Hello, emails I send (using Sylpheed) are often returned marked "too much spam", and show an IP address that's not mine.
A friend said this bad IP address is a honey pot (?), so I must have some bad virus.
But I do have BitDefender, which says I got no virus... Could someone help me look into this?

Thank you,
Bernard

:snwelcome:

Bernard, please read this and then provide the necessary DDS and aswMBR logs as requested on page 2

http://forums.spybot.info/showthread.php?288-quot-BEFORE-You-POST-quot-(Please-read-this-Procedure-Before-Requesting-Assistance)

Hi Ken, thank you for your reply, see attached

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.51.2
Run by Compaq_Administrator at 14:37:31 on 2014-05-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3006.1952 [GMT -7:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Emerge Desktop\emergeCore.exe
C:\Program Files\Emerge Desktop\Explorer.exe
C:\Program Files\Emerge Desktop\emergeTasks.exe
C:\Program Files\Emerge Desktop\emergeTray.exe
C:\Program Files\Emerge Desktop\emergeCommand.exe
C:\Program Files\Emerge Desktop\emergeHotkeys.exe
C:\Program Files\Emerge Desktop\emergeSysMon.exe
C:\Program Files\Emerge Desktop\emergeWorkspace.exe
C:\Program Files\DateInTray\DateInTray.exe
C:\Documents and Settings\Compaq_Administrator\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
c:\windows\explorer.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files\XYplorer\XYplorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
uWinlogon: Shell = c:\program files\emerge desktop\emergeCore.exe
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - c:\program files\bitdefender\bitdefender\pmbxie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll
BHO: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - c:\program files\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
uRun: [Google Update] "c:\documents and settings\compaq_administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Bitdefender Wallet Agent] "c:\program files\bitdefender\bitdefender\pmbxag.exe"
uRun: [Bitdefender Wallet] "c:\program files\bitdefender\bitdefender\pwdmanui.exe" --hidden --nowizard
uRun: [Bitdefender Wallet Application Agent] "c:\program files\bitdefender\bitdefender\bdapppassmgr.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [ALCMTR] ALCMTR.EXE
mRun: [Bdagent] "c:\program files\bitdefender\bitdefender\bdagent.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [Bitdefender Wallet Agent] "c:\program files\bitdefender\bitdefender\pmbxag.exe"
dRun: [Bitdefender Wallet] "c:\program files\bitdefender\bitdefender\pwdmanui.exe" --hidden --nowizard
dRun: [Bitdefender Wallet Application Agent] "c:\program files\bitdefender\bitdefender\bdapppassmgr.exe"
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\utilit~1\startup\dropbox.lnk - c:\documents and settings\compaq_administrator\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\datein~1.lnk - c:\program files\dateintray\DateInTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Download all with Free Download Manager - c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {F281A59C-7B65-11D3-8617-0010830243BD} - file:///C:/Program%20Files/AutoCAD%202002/AcPreview.ocx
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3E7D76E8-E9ED-4F7F-A377-7B47756D6079} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DHCPNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\ly84cev5.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL -
FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll
FF - plugin: c:\documents and settings\compaq_administrator\local settings\application data\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
FF - ExtSQL: !HIDDEN! 2009-09-01 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2013-10-20 778032]
R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [2013-10-20 165744]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\bitdefender\bitdefender\updatesrv.exe [2013-10-20 54424]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2013-10-20 242504]
R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2013-10-20 516936]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf.sys [2013-10-20 116560]
R3 NmPar;PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [2008-12-24 80256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2013-10-20 66832]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2011-10-18 78136]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2010-1-25 2077840]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\bitdefender\bitdefender\bdparentalservice.exe [2013-10-20 69880]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\Notepad2.exe="c:\program files\notepad2\Notepad2.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2014-05-02 18:25:41 -------- d-----w- c:\documents and settings\all users\GlarySoft
.
==================== Find3M ====================
.
2014-03-06 17:59:23 920064 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 17:59:22 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-03-06 17:59:22 18944 ----a-w- c:\windows\system32\corpol.dll
2014-03-06 17:59:22 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-03-06 00:46:54 385024 ----a-w- c:\windows\system32\html.iec
2014-02-26 01:59:05 13312 ------w- c:\windows\system32\xp_eos.exe
2014-02-07 02:01:37 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55:04 562688 ----a-w- c:\windows\system32\qedit.dll
2014-02-02 17:50:19 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-02-02 17:50:17 145408 ----a-w- c:\windows\system32\javacpl.cpl
.
============= FINISH: 14:38:17.05 ===============




aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-05-02 14:40:24
-----------------------------
14:40:24.695 OS Version: Windows 5.1.2600 Service Pack 3
14:40:24.695 Number of processors: 1 586 0x3702
14:40:24.695 ComputerName: COMPAQ UserName:
14:40:46.758 Initialize success
14:43:42.650 AVAST engine defs: 14050201
14:44:02.712 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
14:44:02.712 Disk 0 Vendor: ST3250824AS 3.AHH Size: 238475MB BusType: 3
14:44:02.916 Disk 0 MBR read successfully
14:44:02.916 Disk 0 MBR scan
14:44:02.962 Disk 0 unknown MBR code
14:44:02.962 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 229686 MB offset 63
14:44:02.994 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 8778 MB offset 470413440
14:44:03.087 Disk 0 scanning sectors +488391120
14:44:03.150 Disk 0 scanning C:\WINDOWS\system32\drivers
14:44:18.150 Service scanning
14:44:20.634 Service Bdfndisf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys **LOCKED** 5
14:44:20.666 Service bdftdif C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys **LOCKED** 5
14:44:21.525 Service bdselfpr C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys **LOCKED** 5
14:44:40.213 Modules scanning
14:44:47.260 Disk 0 trace - called modules:
14:44:47.275 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
14:44:47.275 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aeb3ab8]
14:44:47.275 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000072[0x8ae5ae98]
14:44:47.291 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8ae21d98]
14:44:47.853 AVAST engine scan C:\WINDOWS
14:44:53.635 AVAST engine scan C:\WINDOWS\system32
14:48:34.120 AVAST engine scan C:\WINDOWS\system32\drivers
14:48:56.417 AVAST engine scan C:\Documents and Settings\Compaq_Administrator
15:02:01.969 AVAST engine scan C:\Documents and Settings\All Users
15:04:33.595 Scan finished successfully
15:05:00.814 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Compaq_Administrator\Desktop\MBR.dat"
15:05:00.814 The log file has been saved successfully to "C:\Documents and Settings\Compaq_Administrator\Desktop\aswMBR.txt"

Hi,

Thanks for the logs. What you want to do first is open your email client (Sylpheed) and change your password


http://i.imgur.com/GUZVCQN.jpg Please download Malwarebytes Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.



Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
Once installed, Malwarebytes will ask if you want to Launch Now. Please select to do so and then Malwarebytes will open and update on its own. Please allow this to complete.
If an update is found, it will download and install the latest version.
Let's be sure to run a Hyper Scan. Press the Scan tab and then select Hyper Scan.
Press Scan Now then Skip Update (since we just updated it)

http://www.bleepstatic.com/fhost/uploads/2/mbam2.0.1.jpg



When the scan is complete, click View Detailed Log, then Export to save the log to your Desktop (name the log MBAM Scan).
Copy and Paste all of the information in that file to your next reply.

Good morning Ken, I changed the pw and ran MB but Hyper Scan wasn't available so I ran Threat Scan. Is this ok? Log is below.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/3/2014
Scan Time: 8:54:40 AM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.03.05
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Compaq_Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 303025
Time Elapsed: 24 min, 31 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.Softonic.A, HKU\S-1-5-21-2113079054-1990414353-941291794-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, , [a25f59f44d2e3ef8757e8ded57abc838],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.Babylon.A, C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ly84cev5.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.prtkDS", 0);), ,[6b9659f4f883a690bd21bea627ddb64a]
PUP.Optional.Babylon.A, C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ly84cev5.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.prtkHmpg", 0);), ,[13eee26b2c4fcc6a6e70a5bf4bb94ab6]

Physical Sectors: 0
(No malicious items detected)


(end)

Thats fine Bernard, we are right in the middle of a new version of Malwarebytes and the instructions I gave you where for the new one, no problem. It looked like Malwarebytes removed a bogus toolbar, there may be more


-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.




Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Hi, all done, AdwCleaner[S0].txt below

# AdwCleaner v3.205 - Report created 03/05/2014 at 09:56:28
# Updated 28/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Compaq_Administrator - COMPAQ
# Running from : C:\Documents and Settings\Compaq_Administrator\My Documents\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\WINDOWS\system32\AI_RecycleBin
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Download keeepier
Folder Deleted : C:\Documents and Settings\Compaq_Administrator\Application Data\searchresultstb
Folder Deleted : C:\Documents and Settings\Compaq_Administrator\Application Data\Uniblue
Folder Deleted : C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ly84cev5.default\Extensions\slen.eoi@hwxfazactd.co.uk

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_e77c81ae
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\OpenCandy
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\Uniblue

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\adsjt6oj.default\prefs.js ]


[ File : C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ly84cev5.default\prefs.js ]

Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("extensions.FuqyHp8H.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if (window.self.location.protocol.indexOf('hxxp') > -1 && window.self == window[...]
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v

[ File : C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [4513 octets] - [03/05/2014 09:55:27]
AdwCleaner[S0].txt - [4412 octets] - [03/05/2014 09:56:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4472 octets] ##########

Great, lets run this quick scan to check for leftovers

OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

OTL Extras logfile created on: 5/3/2014 11:50:21 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Compaq_Administrator\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 74.53% Memory free
4.78 Gb Paging File | 4.21 Gb Available in Paging File | 88.05% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.30 Gb Total Space | 168.61 Gb Free Space | 75.17% Space Free | Partition Type: NTFS
Drive D: | 8.56 Gb Total Space | 0.60 Gb Free Space | 7.03% Space Free | Partition Type: FAT32
Drive L: | 465.76 Gb Total Space | 10.12 Gb Free Space | 2.17% Space Free | Partition Type: NTFS

Computer Name: COMPAQ | User Name: Compaq_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-2113079054-1990414353-941291794-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections -- (Hewlett-Packard)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections -- (Hewlett-Packard)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Adobe\Adobe Contribute CS4\Contribute.exe" = C:\Program Files\Adobe\Adobe Contribute CS4\Contribute.exe:*:Enabled:Contribute CS4 -- (Adobe Systems, Inc.)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
"C:\Documents and Settings\Compaq_Administrator\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Compaq_Administrator\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk
"C:\Program Files\TYPO3_4.3.3\Apache\bin\Apache.exe" = C:\Program Files\TYPO3_4.3.3\Apache\bin\Apache.exe:*:Enabled:Apache HTTP Server
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\PANDORA.TV\PanService\PanProcess.exe" = C:\Program Files\PANDORA.TV\PanService\PanProcess.exe:*:Enabled:PanProcess
"C:\Program Files\PANDORA.TV\PanService\PandoraService.exe" = C:\Program Files\PANDORA.TV\PanService\PandoraService.exe:*:Enabled:PandoraService


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{412033BC-44CF-48D9-B813-4B835101F4D3}" = Adobe Illustrator 10
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EC8B911-98AB-4819-B5EE-D32E8A0A8AAA}_is1" = DVDx 2
"{4F77F6EE-2C99-49F7-940A-2E9C208C3BE1}" = Paint.NET v3.5.2
"{50063EEB-8CD5-4AA4-AA13-30699DD92629}" = Adobe Setup
"{5783F2D7-0101-0409-0000-0060B0CE6BBA}" = AutoCAD 2002
"{5BB770DE-19FF-4D71-A0E0-1F21E1847512}" = Adobe PDistiller
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83227C6D-EE12-44F2-9C50-BCB454F18C2C}" = Adobe Update Manager CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{867D3E0B-B774-4BB6-B439-675E62C6386A}_is1" = WMV Converter 3.2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A97D672-6C93-4DFA-B527-DE005A761495}" = Video Stream Driver for Panasonic DVC
"{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe 1.4.105.1
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A7BF5269-3E74-11D5-B00F-00104B398D77}" = QuarkXPress 5.0
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{BA165460-FCF7-4D6C-A7A2-F2321700720F}" = MobileMe Control Panel
"{BA4DA261-CB60-4690-B202-44998DFC6986}" = Microsoft SQL Server 2008 Setup Support Files
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C78083CB-9E9B-43C8-BAAB-DB5042D6B4F9}" = EKTS
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{e7394a0f-3f80-45b1-87fc-abcd51893246}" = Python 2.6.4
"{EAFEF30E-3789-49C7-A6D9-77C12E005BAC}" = Safari
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F99520C7-7EE6-472E-8DD8-E60003A9292F}" = WOT for Internet Explorer
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_4c96cd7621076512aaef5e76536b4ef" = Adobe Contribute CS4
"After Effects 4.1" = Adobe After Effects 4.1
"AnswerWorks" = AnswerWorks Runtime
"AviSynth" = AviSynth 2.5
"AwayMode160" = Microsoft Away Mode
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Bitdefender" = Bitdefender Internet Security
"Blender" = Blender (remove only)
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DateInTray" = DateInTray 1.5
"Defraggler" = Defraggler
"Emerge Desktop" = Emerge Desktop, replacement shell (remove only)
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Free Download Manager_is1" = Free Download Manager 3.0
"Free iPod Video Converter_is1" = Free iPod Video Converter 1.34
"Glary Utilities 4" = Glary Utilities 4.4
"Handbrake" = HandBrake 0.9.8
"HD Tune_is1" = HD Tune 2.55
"HijackThis" = HijackThis 2.0.2
"hp LaserJet 2300 Uninstaller" = hp LaserJet 2300 Uninstaller
"HPOOVClient-5577497 Uninstaller" = Compaq Connections (remove only)
"IcoFX_is1" = IcoFX 1.6.4
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InFlac" = InFlac 1.1.1
"Inkscape" = Inkscape 0.46
"InstallShield_{9A97D672-6C93-4DFA-B527-DE005A761495}" = Video Stream Driver for Panasonic DVC
"IrfanView" = IrfanView (remove only)
"KeePass Password Safe_is1" = KeePass Password Safe 1.18
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"Rainbow Sentinel Driver" = Sentinel System Driver
"RAR Repair Tool_is1" = RAR Repair Tool v.4.0.1
"ScreenshotCaptor_is1" = Screenshot Captor 2.78.01
"Serious Samurize" = Serious Samurize
"Startup_Manager_is1" = Startup Manager 2.4.2
"Sylpheed" = Sylpheed 3.4.1
"Synchronize It!_is1" = Synchronize It!
"TagJet" = TagJet 2.1
"The KMPlayer" = The KMPlayer (remove only)
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 2.0.5
"VobSub" = VobSub v2.23 (Remove Only)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp
"WinDjView" = WinDjView 1.0.3
"WindLGC V6.1" = WindLGC V6.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"XYplorer" = XYplorer 12.30

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2113079054-1990414353-941291794-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/7/2013 11:50:38 AM | Computer Name = COMPAQ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 10/10/2013 10:45:59 AM | Computer Name = COMPAQ | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 11/11/2013 6:45:52 PM | Computer Name = COMPAQ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 12/23/2013 8:18:17 PM | Computer Name = COMPAQ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 12/24/2013 1:41:52 PM | Computer Name = COMPAQ | Source = Application Error | ID = 1000
Description = Faulting application sylpheed.exe, version 3.2.0.1137, faulting module
libsylpheed-plugin-0-1.dll, version 0.0.0.0, fault address 0x00001d53.

Error - 2/2/2014 1:30:12 PM | Computer Name = COMPAQ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 2/13/2014 1:20:10 PM | Computer Name = COMPAQ | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 3/16/2014 7:04:10 PM | Computer Name = COMPAQ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 3/30/2014 4:57:48 PM | Computer Name = COMPAQ | Source = Application Error | ID = 1000
Description = Faulting application emergecore.exe, version 6.2.0.1338, faulting
module msvcrt.dll, version 7.0.2600.5512, fault address 0x00036fa3.

Error - 4/3/2014 1:45:31 PM | Computer Name = COMPAQ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

[ System Events ]
Error - 5/2/2014 11:24:56 AM | Computer Name = COMPAQ | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 5/2/2014 11:24:56 AM | Computer Name = COMPAQ | Source = Service Control Manager | ID = 7001
Description = The Sentinel service depends on the Parallel port driver service which
failed to start because of the following error: %%1058

Error - 5/2/2014 11:24:56 AM | Computer Name = COMPAQ | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 5/3/2014 9:51:35 AM | Computer Name = COMPAQ | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 5/3/2014 9:51:35 AM | Computer Name = COMPAQ | Source = Service Control Manager | ID = 7001
Description = The Sentinel service depends on the Parallel port driver service which
failed to start because of the following error: %%1058

Error - 5/3/2014 9:51:35 AM | Computer Name = COMPAQ | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 5/3/2014 10:09:26 AM | Computer Name = COMPAQ | Source = DCOM | ID = 10010
Description = The server {601AC3DC-786A-4EB0-BF40-EE3521E70BFB} did not register
with DCOM within the required timeout.

Error - 5/3/2014 1:00:01 PM | Computer Name = COMPAQ | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 5/3/2014 1:00:01 PM | Computer Name = COMPAQ | Source = Service Control Manager | ID = 7001
Description = The Sentinel service depends on the Parallel port driver service which
failed to start because of the following error: %%1058

Error - 5/3/2014 1:00:03 PM | Computer Name = COMPAQ | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2


< End of report >

OTL logfile created on: 5/3/2014 11:50:21 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Compaq_Administrator\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 74.53% Memory free
4.78 Gb Paging File | 4.21 Gb Available in Paging File | 88.05% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.30 Gb Total Space | 168.61 Gb Free Space | 75.17% Space Free | Partition Type: NTFS
Drive D: | 8.56 Gb Total Space | 0.60 Gb Free Space | 7.03% Space Free | Partition Type: FAT32
Drive L: | 465.76 Gb Total Space | 10.12 Gb Free Space | 2.17% Space Free | Partition Type: NTFS

Computer Name: COMPAQ | User Name: Compaq_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Compaq_Administrator\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe (Bitdefender)
PRC - C:\Program Files\Bitdefender\Bitdefender\bdagent.exe (Bitdefender)
PRC - C:\Program Files\Bitdefender\Bitdefender\vsserv.exe (Bitdefender)
PRC - C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe (Bitdefender)
PRC - C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe (Bitdefender)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Documents and Settings\Compaq_Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Emerge Desktop\emergeTray.exe (The Emerge Desktop Development Team)
PRC - C:\Program Files\Emerge Desktop\emergeSysMon.exe (The Emerge Desktop Development Team)
PRC - C:\Program Files\Emerge Desktop\Explorer.exe (The Emerge Desktop Development Team)
PRC - C:\Program Files\Emerge Desktop\emergeCore.exe (The Emerge Desktop Development Team)
PRC - C:\Program Files\Emerge Desktop\emergeCommand.exe (The Emerge Desktop Development Team)
PRC - C:\Program Files\Emerge Desktop\emergeWorkspace.exe (The Emerge Desktop Development Team)
PRC - C:\Program Files\Emerge Desktop\emergeTasks.exe (The Emerge Desktop Development Team)
PRC - C:\Program Files\Emerge Desktop\emergeHotkeys.exe (The Emerge Desktop Development Team)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Oracle Corporation)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\DateInTray\DateInTray.exe (CrispyBytes Development)
PRC - C:\WINDOWS\arpwrmsg.exe (Microsoft)
PRC - C:\WINDOWS\arservice.exe (Microsoft)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Bitdefender\Bitdefender\ui\accessl.ui ()
MOD - C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll ()
MOD - C:\Program Files\Bitdefender\Bitdefender\ui\imsecurityal.ui ()
MOD - C:\Program Files\Bitdefender\Bitdefender\otengines_00030_011\ashttpph.mdl ()
MOD - C:\Program Files\Bitdefender\Bitdefender\otengines_00030_011\ashttprbl.mdl ()
MOD - C:\Program Files\Bitdefender\Bitdefender\otengines_00030_011\ashttpbr.mdl ()
MOD - C:\Program Files\Bitdefender\Bitdefender\otengines_00030_011\ashttpdsp.mdl ()
MOD - C:\Documents and Settings\Compaq_Administrator\Application Data\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Documents and Settings\Compaq_Administrator\Application Data\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files\Bitdefender\Bitdefender\bdmetrics.dll ()
MOD - C:\Program Files\Emerge Desktop\libstdc++-6.dll ()
MOD - C:\Program Files\Emerge Desktop\libgcc_s_sjlj-1.dll ()
MOD - \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\Bitdefender\Bitdefender\bdfwcore.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\cpwmon2k.dll ()
MOD - C:\WINDOWS\armcex.dll ()
MOD - C:\WINDOWS\system32\HPBHealr.dll ()


========== Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (BdDesktopParental) -- C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe (Bitdefender)
SRV - (VSSERV) -- C:\Program Files\Bitdefender\Bitdefender\vsserv.exe (Bitdefender)
SRV - (UPDATESRV) -- C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe (Bitdefender)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (ARSVC) -- C:\WINDOWS\arservice.exe (Microsoft)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (ftsata2) -- system32\DRIVERS\ftsata2.sys File not found
DRV - (Changer) -- File not found
DRV - (avc3) -- C:\WINDOWS\system32\drivers\avc3.sys (BitDefender)
DRV - (avckf) -- C:\WINDOWS\system32\drivers\avckf.sys (BitDefender)
DRV - (BDSandBox) -- C:\WINDOWS\system32\drivers\bdsandbox.sys (BitDefender SRL)
DRV - (gzflt) -- C:\WINDOWS\system32\drivers\gzflt.sys (BitDefender LLC)
DRV - (trufos) -- C:\WINDOWS\system32\drivers\trufos.sys (BitDefender S.R.L.)
DRV - (bdselfpr) -- C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys (BitDefender LLC)
DRV - (Bdfndisf) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys (BitDefender LLC)
DRV - (avchv) -- C:\WINDOWS\system32\drivers\avchv.sys (BitDefender)
DRV - (bdftdif) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys (BitDefender LLC)
DRV - (dg_ssudbus) -- C:\WINDOWS\system32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (truecrypt) -- C:\WINDOWS\system32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (VX6000) -- C:\WINDOWS\system32\drivers\VX6000Xp.sys (Microsoft Corporation
)
DRV - (NmPar) -- C:\WINDOWS\system32\drivers\NmPar.sys (Windows (R) 2000 DDK provider)
DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (HSXHWBS2) -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSX_DP) -- C:\WINDOWS\system32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (Sentinel) -- C:\WINDOWS\system32\drivers\SENTINEL.SYS ()
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (BCMModem) -- C:\WINDOWS\system32\drivers\BCMDM.sys (BCM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2113079054-1990414353-941291794-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2113079054-1990414353-941291794-1007\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2113079054-1990414353-941291794-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2113079054-1990414353-941291794-1007\..\SearchScopes\{0D1636B4-1D89-47C3-9C69-76BB7B15EAEC}: "URL" = http://www.bing.com/search?q={searchTerms}&mkt={Language}&FORM=IE8SRC
IE - HKU\S-1-5-21-2113079054-1990414353-941291794-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2113079054-1990414353-941291794-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Wikipedia (en)"
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.7.3
FF - prefs.js..extensions.enabledAddons: %7B59c81df5-4b7a-477b-912d-4e0fdf64e5f2%7D:0.9.90.1
FF - prefs.js..extensions.enabledAddons: ffpwdman%40bitdefender.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: ""
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ffpwdman@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender\ffpwdman\ [2013/10/04 12:57:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/04/27 18:04:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender\bdtbext [2013/10/04 12:52:46 | 000,000,000 | ---D | M]

[2010/08/03 09:48:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Extensions
[2010/08/03 09:48:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2014/05/03 09:56:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ly84cev5.default\extensions
[2010/04/26 16:54:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ly84cev5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/08/22 09:55:40 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ly84cev5.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2011/01/14 13:51:02 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ly84cev5.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}(2)
[2012/12/31 21:10:27 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ly84cev5.default\extensions\fdm_ffext@freedownloadmanager.org
[2014/01/13 20:11:04 | 000,348,260 | ---- | M] () (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ly84cev5.default\extensions\personas@christopher.beard.xpi
[2014/04/27 18:04:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/04/27 18:04:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2014/04/27 18:04:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2014/04/27 18:04:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/04/27 18:04:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/10/04 12:57:59 | 000,000,000 | ---D | M] (Bitdefender Wallet) -- C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER\FFPWDMAN
[2010/12/09 03:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: First user (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Error reading preferences file
CHR - Extension: WOT = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.5.14_0\
CHR - Extension: YouTube = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Bitdefender Wallet = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl\17.28.1_0\
CHR - Extension: Google Search = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.29_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/07/13 09:12:14 | 000,000,698 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Bitdefender Wallet) - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-2113079054-1990414353-941291794-1007\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-2113079054-1990414353-941291794-1007\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [ALCMTR] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKU\.DEFAULT..\Run: [Bitdefender Wallet] C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe (Bitdefender)
O4 - HKU\.DEFAULT..\Run: [Bitdefender Wallet Agent] C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe (Bitdefender)
O4 - HKU\.DEFAULT..\Run: [Bitdefender Wallet Application Agent] C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe (Bitdefender)
O4 - HKU\S-1-5-18..\Run: [Bitdefender Wallet] C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe (Bitdefender)
O4 - HKU\S-1-5-18..\Run: [Bitdefender Wallet Agent] C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe (Bitdefender)
O4 - HKU\S-1-5-18..\Run: [Bitdefender Wallet Application Agent] C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe (Bitdefender)
O4 - HKU\S-1-5-21-2113079054-1990414353-941291794-1007..\Run: [Bitdefender Wallet] C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe (Bitdefender)
O4 - HKU\S-1-5-21-2113079054-1990414353-941291794-1007..\Run: [Bitdefender Wallet Agent] C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe (Bitdefender)
O4 - HKU\S-1-5-21-2113079054-1990414353-941291794-1007..\Run: [Bitdefender Wallet Application Agent] C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe (Bitdefender)
O4 - Startup: C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Utilities\Startup\Dropbox.lnk = C:\Documents and Settings\Compaq_Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2113079054-1990414353-941291794-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2113079054-1990414353-941291794-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2113079054-1990414353-941291794-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2113079054-1990414353-941291794-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Program%20Files/AutoCAD%202002/AcPreview.ocx (AcPreview Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E7D76E8-E9ED-4F7F-A377-7B47756D6079}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2113079054-1990414353-941291794-1007 Winlogon: Shell - (C:\Program Files\Emerge Desktop\emergeCore.exe) - C:\Program Files\Emerge Desktop\emergeCore.exe (The Emerge Desktop Development Team)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 21:02:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{96f7147b-4bca-11df-8309-0018f30150b3}\Shell - "" = AutoRun
O33 - MountPoints2\{96f7147b-4bca-11df-8309-0018f30150b3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{96f7147b-4bca-11df-8309-0018f30150b3}\Shell\AutoRun\command - "" = K:\HPLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (BootDefrag.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/05/03 09:55:57 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\WINDOWS\System32\sqlite3.dll
[2014/05/03 09:55:13 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/03 08:29:47 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/05/03 08:26:58 | 000,050,648 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/05/03 08:26:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/05/02 14:36:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Desktop\5-2-2014
[2014/05/02 11:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\GlarySoft
[2014/04/27 18:04:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/04/27 17:34:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sylpheed
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/05/03 11:31:00 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2113079054-1990414353-941291794-1007UA1cd605bda07bfa6.job
[2014/05/03 11:26:00 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2113079054-1990414353-941291794-1007UA.job
[2014/05/03 10:00:43 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize 4.job
[2014/05/03 09:59:06 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/05/03 09:58:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/05/03 08:29:54 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/05/03 07:13:09 | 000,074,752 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/05/03 07:05:31 | 000,002,419 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/05/03 07:05:31 | 000,002,401 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Google Chrome.lnk
[2014/05/02 16:31:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2113079054-1990414353-941291794-1007Core.job
[2014/05/02 15:05:00 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\MBR.dat
[2014/05/02 14:54:42 | 000,004,213 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\attach.zip
[2014/05/01 09:28:58 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/04/30 01:13:01 | 006,022,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2014/04/27 17:34:27 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Sylpheed.lnk
[2014/04/08 15:00:00 | 000,000,246 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/05/03 07:05:31 | 000,002,401 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Google Chrome.lnk
[2014/05/02 15:05:00 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\MBR.dat
[2014/05/02 14:54:42 | 000,004,213 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\attach.zip
[2014/04/27 17:34:27 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Sylpheed.lnk
[2013/12/01 09:44:14 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Datauser_gensett.xml
[2013/10/20 11:23:55 | 000,636,655 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1382292427.bdinstall.bin
[2013/10/20 10:45:58 | 000,223,397 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1382291021.bdinstall.bin
[2013/10/20 10:19:56 | 000,020,486 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1382289585.2636.bin
[2013/10/20 10:19:46 | 000,002,678 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1382289585.516.bin
[2013/10/20 10:19:46 | 000,002,550 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1382289585.1212.bin
[2013/10/20 10:19:45 | 000,096,156 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1382289585.3140.bin
[2013/10/18 17:06:28 | 000,086,118 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1382140417.bdinstall.bin
[2013/10/18 16:35:01 | 000,430,321 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1382138845.bdinstall.bin
[2013/02/08 05:03:08 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/12/31 19:12:33 | 000,535,491 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1357005474.bdinstall.bin
[2011/08/14 18:23:22 | 000,000,432 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\HamsterVideoConverterSettings.cfg
[2011/01/29 10:50:20 | 000,011,345 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\.recently-used.xbel
[2011/01/04 18:54:35 | 001,845,663 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2113079054-1990414353-941291794-1007-0.dat
[2011/01/04 18:54:34 | 000,362,298 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/12/14 16:13:05 | 000,000,102 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\.gtk-bookmarks
[2010/06/21 17:34:47 | 000,000,540 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\AutoGK.ini
[2009/09/30 09:05:51 | 000,000,614 | ---- | C] () -- C:\Documents and Settings\All Users\Shortcut to Start Menu.lnk
[2009/06/11 15:04:13 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2009/06/03 17:35:57 | 000,074,752 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/03 16:43:43 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\setup_ldm.iss
[2009/06/03 15:31:47 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2005/08/30 20:58:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/01/06 19:33:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACT
[2013/11/29 13:54:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bdch
[2012/12/31 19:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BDLogging
[2013/10/20 11:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bitdefender
[2006/09/20 19:40:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2009/06/11 15:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DonationCoder
[2010/12/11 11:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
[2013/10/17 10:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2011/01/08 13:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2010/06/03 09:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagull
[2013/10/17 08:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SummerSoft
[2009/06/03 15:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/05/29 14:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/22 09:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/01/06 19:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\ACT
[2009/06/09 14:46:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Autodesk
[2013/10/20 11:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Bitdefender
[2010/01/19 12:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Blender Foundation
[2010/11/30 09:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Canneverbe Limited
[2010/01/08 10:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\com.adobe.ExMan
[2009/12/21 09:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\DassaultSystemes
[2009/06/11 15:04:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\DonationCoder
[2014/05/03 10:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Dropbox
[2009/12/21 11:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\EDrawings
[2010/06/29 08:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Emerge Desktop
[2011/09/13 20:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\EurekaLog
[2010/09/01 13:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\FileZilla
[2013/08/16 11:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Free Download Manager
[2014/01/07 09:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\GlarySoft
[2012/09/26 09:04:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\gtk-2.0
[2010/09/02 15:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\HamsterSoft
[2014/02/17 09:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\HandBrake
[2010/03/26 17:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\IcoFX
[2011/02/23 13:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Image Zone Express
[2009/08/19 14:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Inkscape
[2011/01/06 19:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\IsolatedStorage
[2010/11/30 20:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\KeePass
[2010/03/17 13:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\KompoZer
[2009/06/03 16:43:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Leadertech
[2010/09/03 12:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\MPEG Streamclip
[2009/10/30 14:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Opera
[2012/12/31 19:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\QuickScan
[2014/05/03 09:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Sylpheed
[2012/11/08 14:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\TagJet
[2009/06/12 12:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\TrueCrypt
[2009/07/07 08:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\WinBatch
[2012/07/02 16:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\XYplorer
[2012/12/31 19:14:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\QuickScan
[2010/07/19 13:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Thunderbird

========== Purity Check ==========



< End of report >

After the above, I sent an email to an other email address of mine, on an other computer, and 1/2 hour later it has not arrived yet... Normal?

Your OTL log looks fine. You may want to try uninstalling Sylpheed and then try reinstalling it

http://www.majorgeeks.com/files/details/sylpheed.html

Great, thank you very much Ken!!

I'll reinstall Sylpheed. Thanks for the link, I thought S. was abandoned long ago but here it is, with nice review!

Can I ask you something else? Two other computers in this building (same router) had a very weird virus or something about a week ago: Opening Thunderbird in both of them would open multiple blank, back windows in Firefox with post.kareeza.com... long url beyond that... I ran the AV which found nothing, but this kept on happening, and the next day no more. I googled post.karessa.com + thunderbird and found one post on a forum saying the same thing was happening to him/her on that same day, and no other link... Weird? Something to worry about?

That sounds like its some sort of sex site the computers are being redirected to, try resetting the router, I know its a pain but it may be needed. There is a reset button on some, on some its a small reset hole that you can put in a paper clip or the tip of a ball point pen, most you hold in for 10 or more seconds and this will reset your router back to company defaults, then you will have to begin the task of setting it back up, if you need help with this let me know I can link you to a forum that we work closely with that help you through this process

Sylpheed works perfectly now, thanks again. Your forum's incredible help is a big deal!

Our router was supplied by Verizon. Pw was never changed, but pretty safe-seeming. Should it be changed after resetting? I suppose the forum you are talking about will help better with setting it up the most secure way possible? So yes please let me know how to contact them.

Thanks,
Bernard

Thats nice to hear Bernard, glad things are back to normal.

Lets run this quick fix using OTL that will flush out all the temp files and other not needed garbage and also reset your windows hosts file that may have been part of the problem


Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:OTL


:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[EMPTYJAVA]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces



You can go here and create an account, like Safer its free
www.WhattheTech.com

Once your registered then post in the Networking forum and they can help you set it up securely
http://forums.whatthetech.com/index.php?showforum=128

Its also a good idea maybe once a month to turn off your cable modem and router for about 5 minutes, with all the surfing around they sometimes get clogged up and this wont reset them but will let them flush out all the old info



So lets see how the fix went and if all ok you can go register at Whatthetech

Hi Ken, here's the latest:

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Compaq_Administrator\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Compaq_Administrator\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYJAVA]

User: Administrator

User: All Users

User: Compaq_Administrator
->Java cache emptied: 0 bytes

User: Default User

User: Guest

User: LocalService

User: NetworkService

User: test

Total Java Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 281176 bytes
->FireFox cache emptied: 3444651 bytes

User: All Users

User: Compaq_Administrator
->Temp folder emptied: 368137700 bytes
->Temporary Internet Files folder emptied: 116707052 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 157329777 bytes
->Google Chrome cache emptied: 29368401 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 614 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 585642 bytes
->Temporary Internet Files folder emptied: 66151 bytes
->Flash cache emptied: 41178 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: test
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 25902 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 276192568 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 26340100 bytes

Total Files Cleaned = 933.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05062014_100149

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\~bd957.tmp not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Good, how are things, email ok or still problems ? Any redirects in your browsers ?

Yep, emails are working fine now. Browser redirect lasted only one day, a couple of weeks ago. (and it was in two other computers, i.e. not this one with email problem)

Hello Bernard,

It wouldn't hurt to post at WTT and let them help you reset your router/modem, it will just guarantee that everything is up to snuff. You can link them to this thread if you like so they can see what we have done. Post back when you can and let me know how it went


Double click on AdwCleaner.exe to run the tool again.

Click on the Uninstall button.
Click Yes when asked are you sure you want to uninstall.
Both AdwCleaner.exe, its folder and all logs will be removed.

Hello, here is my post and reply in WTT, not sure what to make of it...

http://forums.whatthetech.com/index.php?showtopic=128135#entry847876

Hello Bernard,

In the beginning of this thread you never mentioned that other computers were involved , its only after we cleaned this one and you said that two other computers where getting redirects thats why I suggested resetting the router so 8210GUY is correct in that respect. I know in companies that have a lot of computers on the same network, if one gets infected its pulled offline so as not to infect the other ones. How are those other computers behaving, any redirects or anything funny going on with them.

Hi Ken,

yes, I should have mentioned other problem with other 2 computers in same network, but that happened for one day only, about 2 weeks ago* and it was a different problem, no idea of course if related. I just forgot to mention it at the beginning.

There is a total of 6 computers in this network, plus the usual tablets and phones... Only problems we have noticed are those above. (Wait: an iPad's owner says Facebook and Etsy required logging in for one day only a couple days ago, if that's anything?..)

Thank you!
Bernard

* I googled it and found just one result: a post with exact same problem as mine, on same day
https://support.mozilla.org/en-US/questions/996457

Is this a company computer or a home network ? Are there any problems presently with any of other computers ?

Home and home office computers sharing same network. None have a problem right now.

OK, good, lets leave this thread open for a few days to make sure nothing returns. I think you mentioned that the router was from Verizon, you may want to call them and have them come out, tell them what happened and that you would like a tech to come out to reset it and change the password. If anything comes back on any of the computers than you need to shut that computer down and do not go online with it

I wanted to add that it would be a good idea to have those two computers that had the redirects checked, what you would want to do is start a new topic and name it Second Computer and post the DDS and aswMBR logs, we can only do one computer per thread at a time or believe me its gets very confusing, when where done with Number 2 than you can post for number 3

Bernard,

Check your post at WTT, 8210GUY posted a link for resetting your Verizon router

Hi Ken, here is the new post
http://forums.spybot.info/showthread.php?70537-Second-computer

No rush!

Bernard

Got it

Double click on AdwCleaner.exe to run the tool again.

Click on the Uninstall button.
Click Yes when asked are you sure you want to uninstall.
Both AdwCleaner.exe, its folder and all logs will be removed.






Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.


Malwarebytes is the free version and yours to keep and will not be removed



How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken