email was sent to all in my outlook address book with link to trojan

Hitman Pro

Please download Hitman Pro

• After the download completes please double click the program to run it.
  
• Accept the terms of the license agreement and click Next
  
• Let the scan run. It will not take long
  
• When the scan finishes, and all the files have been uploaded to the Scan Cloud, click Next
  
• Click Next again. At the bottom left you will see Export Scan Results To XML File. Click that and save it in a convenient location
  
• Upload log.xml here for review please
  

Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

• Warning! Once the scan is complete JRT will shut down your browser with NO warning.

• Shut down your protection software now to avoid potential conflicts.
  
• Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
  
• Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
  
• The tool will open and start scanning your system.
  
• Please be patient as this can take a while to complete depending on your system's specifications.
  
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  
• Copy and Paste the JRT.txt log into your next message.

Lastly, open up OTL, press Quick Scan, and post a new log, please.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.2 (01.08.2013:1)
OS: Microsoft Windows XP x86
Ran by Owner on Thu 01/10/2013 at 11:09:53.04
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-823518204-2049760794-725345543-1003\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



~~~ Files

Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npmozcouponprinter.dll"
Successfully deleted: [File] "C:\WINDOWS\couponprinter.ocx"



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\coupons"



~~~ FireFox

Successfully deleted: [Folder] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\sbvr156n.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\4nffxtbr@conservativetalknow_4n.com
Successfully deleted the following from C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\sbvr156n.default\prefs.js

user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,ezLooker,pagerage,buzzdock,toprelatedtopics");
user_pref("extentions.y2layers.installId", "31993aac-2d4a-43b1-af9e-f606a2a9db47");
user_pref("google.toolbar.button_option.cached.gtbSearchBlogs", "user_pref("google.toolbar.button_option.cached.gtbSearchPhotos", "user_pref("google.toolbar.button_option.cached.gtbSearchScholar", "user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_CTK0Y7F4MTG6NKYH03WT-xml", "user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml", "user_pref("google.toolbar.search-icon", "data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7PT7/3zF6/9Ptu//RbHx/
Emptied folder: C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\sbvr156n.default\minidumps [1 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/10/2013 at 11:14:38.75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL logfile created on: 1/10/2013 11:41:02 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\My Documents
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 72.73% Memory free
4.84 Gb Paging File | 4.16 Gb Available in Paging File | 86.03% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 132.08 Gb Free Space | 44.31% Space Free | Partition Type: NTFS

Computer Name: QUADCORE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/08 18:26:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\OTL.com
PRC - [2012/12/21 22:01:00 | 028,538,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2012/09/12 09:44:03 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/09/09 04:34:28 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012/08/17 10:55:47 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/07/03 11:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/05/17 17:07:03 | 000,932,528 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/03/27 08:20:36 | 001,013,696 | ---- | M] (Cyber Power Systems, Inc.) -- C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
PRC - [2012/03/27 08:20:14 | 000,350,144 | ---- | M] (Cyber Power Systems, Inc.) -- C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
PRC - [2011/11/01 11:33:56 | 002,531,104 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oaui.exe
PRC - [2011/11/01 11:33:54 | 004,363,040 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oasrv.exe
PRC - [2011/11/01 11:33:52 | 001,163,800 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oahlp.exe
PRC - [2011/11/01 11:33:52 | 000,207,936 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oacat.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/09 10:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2006/12/12 10:46:54 | 000,020,480 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2006/12/12 10:46:52 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2006/12/12 10:43:58 | 000,842,240 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe
PRC - [2006/09/21 15:34:56 | 000,495,616 | ---- | M] (Bluebeam Software, Inc.) -- C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\MicroBrew2.exe
PRC - [2005/11/04 17:07:56 | 000,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/10 08:19:30 | 002,043,392 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13011000\algo.dll
MOD - [2013/01/10 03:16:48 | 000,316,416 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Bluebeam.Registrati#\f4c5dad00f8ffb50d1df217b12f002bd\Bluebeam.Registration.ni.dll
MOD - [2013/01/10 03:16:48 | 000,165,376 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Bluebeam.Utilities\396b4fd838997d8a88eac8ef8f78f765\Bluebeam.Utilities.ni.dll
MOD - [2013/01/10 03:15:04 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4c91371e83d124ecb39664613e7e0417\System.Windows.Forms.ni.dll
MOD - [2013/01/10 03:14:53 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
MOD - [2013/01/10 03:13:52 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013/01/10 03:13:31 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2013/01/09 16:13:39 | 002,043,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13010901\algo.dll
MOD - [2012/05/17 17:07:03 | 000,932,528 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/05/05 19:56:46 | 000,002,560 | ---- | M] () -- C:\WINDOWS\CTXFIRES.DLL
MOD - [2009/04/01 11:53:42 | 000,099,328 | ---- | M] () -- C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
MOD - [2008/03/31 12:33:15 | 000,335,872 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Bluebeam.Brewery\1.0.2455.27691__0c673d50796bb708\Bluebeam.Brewery.dll
MOD - [2005/11/02 09:54:48 | 002,945,024 | R--- | M] () -- C:\WINDOWS\system32\BGP851c.dll
MOD - [2005/06/07 08:10:50 | 000,070,656 | ---- | M] () -- C:\WINDOWS\system32\CTMMACTL.DLL


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\020653~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -- (0206531322785919mcinstcleanup)
SRV - [2013/01/10 10:44:30 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/21 20:41:07 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/12 09:44:03 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/03/27 08:20:36 | 001,013,696 | ---- | M] (Cyber Power Systems, Inc.) [Auto | Running] -- C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe -- (ppped)
SRV - [2011/11/01 11:33:54 | 004,363,040 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2011/11/01 11:33:52 | 000,207,936 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oacat.exe -- (OAcat)
SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/06/30 02:31:50 | 000,315,392 | ---- | M] (Alcatel-Lucent) [Disabled | Stopped] -- C:\Program Files\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost)
SRV - [2009/02/02 01:33:18 | 000,317,440 | ---- | M] (Amazon.com) [Disabled | Stopped] -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2008/04/03 14:46:03 | 000,085,096 | ---- | M] (Autodesk) [Disabled | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/09/30 18:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Disabled | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2003/04/30 10:04:00 | 000,331,776 | ---- | M] (Cyber Power System Inc.) [Disabled | Stopped] -- C:\PowerPanel\upssrv.exe -- (CyberPowerUPS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HPZipr12.sys -- (HPZipr12)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HPZid412.sys -- (HPZid412)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/07/03 11:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 11:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 11:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 11:21:53 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/07/03 11:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/07/03 11:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/07/03 11:21:52 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/11/01 11:34:28 | 000,040,296 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oahlp32.sys -- (oahlpXX)
DRV - [2011/11/01 11:34:10 | 000,029,464 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2011/11/01 11:34:08 | 000,205,864 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2011/11/01 11:34:08 | 000,025,192 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2011/07/15 13:42:00 | 000,081,920 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NmPar.sys -- (NmPar)
DRV - [2010/06/30 02:32:04 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/06/30 02:31:44 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/05/05 21:24:34 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/10/15 10:05:54 | 000,016,000 | ---- | M] (SysNucleus) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\udsstub.sys -- (udsstub)
DRV - [2008/04/13 13:36:42 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2008/03/27 18:31:44 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/06/18 03:01:28 | 000,514,560 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2007/05/10 12:33:58 | 000,048,640 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007/04/12 14:04:40 | 004,397,568 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/03/15 17:12:04 | 000,038,656 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001)
DRV - [2006/12/19 08:36:54 | 001,160,504 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2006/12/19 08:36:46 | 000,090,936 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/12/19 08:36:42 | 000,156,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006/12/19 08:36:36 | 000,014,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006/12/19 08:36:32 | 000,128,312 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/12/19 08:35:40 | 000,511,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2004/11/22 17:36:39 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/11/22 17:36:34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2004/08/14 03:00:00 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2001/01/16 14:46:08 | 000,050,576 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hppadt40.sys -- (dot4)
DRV - [2001/01/16 14:44:36 | 000,017,872 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hppausb0.sys -- (dot4usb)
DRV - [2001/01/16 13:43:34 | 000,015,792 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hppaprt0.sys -- (Dot4Print)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/ie/defaults/cs/yme/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=TB50TRie7
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.att.net [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EC 33 21 52 7D 5C CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=TB50TRie7
IE - HKCU\..\SearchScopes\{20A635E7-1E4F-417A-B13A-1B78A45710AC}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8eb
IE - HKCU\..\SearchScopes\{34D2BA0D-EE4A-41E8-B176-CB5CD0638CFC}: "URL" = http://www.att.net/s/s.dll?spage=search%2Fwebresults.htm&advanced=1&vl={searchTerms}&vlsel=1&vp=&vpsel=1&vy=&vysel=1&ve=&vesel=any®ion=&lang=&format=&domain=&safe=&numresults=10&submit2=Search+Yahoo
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIT_en
IE - HKCU\..\SearchScopes\{944AEDFC-8760-4A01-9723-211C8713BA76}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={selection}
IE - HKCU\..\SearchScopes\{AAA76455-D8B2-4C81-B98E-0827CE8052ED}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@consona.com/ScriptRunner: C:\Program Files\Common Files\supportsoft\bin\nptgctlsr.dll (SupportSoft, Inc.)
FF - HKLM\Software\MozillaPlugins\@consona.com/SmartIssue: C:\Program Files\Common Files\supportsoft\bin\nptgctlsi.dll (SupportSoft, Inc.)
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Owner\Application Data\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Owner\Application Data\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2012/11/08 16:10:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2012/11/08 16:10:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\Program Files\PayPal\PayPal Plug-In [2009/07/20 12:41:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/10 09:13:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/04/11 16:44:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2012/08/17 10:57:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/21 20:41:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/10 11:10:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/04/11 16:44:33 | 000,000,000 | ---D | M]

[2009/01/12 17:12:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2013/01/10 11:14:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\extensions
[2011/06/19 10:21:46 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/04/17 16:21:18 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2009/01/12 17:13:58 | 000,001,769 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\searchplugins\aim-search.xml
[2008/06/15 20:04:54 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\searchplugins\siteadvisor.xml
[2012/02/06 14:53:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SBVR156N.DEFAULT\EXTENSIONS\PLUGIN@YONTOO.COM
[2012/12/21 20:41:09 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/02/04 22:02:56 | 001,642,496 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2012/12/21 20:41:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/12/21 20:41:04 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\McChPlg.dll
CHR - plugin: LizardTech DjVu (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Owner\Application Data\Facebook\npfbplugin_1_0_1.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: Consona SmartIssue Plugin (Enabled) = C:\Program Files\Common Files\supportsoft\bin\nptgctlsi.dll
CHR - plugin: Consona Script Runner Plugin for Firefox (Enabled) = C:\Program Files\Common Files\supportsoft\bin\nptgctlsr.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: eMusic Remote Plugin (Enabled) = C:\Program Files\eMusic Download Manager\plugin\npemusic.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\

O1 HOSTS File: ([2013/01/08 22:13:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll ()
O3 - HKLM\..\Toolbar: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\OAui.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [MicroBrew] C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\MicroBrew2.exe (Bluebeam Software, Inc.)
O4 - HKLM..\Run: [PbAdminACAD] C:\Program Files\Bluebeam Software\Pushbutton PDF\PbMngr5.exe (Bluebeam Software, Inc.)
O4 - HKLM..\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe (Cyber Power Systems, Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mylabbill.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: remititonline.com ([]https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://echat.bellsouth.net/sdccommon/download/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {03A89EFD-E023-8600-A22D-45F77558EB4C} https://content.ilinc.com/clientdownload/download/ilinci86.dll (ILINCInstall86 Class)
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} http://www1.snapfish.com/SnapfishOutlookImport.cab (Snapfish Outlook Import ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.evite.com/html/imageUpload/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} https://www.facebook.com/controls/contactx.dll (ContactExtractor Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab (HPSDDX Class)
O16 - DPF: {B9940246-4344-4D1B-BD82-DBAF7E657FF9} http://telluridemountainproperties-east.viewnetcam.com:50000/SysCamInst.cab (AudioClient Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://redvector.webex.com/client/T27LB/training/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F60DCFF1-1651-438B-B98E-C6DF61103019}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsi Software GmbH)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/24 17:04:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/10 11:09:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/01/10 11:09:43 | 000,000,000 | ---D | C] -- C:\JRT
[2013/01/10 11:09:16 | 000,499,023 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\Owner\My Documents\JRT.exe
[2013/01/10 10:53:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/01/10 10:52:51 | 008,939,896 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Owner\My Documents\HitmanPro.exe
[2013/01/08 22:00:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/01/08 22:00:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/01/08 22:00:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/01/08 22:00:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/01/08 21:56:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/08 21:55:07 | 005,019,950 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\My Documents\ComboFix.exe
[2013/01/08 18:26:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\OTL.com
[2012/12/21 20:41:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/12/21 20:41:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/12/19 12:03:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/12/19 12:02:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/12/19 12:02:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/12/19 12:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

========== Files - Modified Within 30 Days ==========

[2013/01/10 11:39:04 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/10 11:33:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/10 11:32:02 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3DB9A020-3481-434C-BCEC-AC02BC5A62CB}.job
[2013/01/10 11:09:17 | 000,499,023 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\Owner\My Documents\JRT.exe
[2013/01/10 10:52:51 | 008,939,896 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Owner\My Documents\HitmanPro.exe
[2013/01/10 10:43:01 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/01/10 05:39:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/10 03:31:28 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/10 03:29:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/10 03:29:38 | 3220,426,752 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/10 03:28:48 | 000,064,756 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000001-00001102-00000005-002C1102}.rfx
[2013/01/10 03:28:48 | 000,054,724 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000001-00001102-00000005-002C1102}.rfx
[2013/01/10 03:28:48 | 000,054,724 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000001-00001102-00000005-002C1102}.rfx
[2013/01/10 03:28:48 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2013/01/10 03:28:48 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2013/01/10 03:13:00 | 000,475,714 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/10 03:13:00 | 000,077,716 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/10 01:41:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2013/01/09 13:27:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013/01/08 22:13:35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/01/08 21:55:39 | 005,019,950 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\My Documents\ComboFix.exe
[2013/01/08 19:24:24 | 000,554,087 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\adwcleaner.exe
[2013/01/08 18:26:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\OTL.com
[2013/01/05 13:46:18 | 004,596,321 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\BAR800A.pdf
[2013/01/04 14:25:00 | 005,109,775 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\GunControl.wmv
[2013/01/03 15:27:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/12/30 11:29:27 | 001,781,759 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\516-Patrol-16-sell[1].pdf
[2012/12/22 03:24:17 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk
[2012/12/22 03:23:53 | 000,001,008 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Dropbox.lnk
[2012/12/22 03:17:34 | 000,309,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/22 03:01:12 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/12/21 23:29:19 | 000,870,128 | ---- | M] () -- C:\WINDOWS\System32\mcs.rma
[2012/12/21 23:29:19 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\A18EBC
[2012/12/19 12:03:01 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/12/12 13:41:29 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2013/01/08 22:00:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/01/08 22:00:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/01/08 22:00:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/01/08 22:00:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/01/08 22:00:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/01/08 19:24:06 | 000,554,087 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\adwcleaner.exe
[2013/01/05 13:46:18 | 004,596,321 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\BAR800A.pdf
[2013/01/04 14:25:00 | 005,109,775 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\GunControl.wmv
[2012/12/30 11:29:27 | 001,781,759 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\516-Patrol-16-sell[1].pdf
[2012/12/19 12:03:01 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/08/11 11:34:00 | 000,025,548 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012/07/06 12:28:54 | 003,153,920 | ---- | C] () -- C:\Documents and Settings\Owner\secsetup.sdb
[2012/04/11 16:38:41 | 000,237,732 | ---- | C] () -- C:\WINDOWS\hpwins20.dat
[2012/04/11 16:38:41 | 000,001,678 | ---- | C] () -- C:\WINDOWS\hpwmdl20.dat
[2012/03/19 09:14:17 | 002,515,466 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-823518204-2049760794-725345543-1003-0.dat
[2012/03/19 09:14:16 | 000,260,090 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/03/09 14:35:19 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/15 23:19:20 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/12 15:21:41 | 000,205,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2011/12/12 15:21:41 | 000,040,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2011/11/27 17:42:41 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18iMfb.dat
[2011/11/27 10:35:10 | 000,015,330 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\1w15mg3p30e624
[2011/11/27 10:35:10 | 000,015,330 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1w15mg3p30e624
[2011/07/15 14:00:07 | 000,077,349 | ---- | C] () -- C:\WINDOWS\hpqins05.dat.temp
[2011/06/30 15:32:37 | 000,019,518 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2011/06/14 11:55:59 | 000,237,689 | ---- | C] () -- C:\WINDOWS\hpwins20.dat.temp
[2011/06/14 11:55:58 | 000,001,678 | ---- | C] () -- C:\WINDOWS\hpwmdl20.dat.temp
[2011/04/02 11:37:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008/08/26 16:56:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\LOG
[2008/03/27 11:12:15 | 000,052,224 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/26 14:01:19 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2008/03/25 16:09:39 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/19 12:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2010/10/08 10:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/02/19 14:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2009/04/25 11:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2009/07/16 14:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATTToolbar
[2012/08/29 13:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/12/12 15:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2008/05/09 14:58:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2008/03/31 12:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluebeam Software
[2012/07/07 11:06:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/03/26 09:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eagle Point Software
[2013/01/10 11:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2011/12/12 16:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2012/01/07 15:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/03/28 09:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2009/07/20 12:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2012/01/05 20:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2009/03/21 09:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/05/08 11:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/10 17:04:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/25 07:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/10/08 10:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2012/03/29 22:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amazon
[2009/04/25 11:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AT&T
[2009/06/28 09:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ATTToolbar
[2008/09/03 13:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Autodesk
[2009/03/30 11:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AutoSync for Yahoo
[2008/05/09 14:57:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG7
[2010/04/08 12:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.px.Uploader.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
[2011/09/19 19:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1
[2013/01/10 03:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dropbox
[2012/07/10 08:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2010/01/06 09:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\eMusic
[2010/04/12 19:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Facebook
[2011/01/27 16:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GARMIN
[2009/05/12 12:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GoodSync
[2008/03/31 10:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2008/09/18 10:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MyPublisher
[2011/12/12 15:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OnlineArmor
[2009/03/30 11:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PushSyncData
[2008/05/08 16:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Snapfish
[2012/06/18 10:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Spotify
[2008/04/22 08:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2010/01/04 12:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2010/10/21 12:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\webex

========== Purity Check ==========



< End of report >

RogueKiller Scan

• Download RogueKiller from the following link and save it on your desktop:
  TechSpot
  Official Site (alternative)
  
• Quit all programs
  
• Start RogueKiller.exe.
  
• Wait until Prescan has finished ...
  
• Click on Scan
  

• Wait for the end of the scan.
  
• The report has been created on the desktop.
  
• Click on the Delete button.
  

• The report has been created on the desktop.
  

• Next click on the ShortcutsFix
  
  
  
• The report has been created on the desktop.
  

Please post:

All RKreport.txt text files located on your desktop.


avast! aswMBR

Please download aswMBR from here

• Save aswMBR.exe to your Desktop
  
• Double click aswMBR.exe to run it
  
• Uncheck "Trace disk IO calls".
  
• Click the Scan button to start the scan as illustrated below
  

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.

• Once the scan finishes click Save log to save the log to your Desktop
  
  
• Copy and paste the contents of aswMBR.txt back here for review
  
• Please also find MBR.dat on your Desktop, and rename it to MBRscan.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.

RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 01/10/2013 14:09:39

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: MAXTOR STM3320620AS +++++
--- User ---
[MBR] 395d70269dadadd221e28d7939d83921
[BSP] 045dd44fdfd467491548e0a30753e2cc : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_01102013_02d1409.txt >>
RKreport[1]_S_01102013_02d1409.txt

RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Remove -- Date : 01/10/2013 14:10:40

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: MAXTOR STM3320620AS +++++
--- User ---
[MBR] 395d70269dadadd221e28d7939d83921
[BSP] 045dd44fdfd467491548e0a30753e2cc : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_01102013_02d1410.txt >>
RKreport[1]_S_01102013_02d1409.txt ; RKreport[2]_D_01102013_02d1410.txt

RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Shortcuts HJfix -- Date : 01/10/2013 14:13:53

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 5 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 785 / Fail 0
My documents: Success 1498 / Fail 1498
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 121 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped

Finished : << RKreport[3]_SC_01102013_02d1413.txt >>
RKreport[1]_S_01102013_02d1409.txt ; RKreport[2]_D_01102013_02d1410.txt ; RKreport[3]_SC_01102013_02d1413.txt

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-10 14:18:04
-----------------------------
14:18:04.375 OS Version: Windows 5.1.2600 Service Pack 3
14:18:04.375 Number of processors: 4 586 0xF0B
14:18:04.375 ComputerName: QUADCORE UserName: Owner
14:18:05.218 Initialize success
14:18:05.281 AVAST engine defs: 13011000
14:18:16.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-9
14:18:16.000 Disk 0 Vendor: MAXTOR_STM3320620AS 3.AAE Size: 305245MB BusType: 3
14:18:16.000 Disk 0 MBR read successfully
14:18:16.000 Disk 0 MBR scan
14:18:16.000 Disk 0 Windows XP default MBR code
14:18:16.015 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
14:18:16.015 Disk 0 scanning sectors +625121280
14:18:16.078 Disk 0 scanning C:\WINDOWS\system32\drivers
14:18:21.109 Service scanning
14:18:31.562 Modules scanning
14:18:36.609 AVAST engine scan C:\WINDOWS
14:18:51.906 AVAST engine scan C:\WINDOWS\system32
14:20:58.562 AVAST engine scan C:\WINDOWS\system32\drivers
14:21:13.359 AVAST engine scan C:\Documents and Settings\Owner
14:22:51.000 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
14:22:51.000 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

I'm having trouble attaching the MBR.dat renamed to MBRscan.txt file. I get a message "invalid file". I will keep trying to upload the file.

I ran aswmbr a second time and this time I made sure it had finished. Below is the correct log file.

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-10 16:43:36
-----------------------------
16:43:36.296 OS Version: Windows 5.1.2600 Service Pack 3
16:43:36.296 Number of processors: 4 586 0xF0B
16:43:36.296 ComputerName: QUADCORE UserName: Owner
16:43:37.062 Initialize success
16:43:37.125 AVAST engine defs: 13011000
16:45:06.921 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-9
16:45:06.921 Disk 0 Vendor: MAXTOR_STM3320620AS 3.AAE Size: 305245MB BusType: 3
16:45:06.937 Disk 0 MBR read successfully
16:45:06.937 Disk 0 MBR scan
16:45:06.953 Disk 0 Windows XP default MBR code
16:45:06.953 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
16:45:06.968 Disk 0 scanning sectors +625121280
16:45:07.078 Disk 0 scanning C:\WINDOWS\system32\drivers
16:45:19.187 Service scanning
16:45:29.671 Modules scanning
16:45:45.453 AVAST engine scan C:\WINDOWS
16:46:15.375 AVAST engine scan C:\WINDOWS\system32
16:50:12.046 AVAST engine scan C:\WINDOWS\system32\drivers
16:50:46.859 AVAST engine scan C:\Documents and Settings\Owner
17:27:45.687 AVAST engine scan C:\Documents and Settings\All Users
17:40:46.218 Scan finished successfully
18:19:12.656 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
18:19:12.656 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

I'm still unable to upload the MBRscan.txt file. Message "uploaded file is not valid". Any ideas??

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  
• Click Start or wait for the scanner to load.
  
• Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, there are a couple of things to keep in mind:
  
• 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  
• 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  
• Open the logfile from wherever you saved it
  
• Copy and paste the contents in your next reply.
  

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

• Slow computer
  
• Error messages
  
• Fake antivirus alerts or the icon in the system tray
  
• svchost.exe running at 100%
  
• System crashes or blue screen of death

Note: Absence of issues does not mean that you're protected in the future.

C:\Documents and Settings\Owner\Desktop\LG_DVD_Writer_Solution_Power_DVD__PowerProducer__Nero_Express_Aruzeo.exe Win32/Adware.1ClickDownload.G application cleaned by deleting - quarantined
C:\RECYCLER\S-1-5-21-823518204-2049760794-725345543-1003\Dc1.exe probably a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\System Volume Information\_restore{003D319C-A633-4A19-8314-D4BB8FF8A122}\RP167\A0023694.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\System Volume Information\_restore{003D319C-A633-4A19-8314-D4BB8FF8A122}\RP167\A0023698.exe Win32/Adware.1ClickDownload.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{003D319C-A633-4A19-8314-D4BB8FF8A122}\RP167\A0023702.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{003D319C-A633-4A19-8314-D4BB8FF8A122}\RP94\A0017516.exe a variant of Win32/Toolbar.MyWebSearch.O application cleaned by deleting - quarantined
C:\System Volume Information\_restore{003D319C-A633-4A19-8314-D4BB8FF8A122}\RP94\A0017518.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{003D319C-A633-4A19-8314-D4BB8FF8A122}\RP94\A0017519.dll a variant of Win32/Toolbar.MyWebSearch.Q application cleaned by deleting - quarantined
C:\System Volume Information\_restore{003D319C-A633-4A19-8314-D4BB8FF8A122}\RP94\A0017520.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

Other issues:
My IE explorer has been real slow compared to other browsers like chrome.
A lot of times a browser window would fail to open on the first try. Also I still cannot use my usb HP printer. The printer works fine with my wireless notebook, however. Also I was never able to resolve the problem with my dvd player. It works only with music video dvds but will not work with installation cd's or music cd's (see my prior issues). I think that is it. Thanks for all your help. You have really been prompt in replying.

CCleaner Temporary Files Cleaning

NOTE: If you already have this installed, you don't have to reinstall it.

Please download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

• Double-click the CCleaner shortcut on the desktop to start the program.
  
• A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
  
• On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
  
• Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.


Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:





Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:




Go to Step 4 and under "System Restore" click on Create button:




Go to Start Repairs tab and click Start button.




Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):



Click on box next to the Restart System when Finished. Then click on Start.


Let me know if problems resolve.

I'm unable to complete step 3. When i put my windows xp cd in my dvd player it prompts that I inserted the wrong cd. I guess since my dvd player has not been working properly it is not reading the cd. I'm sure it is the right cd. What should I try next??

Please Go to Start and then to Run
Type in Chkdsk /r << Please Note the space between k and /
Hit Enter ...It will ask if you want to do this on the next reboot...please press Y

Please make sure it reboots. On reboot the system will start the Check Disk operation.

Note... there are 5 stages...
It may appear to hang at a certain percent, but this is normal.
Please allow it to run and finish.
When completed it will boot the system back into Windows.

Please let me know if this fixes the problem, or if it does not function.

If this did not work, please try again in Safe Mode the following: CHKDSK. << No parameters like earlier.


Go Start and then to Run,
Type in: sfc /scannow
Click OK.
Have Windows CD/DVD handy.
If System File Checker (sfc) finds any errors, it may ask you for the CD/DVD.
If sfc does not find any errors in Windows XP, it will simply quit, without any message.

If you don't have Windows CD....

Go Start and then Run
type in regedit and click OK


Navigate to the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup

On the right hand side, find: SourcePath

It probably has an entry pointing to your CD-ROM drive, usually D and that is why it is asking for the XP CD.
All we need to do is change it to: C:
Now, double click the SourcePath setting and a new box will pop up.
Change the drive letter from your CD drive to your root drive, usually C:
Close Registry Editor.

Now restart your computer and try sfc /scannow again!

After the first run, reboot your computer. Do a second run. Now the scan and fix is finished.

I'm a little confused with your last instructions. I ran the 5 stages of Chkdsk. I then tried to run step 3 of Windows Repair and got the same message when asked to insert my windows cd. Should I try to run sfc /scannow next or go to the regedit run next?

BTW it took about 3 hours to run the 5 stages of Chkdsk (for waht its worth).

1. Download - Pre-Compiled Bootable ISO (.zip)
2. Unzip downloaded memtest86 -....iso.zip file.
3. Inside, you'll find memtest86 -....iso file.
4. Download, and install ImgBurn: http://www.imgburn.com/
5. Insert blank CD into your CD drive.
6. Open ImgBurn, and click on Write image file to disc
7. Click on Browse for a file... icon:



8. Locate memtest86 -....iso file, and click Open button.
9. Click on ImgBurn green arrow to start burning bootable memtest86 CD:



10. Once the CD is created, boot from it, and memtest will automatically start to run.

The running program will look something like this depending on the size and number of ram modules installed:



It's recommended to run 5-6 passes. Each pass contains very same

8 tests.

This will show the progress of the test. It can take a while. Be patient, or leave it running overnight.



The following image is the test results area:



The most important item here is the “errors” line. If you see ANY errors, even one, most likely, you have bad RAM.

I ran 6 passes with no errors. The dvd player was able to write and perform as a boot drive. Not sure what this tells me except my RAM is ok.
Internet Explorer has been much faster so that problem seems to be addressed. What next?

All the diagnostic reports came back okay...so no hardware issues.

Might be doing this again:

avast! aswMBR

Please download aswMBR from here

• Save aswMBR.exe to your Desktop
  
• Double click aswMBR.exe to run it
  
• Uncheck "Trace disk IO calls".
  
• Click the Scan button to start the scan as illustrated below
  

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.

• Once the scan finishes click Save log to save the log to your Desktop
  
  
• Copy and paste the contents of aswMBR.txt back here for review
  
• Please also find MBR.dat on your Desktop, and rename it to MBRscan.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-15 15:35:11
-----------------------------
15:35:11.375 OS Version: Windows 5.1.2600 Service Pack 3
15:35:11.375 Number of processors: 4 586 0xF0B
15:35:11.375 ComputerName: QUADCORE UserName: Owner
15:35:12.812 Initialize success
15:35:12.906 AVAST engine defs: 13011501
15:36:35.921 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-9
15:36:35.921 Disk 0 Vendor: MAXTOR_STM3320620AS 3.AAE Size: 305245MB BusType: 3
15:36:35.937 Disk 0 MBR read successfully
15:36:35.937 Disk 0 MBR scan
15:36:35.937 Disk 0 Windows XP default MBR code
15:36:35.937 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
15:36:35.937 Disk 0 scanning sectors +625121280
15:36:35.984 Disk 0 scanning C:\WINDOWS\system32\drivers
15:36:41.687 Service scanning
15:36:52.015 Modules scanning
15:36:57.046 AVAST engine scan C:\WINDOWS
15:37:03.968 AVAST engine scan C:\WINDOWS\system32
15:39:08.625 AVAST engine scan C:\WINDOWS\system32\drivers
15:39:23.015 AVAST engine scan C:\Documents and Settings\Owner
16:06:26.453 AVAST engine scan C:\Documents and Settings\All Users
16:18:23.687 Scan finished successfully
16:27:30.765 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\My Documents\MBR.dat"
16:27:30.765 The log file has been saved successfully to "C:\Documents and Settings\Owner\My Documents\aswMBR.txt"

I'm still unable to upload the MBRscan.txt file. Message "uploaded file is not valid".

Go to Start > right-click on My Computer and select Manage.

Press the Device Manager tab on the left. Look for any yellow exclamation marks and post it in your next reply.

No yellow exclamation marks were shown on the device mgr. tab.

We need to check out your devices. Please download DevDiag, and save it to your Desktop:
Direct Download

• If you are using Vista or Windows 7, please right-click DevDiag.exe and select Run As Administrator. Otherwise, simply double-click the program to run it.
  
• At the options screen, please type 2 and hit Enter.
  
• The tool will take a few moments to scan. When finished, a report should pop-up, also available on your Desktop (DevDiag.txt).
  
• Please do not copy/paste the report into your next reply. Instead, Attach it by clicking Add Reply, and scrolling down to the Attachments section.
  

Still unable to attach a file. I go to Post Reply, attach file, browse for the file and "submit Query". I still get error message"Uploaded file is invalid".

DevDiag by jpshortstuff (10.08.09)
Log created at 21:32 on 15/01/2013 (Owner)

========== Problematic Devices =========

(No problematic devices found)

========== Device List =========

[*] = Hidden
[!] = Problem (listed above)
[-] = Not present

--Battery--
CyberPower Battery Backup

--CDROM--
CD-ROM Drive

--Computer--
ACPI Multiprocessor PC

--DiskDrive--
Disk drive

--Display--
NVIDIA GeForce 8800 GT

--hdc--
Intel(R) ICH8 2 port Serial ATA Storage Controller - 2825
Intel(R) ICH8 4 port Serial ATA Storage Controller - 2820
Primary IDE Channel (2)
Secondary IDE Channel (2)

--HIDClass--
USB Human Interface Device

--Keyboard--
Standard 101/102-Key or Microsoft Natural PS/2 Keyboard

--LegacyDriver--
AFD
aswRdr
avast! Asynchronous Virus Monitor
avast! Network Shield Support
avast! Self Protection
Beep
catchme
Creative 20X HAL Driver
Creative AC3 Software Decoder
Creative DVD-Audio Device Driver
Creative OS Services Driver
Creative Proxy Driver
Creative SoundFont Management Device Driver
dmboot
dmload
E-mu Plug-in Architecture Driver
Fips
Generic Packet Classifier
HTTP
IP Network Address Translator
IP Traffic Filter Driver
IPSEC driver
ksecdd
Link-Layer Topology Discovery Responder
MCSTRM
mnmdd
mountmgr
MRENDIS5 NDIS Protocol Driver
MRESP50 NDIS Protocol Driver
NDIS System Driver
NDIS Usermode I/O Protocol
NDProxy
NetBios over Tcpip
Null
OAmon
OAnet
Online Armor helper driver
PartMgr
ParVdm
RDPCDD
Remote Access Auto Connection Driver
Remote Access IP ARP Driver
Remote Access NDIS TAPI Driver
Secdrv
TCP/IP Protocol Driver
VgaSave
VolSnap
Windows Driver Foundation - User-mode Driver Framework Platform Driver
Windows Socket 2.0 Non-IFS Service Provider Support Environment

--MEDIA--
[*]Microsoft Kernel System Audio Device
[*]Microsoft Kernel Wave Audio Mixer
[*]Microsoft WINMM WDM Audio Compatibility Driver
Audio Codecs
Creative X-Fi Audio Processor (WDM)
Legacy Audio Drivers
Legacy Video Capture Devices
Media Control Devices
Realtek High Definition Audio
Video Codecs

--Monitor--
SyncMaster P2250/P2250G(Digital)

--Mouse--
Microsoft PS/2 Mouse

--MultiFunction--
PCI Multi-IO Controller
[-]Officejet J4680 series

--Net--
[*]Direct Parallel
[*]WAN Miniport (IP)
[*]WAN Miniport (L2TP)
[*]WAN Miniport (PPPOE)
[*]WAN Miniport (PPTP)
Attansic L1 Gigabit Ethernet 10/100/1000Base-T Controller

--Ports--
Communications Port
ECP Printer Port
PCI Parallel Port

--Printer--
HP LaserJet 4V

--Processor--
Intel Processor (4)

--SCSIAdapter--
JMicron JMB36X Controller

--System--
[*]ACPI Power Button
[*]Logical Disk Manager
[*]Printer Port Logical Interface (2)
[*]Terminal Server Keyboard Driver
[*]Terminal Server Mouse Driver
[*]Volume Manager
ACPI Fixed Feature Button
ATK0110 ACPI UTILITY
Intel(R) 82801 PCI Bridge - 244E
Intel(R) ICH8 Family PCI Express Root Port 1 - 283F
Intel(R) ICH8 Family PCI Express Root Port 3 - 2843
Intel(R) ICH8 Family PCI Express Root Port 4 - 2845
Intel(R) ICH8/ICH8R Family LPC Interface Controller - 2810
Intel(R) P965/G965 PCI Express Root Port - 29A1
Intel(R) P965/G965 Processor to I/O Controller - 29A0
ISAPNP Read Data Port
Microcode Update Device
Microsoft ACPI-Compliant System
Microsoft Composite Battery
Microsoft System Management BIOS Driver
Microsoft UAA Bus Driver for High Definition Audio
PCI bus
Plug and Play Software Device Enumerator
System CMOS/real time clock
Terminal Server Device Redirector
[-]Direct memory access controller
[-]Intel(R) ICH8 Family SMBus Controller - 283E
[-]Motherboard resources (4)
[-]Numeric data processor
[-]Programmable interrupt controller
[-]System board (2)
[-]System speaker
[-]System timer

--USB--
Intel(R) ICH8 Family USB Universal Host Controller - 2830
Intel(R) ICH8 Family USB Universal Host Controller - 2831
Intel(R) ICH8 Family USB Universal Host Controller - 2832
Intel(R) ICH8 Family USB Universal Host Controller - 2834
Intel(R) ICH8 Family USB Universal Host Controller - 2835
Intel(R) ICH8 Family USB2 Enhanced Host Controller - 2836
Intel(R) ICH8 Family USB2 Enhanced Host Controller - 283A
USB Root Hub (7)

--USBSTUBDRIVER--
USBDeviceShare USB Device Stub (2)

--Volume--
[*]Generic volume

-=E.O.F=-

What other issues? We may have resolved as much as we could...

I just updated my Avast free anti-virus software and now none of my browsers or my email will work unless I disable the avast. I went to the avast support site but did not find a fix for this problem. any ideas??

I guess I'm good for now. Should I clean-up and un-install all the scanning programs?

Bump

Bump