2014 12:21:46 Software Distribution Service 3.0
09-03-2014 18:08:28 Software Distribution Service 3.0
10-03-2014 23:42:34 Software Distribution Service 3.0
14-03-2014 00:14:56 Software Distribution Service 3.0
15-03-2014 13:09:02 Software Distribution Service 3.0
15-03-2014 13:28:26 Software Distribution Service 3.0
16-03-2014 15:54:21 Software Distribution Service 3.0
20-03-2014 18:57:00 Software Distribution Service 3.0
21-03-2014 00:01:34 Software Distribution Service 3.0
21-03-2014 21:59:52 Software Distribution Service 3.0
22-03-2014 02:41:05 Software Distribution Service 3.0
23-03-2014 01:25:06 Software Distribution Service 3.0
24-03-2014 20:36:05 Software Distribution Service 3.0
29-03-2014 00:52:07 System Checkpoint
30-03-2014 14:48:23 Software Distribution Service 3.0
31-03-2014 22:44:04 Software Distribution Service 3.0
02-04-2014 12:21:01 Software Distribution Service 3.0
03-04-2014 00:00:53 Software Distribution Service 3.0
04-04-2014 22:00:20 Software Distribution Service 3.0
05-04-2014 23:47:27 Software Distribution Service 3.0
06-04-2014 17:27:07 Installed Windows XP Wdf01009.
06-04-2014 22:52:10 Removed Google+ Auto Backup
07-04-2014 23:50:35 System Checkpoint
09-04-2014 00:06:28 System Checkpoint
09-04-2014 03:38:14 malware directions
09-04-2014 16:40:15 diagnostics
09-04-2014 23:25:25 Software Distribution Service 3.0
10-04-2014 23:37:52 System Checkpoint
11-04-2014 01:57:14 avast! antivirus system restore point
11-04-2014 12:15:00 Removed QuickTime

==================== Hosts content: ==========================

2014-04-09 14:03 - 2014-04-09 14:14 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2014-04-11 04:47 - 2014-04-11 04:47 - 02209792 _____ () C:\Program Files\AVAST Software\Avast\defs\14041100\algo.dll
2004-08-10 08:00 - 2011-02-04 18:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll
2004-08-10 08:00 - 2013-01-02 02:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2004-08-10 08:00 - 2008-04-14 05:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-10 08:00 - 2008-04-14 05:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-04-10 21:58 - 2014-04-10 21:58 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2005-08-03 03:19 - 2005-08-03 03:19 - 00050176 _____ () C:\WINDOWS\armcex.dll
2014-03-28 21:48 - 2014-03-28 21:48 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\Compaq_Administrator\Desktop\AdwCleaner.exe:BDU
AlternateDataStreams: C:\Documents and Settings\Compaq_Administrator\Desktop\avast_free_antivirus_setup.exe:BDU
AlternateDataStreams: C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe:BDU
AlternateDataStreams: C:\Documents and Settings\Compaq_Administrator\Desktop\RogueKiller.exe:BDU
AlternateDataStreams: C:\Documents and Settings\Compaq_Administrator\Desktop\tdsskiller.exe:BDU

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\08168067.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\64325346.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\08168067.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\64325346.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/10/2014 09:35:38 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 129093

Error: (04/10/2014 09:35:38 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 129093

Error: (04/10/2014 09:35:38 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/10/2014 07:45:31 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 28811078

Error: (04/10/2014 07:45:31 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 28811078

Error: (04/10/2014 07:45:31 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/10/2014 07:42:22 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 28622375

Error: (04/10/2014 07:42:22 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 28622375

Error: (04/10/2014 07:42:22 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/10/2014 07:42:08 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 28608125


System errors:
=============
Error: (04/11/2014 08:42:29 AM) (Source: Service Control Manager) (User: )
Description: The ARSVC service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/10/2014 09:52:46 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error:
%%5

Error: (04/10/2014 09:52:45 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (04/10/2014 09:46:34 PM) (Source: Service Control Manager) (User: )
Description: The Bitdefender Antivirus Free Edition service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (04/10/2014 09:43:45 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (04/10/2014 07:16:26 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
fasttx2k
IntelIde
ViaIde

Error: (04/10/2014 10:21:51 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
fasttx2k
IntelIde
ViaIde

Error: (04/10/2014 08:37:51 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
fasttx2k
IntelIde
ViaIde

Error: (04/10/2014 08:37:51 AM) (Source: Service Control Manager) (User: )
Description: The Search Protect by Conduit Service service failed to start due to the following error:
%%3

Error: (04/09/2014 07:39:52 PM) (Source: Service Control Manager) (User: )
Description: The Search Protect by Conduit Service service failed to start due to the following error:
%%3


Microsoft Office Sessions:
=========================
Error: (04/10/2014 09:35:38 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 129093

Error: (04/10/2014 09:35:38 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 129093

Error: (04/10/2014 09:35:38 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/10/2014 07:45:31 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 28811078

Error: (04/10/2014 07:45:31 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 28811078

Error: (04/10/2014 07:45:31 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/10/2014 07:42:22 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 28622375

Error: (04/10/2014 07:42:22 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 28622375

Error: (04/10/2014 07:42:22 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/10/2014 07:42:08 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 28608125


==================== Memory info ===========================

Percentage of memory in use: 69%
Total physical RAM: 958.48 MB
Available physical RAM: 289.7 MB
Total Pagefile: 2311.91 MB
Available Pagefile: 1683.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1937.59 MB

==================== Drives ================================

Drive c: (PRESARIO) (Fixed) (Total:178.3 GB) (Free:52.81 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (PRESARIO_RP) (Fixed) (Total:8 GB) (Free:1 GB) FAT32 ==>[Drive with boot components (Windows XP)]
Drive e: (MIDTOWN2) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 186 GB) (Disk ID: 1549F232)
Partition 1: (Not Active) - (Size=8 GB) - (Type=0C)
Partition 2: (Active) - (Size=178 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01 (ATTENTION: ====> FRST version is 29 days old and could be outdated)
Ran by Compaq_Administrator (administrator) on BETSY on 11-04-2014 08:49:42
Running from C:\Documents and Settings\Compaq_Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehRecvr.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehSched.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Google Inc.) C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [EEventManager] - C:\Program Files\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [iSUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-28] (InstallShield Software Corporation)
HKLM\...\Run: [ehTray] - C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-06] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-10] (AVAST Software)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\RunOnce: [RunNarrator] - C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-3802832114-202172747-1413937691-1008\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-3802832114-202172747-1413937691-1008\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-04-10] (Google Inc.)
HKU\S-1-5-21-3802832114-202172747-1413937691-1008\...\Policies\system: [DisableClock] 0
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk
ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\lnz31fjj.default


FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\lnz31fjj.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-04-21]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-10]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-10]

========================== Services (Whitelisted) =================

S2 ARSVC; C:\WINDOWS\arservice.exe [58880 2005-08-03] (Microsoft)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-10] (AVAST Software)
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-14] (SEIKO EPSON CORPORATION)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-06] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [3644928 2005-08-29] (Realtek Semiconductor Corp.)
R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36352 2005-03-09] (Advanced Micro Devices)
R3 aracpi; C:\WINDOWS\System32\DRIVERS\aracpi.sys [22784 2005-08-03] (Microsoft Corporation)
S3 arhidfltr; C:\WINDOWS\System32\DRIVERS\arhidfltr.sys [19200 2005-08-03] (Microsoft Corporation)
R3 arkbcfltr; C:\WINDOWS\System32\DRIVERS\arkbcfltr.sys [5376 2005-08-03] (Microsoft Corporation)
R3 armoucfltr; C:\WINDOWS\System32\DRIVERS\armoucfltr.sys [4992 2005-08-03] (Microsoft Corporation)
R3 ARPolicy; C:\WINDOWS\System32\DRIVERS\arpolicy.sys [10112 2005-08-03] (Microsoft Corporation)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-04-10] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-04-10] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-04-10] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [776976 2014-04-10] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [411552 2014-04-10] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-04-10] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180760 2014-04-10] ()
R0 bb-run; C:\WINDOWS\System32\DRIVERS\bb-run.sys [17408 2003-11-05] (Promise Technology, Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R0 fasttx2k; C:\WINDOWS\System32\DRIVERS\fasttx2k.sys [142336 2003-12-03] (Promise Technology, Inc.)
R0 ftsata2; C:\WINDOWS\System32\DRIVERS\ftsata2.sys [175616 2005-04-15] (Promise Technology, Inc.)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2006-12-06] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2006-12-06] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2006-12-06] (HP)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [74496 2005-03-04] (Realtek Semiconductor Corporation                           )
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-25] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2010-02-25] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [67656 2010-07-26] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [11616 2000-08-28] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 CFcatchme; \??\C:\ComboFix\CFcatchme.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S3 TDPIPE; No ImagePath

==================== NetSvcs (Whitelisted) ===================

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

2014-04-11 08:48 - 2014-04-11 08:48 - 01145856 _____ (Farbar) C:\Documents and Settings\Compaq_Administrator\Desktop\FRST.exe
2014-04-10 22:04 - 2014-04-10 22:04 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\Application Data\AVAST Software
2014-04-10 22:01 - 2014-04-10 22:01 - 00001741 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-04-10 22:01 - 2014-04-10 22:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2014-04-10 22:00 - 2014-04-11 07:03 - 00000392 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-04-10 22:00 - 2014-04-10 22:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Google
2014-04-10 21:58 - 2014-04-10 21:58 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-04-10 21:58 - 2014-04-10 21:58 - 00411552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2014-04-10 21:58 - 2014-04-10 21:58 - 00271264 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-04-10 21:58 - 2014-04-10 21:58 - 00180760 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-04-10 21:58 - 2014-04-10 21:58 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-04-10 21:58 - 2014-04-10 21:58 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-04-10 21:58 - 2014-04-10 21:58 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-04-10 21:58 - 2014-04-10 21:58 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-04-10 21:58 - 2014-04-10 21:58 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-04-10 21:57 - 2014-04-10 21:57 - 00000000 ____D () C:\Program Files\AVAST Software
2014-04-10 21:56 - 2014-04-10 21:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-04-10 21:53 - 2014-04-10 21:53 - 00097168 _____ () C:\Documents and Settings\All Users\Application Data\1397181151.bdinstall.bin
2014-04-10 21:53 - 2014-04-10 21:53 - 00000446 _____ () C:\WINDOWS\setupapi.log
2014-04-10 21:50 - 2014-04-10 21:50 - 00058044 _____ () C:\Documents and Settings\All Users\Application Data\1397180605.bdinstall.bin
2014-04-10 21:43 - 2014-04-10 21:43 - 00037461 _____ () C:\Documents and Settings\All Users\Application Data\1397180595.bdinstall.bin
2014-04-10 21:43 - 2014-04-10 21:43 - 00036265 _____ () C:\Documents and Settings\All Users\Application Data\1397180595.548.bin
2014-04-10 08:44 - 2014-04-10 09:41 - 00000000 ____D () C:\AdwCleaner
2014-04-10 08:43 - 2014-04-10 08:43 - 01426178 _____ () C:\Documents and Settings\Compaq_Administrator\Desktop\AdwCleaner.exe
2014-04-10 08:41 - 2014-04-10 08:41 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-04-09 19:36 - 2014-04-09 19:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-09 19:28 - 2014-04-09 19:36 - 00013280 _____ () C:\WINDOWS\iis6.log
2014-04-09 19:28 - 2014-04-09 19:36 - 00012317 _____ () C:\WINDOWS\FaxSetup.log
2014-04-09 19:28 - 2014-04-09 19:36 - 00005912 _____ () C:\WINDOWS\ocgen.log
2014-04-09 19:28 - 2014-04-09 19:36 - 00005642 _____ () C:\WINDOWS\tsoc.log
2014-04-09 19:28 - 2014-04-09 19:36 - 00004124 _____ () C:\WINDOWS\comsetup.log
2014-04-09 19:28 - 2014-04-09 19:36 - 00003742 _____ () C:\WINDOWS\msmqinst.log
2014-04-09 19:28 - 2014-04-09 19:36 - 00002496 _____ () C:\WINDOWS\ntdtcsetup.log
2014-04-09 19:28 - 2014-04-09 19:36 - 00002166 _____ () C:\WINDOWS\netfxocm.log
2014-04-09 19:28 - 2014-04-09 19:36 - 00001378 _____ () C:\WINDOWS\plusoc.log
2014-04-09 19:28 - 2014-04-09 19:36 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-04-09 19:28 - 2014-04-09 19:36 - 00000860 _____ () C:\WINDOWS\MedCtrOC.log
2014-04-09 19:28 - 2014-04-09 19:36 - 00000684 _____ () C:\WINDOWS\ocmsn.log
2014-04-09 19:28 - 2014-04-09 19:36 - 00000676 _____ () C:\WINDOWS\ehOCGen.log
2014-04-09 19:28 - 2014-04-09 19:36 - 00000622 _____ () C:\WINDOWS\tabletoc.log
2014-04-09 19:28 - 2014-04-09 19:36 - 00000618 _____ () C:\WINDOWS\msgsocm.log
2014-04-09 19:28 - 2014-04-09 19:28 - 00002723 _____ () C:\WINDOWS\updspapi.log
2014-04-09 19:28 - 2014-04-09 19:28 - 00001355 _____ () C:\WINDOWS\imsins.BAK
2014-04-09 19:28 - 2014-04-09 19:28 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-04-09 19:28 - 2014-04-09 19:28 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-04-09 19:25 - 2014-04-09 19:28 - 00012510 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-09 19:07 - 2014-04-09 19:36 - 00015496 _____ () C:\WINDOWS\KB2922229.log
2014-04-09 14:23 - 2014-04-09 14:23 - 00022790 _____ () C:\ComboFix.txt
2014-04-09 13:33 - 2014-04-09 13:33 - 05196025 ____R (Swearware) C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe
2014-04-09 12:42 - 2014-04-09 12:42 - 04139872 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Compaq_Administrator\Desktop\tdsskiller.exe
2014-04-08 23:23 - 2014-04-08 23:23 - 00002770 _____ () C:\Documents and Settings\Compaq_Administrator\Desktop\RKreport[0]_S_04082014_232341.txt
2014-04-08 23:20 - 2014-04-08 23:37 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\Desktop\RK_Quarantine
2014-04-08 23:16 - 2014-04-08 23:16 - 03972608 _____ () C:\Documents and Settings\Compaq_Administrator\Desktop\RogueKiller.exe
2014-04-08 22:21 - 2014-04-08 22:44 - 88551496 _____ (AVAST Software) C:\Documents and Settings\Compaq_Administrator\Desktop\avast_free_antivirus_setup.exe
2014-04-08 19:32 - 2014-04-11 08:50 - 00013643 _____ () C:\Documents and Settings\Compaq_Administrator\Desktop\FRST.txt
2014-04-08 19:32 - 2014-04-08 19:32 - 00031685 _____ () C:\Documents and Settings\Compaq_Administrator\Desktop\Addition.txt
2014-04-08 14:27 - 2014-04-11 08:49 - 00000000 ____D () C:\FRST
2014-04-07 21:39 - 2014-04-07 21:40 - 00697212 _____ () C:\Documents and Settings\Compaq_Administrator\My Documents\cc_20140407_213859.reg
2014-04-07 21:00 - 2014-04-07 21:00 - 00000690 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-04-07 21:00 - 2014-04-07 21:00 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-07 21:00 - 2014-04-07 21:00 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2014-04-07 20:51 - 2014-04-10 20:03 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-04-06 13:48 - 2014-04-10 21:50 - 00129152 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-04-06 13:27 - 2014-04-06 13:27 - 00000000 ____H () C:\WINDOWS\system32\Drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2014-04-06 13:27 - 2014-04-06 13:27 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-04-06 13:27 - 2008-11-07 18:55 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll
2014-04-06 13:26 - 2014-04-06 13:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWdf01009$
2014-04-06 13:26 - 2009-07-14 23:27 - 01461992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01009.dll
2014-04-06 13:23 - 2014-04-06 13:25 - 00027003 _____ () C:\Report 2014-04-06 13.23.33.txt
2014-04-06 13:23 - 2014-04-06 13:23 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\Application Data\QuickScan
2014-03-28 21:48 - 2014-03-28 21:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-22 14:13 - 2014-04-11 06:57 - 00000252 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-03-22 14:13 - 2014-04-08 18:10 - 00000246 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-21 22:43 - 2014-03-21 22:43 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-21 17:54 - 2014-02-25 21:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-03-21 17:54 - 2014-02-25 21:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2014-03-15 09:12 - 2014-03-15 09:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-15 09:12 - 2014-03-15 09:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$

==================== One Month Modified Files and Folders =======

2014-04-11 08:50 - 2014-04-08 19:32 - 00013643 _____ () C:\Documents and Settings\Compaq_Administrator\Desktop\FRST.txt
2014-04-11 08:49 - 2014-04-08 14:27 - 00000000 ____D () C:\FRST
2014-04-11 08:48 - 2014-04-11 08:48 - 01145856 _____ (Farbar) C:\Documents and Settings\Compaq_Administrator\Desktop\FRST.exe
2014-04-11 08:15 - 2006-03-12 16:52 - 00000000 ____D () C:\Program Files\QuickTime
2014-04-11 08:04 - 2012-11-25 12:37 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-11 07:58 - 2014-02-07 19:53 - 00000998 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2014-04-11 07:54 - 2012-04-14 15:08 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-04-11 07:54 - 2011-06-23 15:15 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-04-11 07:03 - 2014-04-10 22:00 - 00000392 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-04-11 06:57 - 2014-03-22 14:13 - 00000252 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-04-11 06:57 - 2012-11-25 12:37 - 00000910 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-11 06:57 - 2005-07-02 09:26 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-04-11 06:04 - 2005-07-02 09:36 - 00032432 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-11 04:22 - 2005-07-02 09:36 - 01992264 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-11 00:46 - 2005-07-14 13:12 - 00000000 ____D () C:\WINDOWS\Registration
2014-04-11 00:46 - 2005-07-02 09:36 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-11 00:46 - 2005-01-28 05:33 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-11 00:46 - 2005-01-28 05:33 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-04-10 22:17 - 2006-02-05 18:57 - 00000178 ___SH () C:\Documents and Settings\Compaq_Administrator\ntuser.ini
2014-04-10 22:16 - 2006-02-05 18:57 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator
2014-04-10 22:04 - 2014-04-10 22:04 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\Application Data\AVAST Software
2014-04-10 22:01 - 2014-04-10 22:01 - 00001741 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-04-10 22:01 - 2014-04-10 22:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2014-04-10 22:00 - 2014-04-10 22:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Google
2014-04-10 22:00 - 2005-11-11 17:41 - 00000000 ____D () C:\Program Files\Google
2014-04-10 21:58 - 2014-04-10 21:58 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-04-10 21:58 - 2014-04-10 21:58 - 00411552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2014-04-10 21:58 - 2014-04-10 21:58 - 00271264 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-04-10 21:58 - 2014-04-10 21:58 - 00180760 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-04-10 21:58 - 2014-04-10 21:58 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-04-10 21:58 - 2014-04-10 21:58 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-04-10 21:58 - 2014-04-10 21:58 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-04-10 21:58 - 2014-04-10 21:58 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-04-10 21:58 - 2014-04-10 21:58 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-04-10 21:57 - 2014-04-10 21:57 - 00000000 ____D () C:\Program Files\AVAST Software
2014-04-10 21:56 - 2014-04-10 21:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-04-10 21:53 - 2014-04-10 21:53 - 00097168 _____ () C:\Documents and Settings\All Users\Application Data\1397181151.bdinstall.bin
2014-04-10 21:53 - 2014-04-10 21:53 - 00000446 _____ () C:\WINDOWS\setupapi.log
2014-04-10 21:50 - 2014-04-10 21:50 - 00058044 _____ () C:\Documents and Settings\All Users\Application Data\1397180605.bdinstall.bin
2014-04-10 21:50 - 2014-04-06 13:48 - 00129152 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-04-10 21:43 - 2014-04-10 21:43 - 00037461 _____ () C:\Documents and Settings\All Users\Application Data\1397180595.bdinstall.bin
2014-04-10 21:43 - 2014-04-10 21:43 - 00036265 _____ () C:\Documents and Settings\All Users\Application Data\1397180595.548.bin
2014-04-10 20:03 - 2014-04-07 20:51 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-04-10 10:20 - 2008-04-09 18:12 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB948881$
2014-04-10 09:41 - 2014-04-10 08:44 - 00000000 ____D () C:\AdwCleaner
2014-04-10 08:43 - 2014-04-10 08:43 - 01426178 _____ () C:\Documents and Settings\Compaq_Administrator\Desktop\AdwCleaner.exe
2014-04-10 08:41 - 2014-04-10 08:41 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-04-09 20:13 - 2007-04-21 08:24 - 00002489 _____ () C:\Documents and Settings\Compaq_Administrator\Desktop\p;.'.lnk
2014-04-09 19:36 - 2014-04-09 19:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-09 19:36 - 2014-04-09 19:28 - 00013280 _____ () C:\WINDOWS\iis6.log
2014-04-09 19:36 - 2014-04-09 19:28 - 00012317 _____ () C:\WINDOWS\FaxSetup.log
2014-04-09 19:36 - 2014-04-09 19:28 - 00005912 _____ () C:\WINDOWS\ocgen.log
2014-04-09 19:36 - 2014-04-09 19:28 - 00005642 _____ () C:\WINDOWS\tsoc.log
2014-04-09 19:36 - 2014-04-09 19:28 - 00004124 _____ () C:\WINDOWS\comsetup.log
2014-04-09 19:36 - 2014-04-09 19:28 - 00003742 _____ () C:\WINDOWS\msmqinst.log
2014-04-09 19:36 - 2014-04-09 19:28 - 00002496 _____ () C:\WINDOWS\ntdtcsetup.log
2014-04-09 19:36 - 2014-04-09 19:28 - 00002166 _____ () C:\WINDOWS\netfxocm.log
2014-04-09 19:36 - 2014-04-09 19:28 - 00001378 _____ () C:\WINDOWS\plusoc.log
2014-04-09 19:36 - 2014-04-09 19:28 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-04-09 19:36 - 2014-04-09 19:28 - 00000860 _____ () C:\WINDOWS\MedCtrOC.log
2014-04-09 19:36 - 2014-04-09 19:28 - 00000684 _____ () C:\WINDOWS\ocmsn.log
2014-04-09 19:36 - 2014-04-09 19:28 - 00000676 _____ () C:\WINDOWS\ehOCGen.log
2014-04-09 19:36 - 2014-04-09 19:28 - 00000622 _____ () C:\WINDOWS\tabletoc.log
2014-04-09 19:36 - 2014-04-09 19:28 - 00000618 _____ () C:\WINDOWS\msgsocm.log
2014-04-09 19:36 - 2014-04-09 19:07 - 00015496 _____ () C:\WINDOWS\KB2922229.log
2014-04-09 19:35 - 2013-08-11 10:35 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-09 19:29 - 2006-04-16 18:09 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-04-09 19:28 - 2014-04-09 19:28 - 00002723 _____ () C:\WINDOWS\updspapi.log
2014-04-09 19:28 - 2014-04-09 19:28 - 00001355 _____ () C:\WINDOWS\imsins.BAK
2014-04-09 19:28 - 2014-04-09 19:28 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-04-09 19:28 - 2014-04-09 19:28 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-04-09 19:28 - 2014-04-09 19:25 - 00012510 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-09 19:03 - 2005-11-11 16:46 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-04-09 14:23 - 2014-04-09 14:23 - 00022790 _____ () C:\ComboFix.txt
2014-04-09 14:23 - 2011-06-08 23:32 - 00000000 ____D () C:\Qoobox
2014-04-09 14:15 - 2005-01-28 05:30 - 00000262 _____ () C:\WINDOWS\system.ini
2014-04-09 14:06 - 2005-07-02 09:36 - 44564480 _____ () C:\WINDOWS\system32\config\software.bak
2014-04-09 14:06 - 2005-07-02 09:36 - 07340032 _____ () C:\WINDOWS\system32\config\system.bak
2014-04-09 14:06 - 2005-07-02 09:36 - 03932160 _____ () C:\WINDOWS\system32\config\default.bak
2014-04-09 14:06 - 2005-07-02 09:36 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2014-04-09 14:06 - 2005-07-02 09:36 - 00028672 _____ () C:\WINDOWS\system32\config\SAM.bak
2014-04-09 14:05 - 2010-02-21 17:22 - 00008192 _____ () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-04-09 14:05 - 2010-02-10 19:21 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-04-09 13:33 - 2014-04-09 13:33 - 05196025 ____R (Swearware) C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe
2014-04-09 12:42 - 2014-04-09 12:42 - 04139872 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Compaq_Administrator\Desktop\tdsskiller.exe
2014-04-08 23:37 - 2014-04-08 23:20 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\Desktop\RK_Quarantine
2014-04-08 23:23 - 2014-04-08 23:23 - 00002770 _____ () C:\Documents and Settings\Compaq_Administrator\Desktop\RKreport[0]_S_04082014_232341.txt
2014-04-08 23:16 - 2014-04-08 23:16 - 03972608 _____ () C:\Documents and Settings\Compaq_Administrator\Desktop\RogueKiller.exe
2014-04-08 22:44 - 2014-04-08 22:21 - 88551496 _____ (AVAST Software) C:\Documents and Settings\Compaq_Administrator\Desktop\avast_free_antivirus_setup.exe
2014-04-08 22:17 - 2005-07-01 19:51 - 00000325 __RSH () C:\boot.ini
2014-04-08 22:17 - 2005-01-28 13:41 - 00000665 _____ () C:\WINDOWS\win.ini
2014-04-08 20:08 - 2013-07-31 02:16 - 00001821 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-04-08 19:32 - 2014-04-08 19:32 - 00031685 _____ () C:\Documents and Settings\Compaq_Administrator\Desktop\Addition.txt
2014-04-08 18:10 - 2014-03-22 14:13 - 00000246 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-04-07 21:55 - 2005-07-14 12:49 - 00000000 ____D () C:\Program Files\MSN
2014-04-07 21:40 - 2014-04-07 21:39 - 00697212 _____ () C:\Documents and Settings\Compaq_Administrator\My Documents\cc_20140407_213859.reg
2014-04-07 21:30 - 2006-08-11 22:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-04-07 21:22 - 2011-12-18 18:24 - 00000000 ____D () C:\WINDOWS\Minidump
2014-04-07 21:21 - 2014-03-02 12:18 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Control Center for KODAK Webcams
2014-04-07 21:00 - 2014-04-07 21:00 - 00000690 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-04-07 21:00 - 2014-04-07 21:00 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-07 21:00 - 2014-04-07 21:00 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2014-04-06 21:02 - 2011-08-09 13:57 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2536276-v2$
2014-04-06 18:58 - 2014-02-07 19:53 - 00000946 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2014-04-06 18:49 - 2006-02-05 18:57 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google
2014-04-06 13:27 - 2014-04-06 13:27 - 00000000 ____H () C:\WINDOWS\system32\Drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2014-04-06 13:27 - 2014-04-06 13:27 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-04-06 13:26 - 2014-04-06 13:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWdf01009$
2014-04-06 13:25 - 2014-04-06 13:23 - 00027003 _____ () C:\Report 2014-04-06 13.23.33.txt
2014-04-06 13:23 - 2014-04-06 13:23 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\Application Data\QuickScan
2014-04-06 13:16 - 2006-08-11 23:08 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\Application Data\Lavasoft
2014-04-06 13:13 - 2012-05-28 18:38 - 00001945 _____ () C:\WINDOWS\epplauncher.mif
2014-04-06 13:11 - 2005-11-11 17:23 - 00000000 ____D () C:\Program Files\Adobe
2014-04-04 17:58 - 2008-05-11 08:22 - 04498596 _____ () C:\debug.log
2014-03-31 18:33 - 2012-11-03 07:38 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-30 22:33 - 2014-03-02 13:07 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\Application Data\Skype
2014-03-30 13:25 - 2014-03-02 13:05 - 00002265 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk
2014-03-28 21:49 - 2014-03-28 21:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-21 22:43 - 2014-03-21 22:43 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-15 09:17 - 2005-07-02 09:34 - 00216856 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-15 09:12 - 2014-03-15 09:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-15 09:12 - 2014-03-15 09:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-15 09:07 - 2010-06-03 08:57 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 20:22 - 2010-10-08 23:29 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2014-03-12 06:48 - 2009-03-21 10:06 - 00993280 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kernel32.dll
2014-03-12 06:48 - 2004-08-10 08:00 - 00993280 ____N (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll

Some content of TEMP:
====================
C:\Documents and Settings\Compaq_Administrator\Local Settings\temp\System.Data.SQLite.dll


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Share this post


Link to post
Share on other sites

1: Use your CCleaner and clean out temp files

2: Download the attached fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.


3: Reset FireFox:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems

Let me know...MrC

Share this post


Link to post
Share on other sites

ok, thanks.  After I let Avast do the scan before windows opened and found all those things from my last post I tried the browser and it seemed ok. 

I have done all the things from your last post just in case.  Here is the Farbar log:

 

Thanks, MrC!

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014  01
Ran by Compaq_Administrator at 2014-04-11 14:01:39 Run:1
Running from C:\Documents and Settings\Compaq_Administrator\Desktop\frst
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
AlternateDataStreams: C:\Documents and Settings\Compaq_Administrator\Desktop\AdwCleaner.exe:BDU
AlternateDataStreams: C:\Documents and Settings\Compaq_Administrator\Desktop\avast_free_antivirus_setup.exe:BDU
AlternateDataStreams: C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe:BDU
AlternateDataStreams: C:\Documents and Settings\Compaq_Administrator\Desktop\RogueKiller.exe:BDU
AlternateDataStreams: C:\Documents and Settings\Compaq_Administrator\Desktop\tdsskiller.exe:BDU
HKU\.DEFAULT\...\RunOnce: [RunNarrator] - C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation)
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
*****************

C:\Documents and Settings\Compaq_Administrator\Desktop\AdwCleaner.exe => ":BDU" ADS removed successfully.
C:\Documents and Settings\Compaq_Administrator\Desktop\avast_free_antivirus_setup.exe => ":BDU" ADS removed successfully.
"C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe" => ":BDU" ADS not found.
C:\Documents and Settings\Compaq_Administrator\Desktop\RogueKiller.exe => ":BDU" ADS removed successfully.
C:\Documents and Settings\Compaq_Administrator\Desktop\tdsskiller.exe => ":BDU" ADS removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\RunNarrator => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} => Value deleted successfully.
HKCR\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} => Key not found.

==== End of Fixlog ====

Share this post


Link to post
Share on other sites

Great........if there's no other problems:

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC

Share this post


Link to post
Share on other sites

ok here it is, thanks.....

 

 Results of screen317's Security Check version 0.99.81  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Please wait while WMIC compiles updated MOF files.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
a
v
a
s
t
!
ECHO is off.
A
n
t
i
v
i
r
u
s
ECHO is off.
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 4.4    
 Spybot - Search & Destroy
 SUPERAntiSpyware Free Edition   
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Java 7 Update 51  
 Adobe Flash Player     12.0.0.77  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox (28.0)
 Google Chrome 33.0.1750.154  
 Google Chrome 34.0.1847.116  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 6%
````````````````````End of Log``````````````````````

Share this post


Link to post
Share on other sites

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Adobe Flash Player 12.0.0.77 <---this is out of date
Flash Player:
Check for an update if available
Downloads are at the top of the page. (don't install the McAfee toolbar)

--------------------------------

Adobe Reader 10.1.9 Adobe Reader out of Date!
<---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

bwebb7v.jpgDownload Delfix from here and save it to your desktop.

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.

Any other programs or logs you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-------------------------------

Any questions...please post back.
If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (My Preventive Maintenance also found HERE)

Good Luck and Thanks for using the forum, MrC

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.