trojan agent/gen-fraud pak, adware couponbar, etc

[Ghost]

hi Corrine;-)
tried dds but same results. i did notice that when the desktop freezes running dds scan the clock freezes also.
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3cae40a7870ef647ae424fff177c1ec7
# engine=14647
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-08-05 02:50:40
# local_time=2013-08-04 02:50:40 (-1200, Dateline Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1799 16775165 100 95 0 0 0 0
# scanned=54310
# found=11
# cleaned=0
# scan_time=2765
sh=1F85D6447D7D113B0D4D259ED45F3C39649478DD ft=1 fh=debd42e79b084b82 vn="a variant of Win32/InstallIQ.A application" ac=I fn="C:\Documents and Settings\User\Desktop\musicoasis_d1595896.exe"
sh=284DFF1D2DF5132EAB9259CEF8A3E022E52797AC ft=1 fh=d830c3789814f636 vn="a variant of Win32/InstallBrain application" ac=I fn="C:\Documents and Settings\User\My Documents\Downloads\PCPerformer_GN.exe"
sh=651BAA6C4C2163043551FA266F26EAE6343BD04C ft=1 fh=711b8935a45b6bfc vn="Win32/SoftonicDownloader.C application" ac=I fn="C:\Documents and Settings\User\My Documents\Downloads\SoftonicDownloader_for_atf-cleaner.exe"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="a variant of Win32/Bundled.Toolbar.Ask.D application" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\offercast_avirav7_.exe"
sh=BAEFCB03679575349E01668C4F0938643BAAA022 ft=1 fh=45ba6b521529362d vn="a variant of Win32/Toolbar.MyWebSearch.A application" ac=I fn="C:\Program Files\DailyBibleGuide\bar\1.bin\2vdatact.dll"
sh=53F3044159FFCF82C746898941DBE3DC2AC9A24C ft=1 fh=09fa8c8598e549f8 vn="probably a variant of Win32/Toolbar.MyWebSearch.B application" ac=I fn="C:\Program Files\DailyBibleGuide\bar\1.bin\2vhtmlmu.dll"
sh=92AC05FFF3AD68271062A3DCB87E12EE6B816DDB ft=1 fh=acec1e59f99ab2fd vn="probably a variant of Win32/Toolbar.MyWebSearch.P application" ac=I fn="C:\Program Files\DailyBibleGuide\bar\1.bin\2vieovr.dll"
sh=E2D44843150192CEE5580CAA0A05BB015271B7CD ft=1 fh=8293caf33be135a7 vn="probably a variant of Win32/Toolbar.MyWebSearch application" ac=I fn="C:\Program Files\DailyBibleGuide\bar\1.bin\2vPlugin.dll"
sh=857980A7B7AB77FF8E34A090CCD76B8BA628E7E4 ft=1 fh=6c9ac10ea3ee1cdd vn="a variant of Win32/Toolbar.MyWebSearch.P application" ac=I fn="C:\Program Files\DailyBibleGuide\bar\1.bin\2vskin.dll"
sh=1967506783A2EFD10777FBCA0DA4DA6D4EBE1D5B ft=1 fh=2f1744e0249338c5 vn="probably a variant of Win32/Toolbar.MyWebSearch.F application" ac=I fn="C:\Program Files\DailyBibleGuide\bar\1.bin\T8HTML.DLL"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="probably a variant of Win32/Toolbar.MyWebSearch.B application" ac=I fn="${Memory}"

thanks,
Ghost

[Corrine]

Hi, Ghost.

Apologies for so many questions!

Does the system clock freeze when performing any other activities? 
Does it happen in both Normal and in Safe Mode? 
When DDS or OTL stop, what is explorer.exe showing in Task Manager?
Is the clock otherwise keeping the correct time? 
Do you know if the CMOS battery has ever been replaced?

Below are the files detected by ESET.  Both Music Oasis are indicated in WOT as having a bad reputation.  If either program is installed on the computer, please uninstall them.  The DailyBibleGuide toolbar is a product of "MyWebSearch" and considered adware.  If there is an entry in add/remove programs, please uninstall it.  Then rescan with ESET and change the option "Remove found threats" to checked.

C:\Documents and Settings\User\Desktop\musicoasis_d1595896.exe
C:\Documents and Settings\User\My Documents\Downloads\PCPerformer_GN.exe
C:\Documents and Settings\User\My Documents\Downloads\SoftonicDownloader_for_atf-cleaner.exe
C:\Program Files\Avira\AntiVir Desktop\offercast_avirav7_.exe
C:\Program Files\DailyBibleGuide\bar\1.bin\2vdatact.dll
C:\Program Files\DailyBibleGuide\bar\1.bin\2vhtmlmu.dll
C:\Program Files\DailyBibleGuide\bar\1.bin\2vieovr.dll
C:\Program Files\DailyBibleGuide\bar\1.bin\2vPlugin.dll
C:\Program Files\DailyBibleGuide\bar\1.bin\2vskin.dll
C:\Program Files\DailyBibleGuide\bar\1.bin\T8HTML.DLL

[Ghost]

hi Corrine;-)

Does the system clock freeze when performing any other activities? 

no it doesent.

Does it happen in both Normal and in Safe Mode? 

yes it does,

When DDS or OTL stop, what is explorer.exe showing in Task Manager?

cpu: 0
memory: 27,432 (till all freezes at about 2 minutes)

Is the clock otherwise keeping the correct time?

.
yes. when i do the hard shutdown and boot up the time is correct.

Do you know if the CMOS battery has ever been replaced?

no i dont but will ask in a minute.
neither Music Oasis was in add/remove
DailyBibleGuide is not in add/remove.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3cae40a7870ef647ae424fff177c1ec7
# engine=14647
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-08-05 02:50:40
# local_time=2013-08-04 02:50:40 (-1200, Dateline Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1799 16775165 100 95 0 0 0 0
# scanned=54310
# found=11
# cleaned=0
# scan_time=2765
sh=1F85D6447D7D113B0D4D259ED45F3C39649478DD ft=1 fh=debd42e79b084b82 vn="a variant of Win32/InstallIQ.A application" ac=I fn="C:\Documents and Settings\User\Desktop\musicoasis_d1595896.exe"
sh=284DFF1D2DF5132EAB9259CEF8A3E022E52797AC ft=1 fh=d830c3789814f636 vn="a variant of Win32/InstallBrain application" ac=I fn="C:\Documents and Settings\User\My Documents\Downloads\PCPerformer_GN.exe"
sh=651BAA6C4C2163043551FA266F26EAE6343BD04C ft=1 fh=711b8935a45b6bfc vn="Win32/SoftonicDownloader.C application" ac=I fn="C:\Documents and Settings\User\My Documents\Downloads\SoftonicDownloader_for_atf-cleaner.exe"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="a variant of Win32/Bundled.Toolbar.Ask.D application" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\offercast_avirav7_.exe"
sh=BAEFCB03679575349E01668C4F0938643BAAA022 ft=1 fh=45ba6b521529362d vn="a variant of Win32/Toolbar.MyWebSearch.A application" ac=I fn="C:\Program Files\DailyBibleGuide\bar\1.bin\2vdatact.dll"
sh=53F3044159FFCF82C746898941DBE3DC2AC9A24C ft=1 fh=09fa8c8598e549f8 vn="probably a variant of Win32/Toolbar.MyWebSearch.B application" ac=I fn="C:\Program Files\DailyBibleGuide\bar\1.bin\2vhtmlmu.dll"
sh=92AC05FFF3AD68271062A3DCB87E12EE6B816DDB ft=1 fh=acec1e59f99ab2fd vn="probably a variant of Win32/Toolbar.MyWebSearch.P application" ac=I fn="C:\Program Files\DailyBibleGuide\bar\1.bin\2vieovr.dll"
sh=E2D44843150192CEE5580CAA0A05BB015271B7CD ft=1 fh=8293caf33be135a7 vn="probably a variant of Win32/Toolbar.MyWebSearch application" ac=I fn="C:\Program Files\DailyBibleGuide\bar\1.bin\2vPlugin.dll"
sh=857980A7B7AB77FF8E34A090CCD76B8BA628E7E4 ft=1 fh=6c9ac10ea3ee1cdd vn="a variant of Win32/Toolbar.MyWebSearch.P application" ac=I fn="C:\Program Files\DailyBibleGuide\bar\1.bin\2vskin.dll"
sh=1967506783A2EFD10777FBCA0DA4DA6D4EBE1D5B ft=1 fh=2f1744e0249338c5 vn="probably a variant of Win32/Toolbar.MyWebSearch.F application" ac=I fn="C:\Program Files\DailyBibleGuide\bar\1.bin\T8HTML.DLL"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="probably a variant of Win32/Toolbar.MyWebSearch.B application" ac=I fn="${Memory}"
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3cae40a7870ef647ae424fff177c1ec7
# engine=14650
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-08-05 04:45:08
# local_time=2013-08-04 04:45:08 (-1200, Dateline Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1799 16775165 100 95 0 0 0 0
# scanned=54324
# found=10
# cleaned=10
# scan_time=2770
sh=1F85D6447D7D113B0D4D259ED45F3C39649478DD ft=1 fh=debd42e79b084b82 vn="a variant of Win32/InstallIQ.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\User\Desktop\musicoasis_d1595896.exe"
sh=284DFF1D2DF5132EAB9259CEF8A3E022E52797AC ft=1 fh=d830c3789814f636 vn="a variant of Win32/InstallBrain application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\User\My Documents\Downloads\PCPerformer_GN.exe"
sh=651BAA6C4C2163043551FA266F26EAE6343BD04C ft=1 fh=711b8935a45b6bfc vn="Win32/SoftonicDownloader.C application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\User\My Documents\Downloads\SoftonicDownloader_for_atf-cleaner.exe"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="a variant of Win32/Bundled.Toolbar.Ask.D application (cleaned by deleting (after the next restart) - quarantined)" ac=C fn="C:\Program Files\Avira\AntiVir Desktop\offercast_avirav7_.exe"
sh=BAEFCB03679575349E01668C4F0938643BAAA022 ft=1 fh=45ba6b521529362d vn="a variant of Win32/Toolbar.MyWebSearch.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\DailyBibleGuide\bar\1.bin\2vdatact.dll"
sh=53F3044159FFCF82C746898941DBE3DC2AC9A24C ft=1 fh=09fa8c8598e549f8 vn="probably a variant of Win32/Toolbar.MyWebSearch.B application (cleaned by deleting (after the next restart) - quarantined)" ac=C fn="C:\Program Files\DailyBibleGuide\bar\1.bin\2vhtmlmu.dll"
sh=92AC05FFF3AD68271062A3DCB87E12EE6B816DDB ft=1 fh=acec1e59f99ab2fd vn="probably a variant of Win32/Toolbar.MyWebSearch.P application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\DailyBibleGuide\bar\1.bin\2vieovr.dll"
sh=E2D44843150192CEE5580CAA0A05BB015271B7CD ft=1 fh=8293caf33be135a7 vn="probably a variant of Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\DailyBibleGuide\bar\1.bin\2vPlugin.dll"
sh=857980A7B7AB77FF8E34A090CCD76B8BA628E7E4 ft=1 fh=6c9ac10ea3ee1cdd vn="a variant of Win32/Toolbar.MyWebSearch.P application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\DailyBibleGuide\bar\1.bin\2vskin.dll"
sh=1967506783A2EFD10777FBCA0DA4DA6D4EBE1D5B ft=1 fh=2f1744e0249338c5 vn="probably a variant of Win32/Toolbar.MyWebSearch.F application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\DailyBibleGuide\bar\1.bin\T8HTML.DLL"

thanks,
Ghost

[Ghost]

hi Corrine;-),good news, i got otl to do a full scan;-))
OTL logfile created on: 8/4/2013 5:48:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.36 Mb Total Physical Memory | 679.28 Mb Available Physical Memory | 66.90% Memory free
1.64 Gb Paging File | 1.25 Gb Available in Paging File | 76.60% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 20.12 Gb Free Space | 53.99% Space Free | Partition Type: NTFS

Computer Name: 1LWHQ71-B7B7DDF | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/04 00:35:53 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013/08/04 00:34:08 | 000,076,856 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013/08/04 00:33:49 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/08/04 00:33:46 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/08/03 15:21:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2013/07/02 07:37:00 | 002,938,408 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe
PRC - [2013/05/23 08:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/05/08 04:48:08 | 005,271,040 | ---- | M] (Joyent, Inc) -- C:\Program Files\ATT\8.3.0.34\ma\bin\node.exe
PRC - [2013/05/08 04:48:08 | 000,321,024 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\ATT\8.3.0.34\ma\bin\MAHostService.exe
PRC - [2013/03/02 12:23:26 | 000,369,152 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\pcCMService.exe
PRC - [2008/04/13 12:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/04 00:36:04 | 000,394,824 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2013/03/06 13:26:54 | 000,241,152 | ---- | M] () -- C:\Program Files\ATT\8.3.0.34\ma\node_modules\motive-activex-wrapper\build\Release\NodeActiveXWrapper.node
MOD - [2013/03/06 13:26:36 | 000,264,704 | ---- | M] () -- C:\Program Files\ATT\8.3.0.34\ma\node_modules\motive-osbridge\build\Release\MotiveOSBridgeNodeModule.node
MOD - [2013/03/06 13:26:20 | 000,233,984 | ---- | M] () -- C:\Program Files\ATT\8.3.0.34\ma\node_modules\motive-xmpps\build\Release\MotiveXMPPSNode.node
MOD - [2012/07/12 11:37:54 | 001,380,864 | ---- | M] () -- C:\Program Files\ATT\8.3.0.34\ma\node_modules\libxmljs\build\Release\libxmljs.node
MOD - [2012/06/26 08:40:04 | 000,068,096 | ---- | M] () -- C:\Program Files\ATT\8.3.0.34\ma\node_modules\dnode\node_modules\weak\build\Release\weakref.node
MOD - [2011/11/01 17:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 17:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2006/11/01 16:48:02 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll


========== Services (SafeList) ==========

SRV - [2013/08/04 00:35:53 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/08/04 00:34:13 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2013/08/04 00:33:49 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/07/07 06:39:44 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/02 07:37:00 | 002,938,408 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2013/06/30 07:55:41 | 000,182,184 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/06/25 19:15:24 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/23 08:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/05/08 04:48:08 | 000,321,024 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\ATT\8.3.0.34\ma\bin\MAHostService.exe -- (ATT MAHostService)
SRV - [2013/03/02 12:23:26 | 000,369,152 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService)
SRV - [2012/07/15 03:36:12 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Stopped] -- C:\Program Files\DailyBibleGuide\bar\1.bin\2vbarsvc.exe -- (DailyBibleGuideService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\UIUSys.sys -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (MREMPR5)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/08/04 00:36:40 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/08/04 00:36:40 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013/08/04 00:36:40 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013/08/04 00:36:40 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2013/07/02 07:36:44 | 000,050,208 | ---- | M] (Emsisoft GmbH) [Kernel | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys -- (cleanhlp)
DRV - [2013/03/28 19:03:02 | 000,022,056 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)
DRV - [2012/04/30 18:45:28 | 000,054,072 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2011/07/22 04:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 09:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/02 08:09:42 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/02/02 08:09:42 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2006/10/12 19:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/05/10 15:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/04/06 15:49:00 | 000,088,192 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2005/05/03 15:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 11:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2001/08/17 08:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1343024091-963894560-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1343024091-963894560-725345543-1003\..\URLSearchHook: {f15ff29f-85a1-43cd-9674-e5ba40016c97} - No CLSID value found
IE - HKU\S-1-5-21-1343024091-963894560-725345543-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1343024091-963894560-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1343024091-963894560-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1343024091-963894560-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1343024091-963894560-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@DailyBibleGuide.com/Plugin: C:\Program Files\DailyBibleGuide\bar\1.bin\NP2vStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\ATT\8.3.0.34\ma\bin\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@Motive.com/npMotiveRequest,version=1.0: C:\Program Files\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\User\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/01/29 05:20:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\2vffxtbr@DailyBibleGuide.com: C:\Program Files\DailyBibleGuide\bar\1.bin [2013/08/04 16:44:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/07/07 06:38:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/04 11:53:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/01/29 05:20:11 | 000,000,000 | ---D | M]

[2012/01/27 15:22:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2013/08/04 11:46:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rp33vbra.default\extensions
[2012/02/03 06:04:43 | 000,000,000 | ---D | M] (Searchcore Toolbar) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rp33vbra.default\extensions\{af6ac4f2-9825-4fb6-a600-92bc5361f209}
[2013/02/23 16:17:35 | 000,000,000 | ---D | M] (ShopAtHome.com Toolbar) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rp33vbra.default\extensions\toolbar@shopathome.com
[2013/07/26 08:31:20 | 000,713,729 | ---- | M] () (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rp33vbra.default\extensions\toolbar_AVIRA-V7@apn.ask.com.xpi
[2013/01/31 14:31:27 | 000,134,683 | ---- | M] () (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rp33vbra.default\extensions\xbjidatbto@xaxaooapszwybbb.jo.xpi
[2013/08/04 11:46:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/07/07 06:39:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/07/07 06:38:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/07 06:39:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome  ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: First user (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Error reading preferences file
CHR - Extension: YouTube = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: YouTube = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google Search = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2004/08/04 00:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Search Assistant BHO) - {0631bff0-6846-48ca-982d-d62d7f376e97} - C:\Program Files\DailyBibleGuide\bar\1.bin\2vSrcAs.dll (MindSpark)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Toolbar BHO) - {beea7fa9-d1f4-49a2-9b1f-6fb7a2d9bc2a} - C:\Program Files\DailyBibleGuide\bar\1.bin\2vbar.dll (MindSpark)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (DailyBibleGuide) - {2a942ab7-2073-49bc-a7e1-77e93835889a} - C:\Program Files\DailyBibleGuide\bar\1.bin\2vbar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" File not found
O3 - HKU\S-1-5-21-1343024091-963894560-725345543-1003\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1343024091-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1343024091-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &Search - http://tbedits.dailybibleguide.com/one-toolbaredits/menusearch.jhtml?s=100000422&p=XMxdm145YYus&si=GBYFB&a=8E6D9863-F19E-4B49-A9F7-452CD138FDCA&n=2013062918&cv=2 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1375186667109 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E32E556-3A8F-4E98-8D02-A0912C7E236F}: DhcpNameServer = 10.10.10.1 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3F4AC5D-0657-4602-99F0-4567BC63CE49}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/18 10:00:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/04 17:07:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2013/08/04 13:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/08/04 12:24:00 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\User\Desktop\dds.scr
[2013/08/04 11:52:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/08/04 11:44:16 | 000,561,889 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\User\Desktop\JRT.exe
[2013/08/04 01:11:04 | 001,893,504 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\User\Desktop\rkill.com
[2013/08/04 00:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Avira
[2013/08/04 00:38:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2013/08/04 00:38:10 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2013/08/04 00:38:05 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013/08/04 00:38:05 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013/08/04 00:38:05 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2013/08/04 00:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013/08/04 00:38:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2013/08/04 00:01:17 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2013/08/03 23:20:07 | 000,000,000 | ---D | C] -- C:\Program Files\InstallShield Installation Information
[2013/08/03 23:19:44 | 000,088,192 | ---- | C] (Texas Instruments) -- C:\WINDOWS\System32\drivers\gtipci21.sys
[2013/08/03 23:19:44 | 000,028,672 | ---- | C] (Gemplus) -- C:\WINDOWS\cttib1.dll
[2013/08/03 23:19:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\tiinst
[2013/08/03 23:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2013/08/03 21:11:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Emsisoft Anti-Malware
[2013/08/03 21:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2013/08/03 21:11:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Anti-Malware
[2013/08/03 20:57:23 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/08/03 20:50:54 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/08/03 20:41:07 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/08/03 20:32:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/08/03 20:32:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/08/03 20:32:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/08/03 20:32:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/08/03 20:31:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/03 20:31:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/08/03 20:28:25 | 005,097,312 | R--- | C] (Swearware) -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2013/08/03 16:24:47 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi2fs.dll
[2013/08/03 16:24:47 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imapi2fs.dll
[2013/08/03 16:24:47 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi2.dll
[2013/08/03 16:24:47 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imapi2.dll
[2013/08/03 16:24:47 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2013/08/03 16:17:03 | 001,528,184 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\User\Desktop\GenuineCheck.exe
[2013/08/03 16:07:40 | 000,881,168 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\User\Desktop\mssstool32.exe
[2013/08/03 15:21:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2013/08/03 13:00:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft Antimalware
[2013/08/01 05:52:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2013/08/01 05:52:03 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/08/01 02:43:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
[2013/08/01 02:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2013/07/31 23:13:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\My Documents\My Videos
[2013/07/31 23:13:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Administrative Tools
[2013/07/31 01:54:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Revo Uninstaller
[2013/07/31 01:54:13 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/07/30 00:49:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2013/07/30 00:48:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/30 00:48:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/07/30 00:48:11 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/07/30 00:48:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/07/29 23:57:00 | 000,156,160 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\b57xp32.sys
[2013/07/29 23:57:00 | 000,156,160 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2013/07/29 02:44:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013/07/29 02:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2013/07/29 02:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2013/07/29 00:47:01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\User\IECompatCache
[2013/07/07 06:38:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2013/08/04 17:04:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/08/04 17:02:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/08/04 12:29:28 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/08/04 12:24:00 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\User\Desktop\dds.scr
[2013/08/04 11:44:17 | 000,561,889 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\User\Desktop\JRT.exe
[2013/08/04 11:33:51 | 000,666,633 | ---- | M] () -- C:\Documents and Settings\User\Desktop\adwcleaner.exe
[2013/08/04 01:11:09 | 001,893,504 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\User\Desktop\rkill.com
[2013/08/04 00:36:40 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013/08/04 00:36:40 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013/08/04 00:36:40 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2013/08/04 00:36:40 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2013/08/04 00:25:56 | 002,092,792 | ---- | M] () -- C:\Documents and Settings\User\Desktop\avira_free_antivirus.exe
[2013/08/04 00:05:21 | 000,891,098 | ---- | M] () -- C:\Documents and Settings\User\Desktop\SecurityCheck(1).exe
[2013/08/03 21:11:52 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2013/08/03 21:11:52 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Emsisoft Anti-Malware.lnk
[2013/08/03 20:34:13 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2013/08/03 20:28:41 | 005,097,312 | R--- | M] (Swearware) -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2013/08/03 18:53:23 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/03 16:51:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/03 16:17:06 | 001,528,184 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\User\Desktop\GenuineCheck.exe
[2013/08/03 16:09:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/08/03 15:57:40 | 000,881,168 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\User\Desktop\mssstool32.exe
[2013/08/03 15:21:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2013/08/03 01:53:41 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/08/01 05:52:15 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/07/31 02:01:12 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/07/31 01:54:14 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Revo Uninstaller.lnk
[2013/07/30 03:06:44 | 002,240,512 | ---- | M] () -- C:\Documents and Settings\User\s-1-5-21-1343024091-963894560-725345543-1003.rrr
[2013/07/30 00:52:27 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/30 00:32:09 | 000,442,140 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/07/30 00:32:09 | 000,071,910 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/07/12 01:32:01 | 000,238,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/07/10 20:50:04 | 001,858,464 | ---- | M] (Coupons.com Incorporated) -- C:\Documents and Settings\User\Desktop\couponprinter.exe

========== Files Created - No Company Name ==========

[2013/08/04 11:33:50 | 000,666,633 | ---- | C] () -- C:\Documents and Settings\User\Desktop\adwcleaner.exe
[2013/08/04 00:25:55 | 002,092,792 | ---- | C] () -- C:\Documents and Settings\User\Desktop\avira_free_antivirus.exe
[2013/08/04 00:05:19 | 000,891,098 | ---- | C] () -- C:\Documents and Settings\User\Desktop\SecurityCheck(1).exe
[2013/08/03 23:19:44 | 000,017,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\tiscfw.deb
[2013/08/03 21:11:52 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2013/08/03 21:11:52 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Emsisoft Anti-Malware.lnk
[2013/08/03 20:41:16 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/08/03 20:41:12 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/08/03 20:32:20 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/08/03 20:32:20 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/08/03 20:32:20 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/08/03 20:32:20 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/08/03 20:32:20 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/08/01 05:52:15 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/07/31 01:54:14 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Revo Uninstaller.lnk
[2013/07/30 03:06:43 | 002,240,512 | ---- | C] () -- C:\Documents and Settings\User\s-1-5-21-1343024091-963894560-725345543-1003.rrr
[2013/07/30 00:48:22 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/29 01:51:32 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Internet Explorer (2).lnk
[2013/06/29 07:29:50 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
[2013/06/29 07:29:48 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013/06/29 07:29:42 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
[2012/02/14 13:20:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/13 03:12:54 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/03 06:04:16 | 000,002,612 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\repository.xml
[2012/01/29 05:09:56 | 000,208,377 | ---- | C] () -- C:\WINDOWS\hpoins41.dat
[2012/01/29 05:09:56 | 000,001,112 | ---- | C] () -- C:\WINDOWS\hpomdl41.dat
[2012/01/25 15:07:35 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2012/01/25 15:07:30 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2012/01/25 15:07:29 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2012/01/18 10:04:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/01/18 09:56:41 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/01/18 01:25:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/01/18 01:24:36 | 000,238,352 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2012/01/25 15:03:14 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011/11/01 08:35:20 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 00:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 12:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

and
OTL Extras logfile created on: 8/4/2013 5:48:24 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.36 Mb Total Physical Memory | 679.28 Mb Available Physical Memory | 66.90% Memory free
1.64 Gb Paging File | 1.25 Gb Available in Paging File | 76.60% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 20.12 Gb Free Space | 53.99% Space Free | Partition Type: NTFS

Computer Name: 1LWHQ71-B7B7DDF | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1343024091-963894560-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Iminent\IMBooster\IMBooster.exe" = C:\Program Files\Iminent\IMBooster\IMBooster.exe:*:Enabled:IMBooster
"C:\Program Files\Iminent\MMServer\Iminent.MMServer.exe" = C:\Program Files\Iminent\MMServer\Iminent.MMServer.exe:*:Enabled:MMServer
"C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\dtUser.exe" = C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0E0479F8-180F-4054-B4F7-17EE657F90BF}" = TIPCI
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{41564952-412D-5637-00A7-A758B70C0202}" = Avira SearchFree Toolbar plus Web Protection
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C769A271-7E1C-48F9-B331-474600DD4C01}" = Microsoft Picture It! Publishing Platinum 2002
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD42CCF-9AFF-4BC5-862A-38CCD3C8E8F8}" = HP Photosmart Premium C309g-m All-in-One Driver Software 14.0 Rel. 6
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{DD4CEACE-8B19-4B1C-AE82-DE0FC5787D4C}" = Iminent
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E6319C60-D4DF-4D4D-A077-9F46D656E4FB}" = C309g-m
"{EE177519-70E3-4A94-B8DB-FD0B78D1A47E}" = PS_AIO_06_C309g-m_SW_Min
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ATT-ATT Management Agent" = ATT Management Agent
"Avira AntiVir Desktop" = Avira Free Antivirus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"DailyBibleGuidebar Uninstall" = DailyBibleGuide Toolbar
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo Creations" = HP Photo Creations
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{0E0479F8-180F-4054-B4F7-17EE657F90BF}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Revo Uninstaller" = Revo Uninstaller 1.71
"Shop for HP Supplies" = Shop for HP Supplies
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1343024091-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = CopyTrans Suite Remove Only
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/11/2013 12:11:31 PM | Computer Name = 1LWHQ71-B7B7DDF | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 102703

Error - 7/11/2013 12:11:31 PM | Computer Name = 1LWHQ71-B7B7DDF | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 102703

Error - 7/29/2013 10:03:08 AM | Computer Name = 1LWHQ71-B7B7DDF | Source = MPSampleSubmission | ID = 5000
Description =

Error - 7/30/2013 11:03:08 AM | Computer Name = 1LWHQ71-B7B7DDF | Source = Application Error | ID = 1000
Description = Faulting application jv16 powertools.exe, version 1.3.0.195, faulting
module kernel32.dll, version 5.1.2600.6293, fault address 0x00012fd3.

Error - 8/4/2013 12:04:32 AM | Computer Name = 1LWHQ71-B7B7DDF | Source = Microsoft Security Client | ID = 5000
Description =

Error - 8/4/2013 12:21:11 AM | Computer Name = 1LWHQ71-B7B7DDF | Source = Microsoft Security Client | ID = 5000
Description =

Error - 8/4/2013 12:24:33 AM | Computer Name = 1LWHQ71-B7B7DDF | Source = Microsoft Security Client | ID = 5000
Description =

Error - 8/4/2013 12:56:51 AM | Computer Name = 1LWHQ71-B7B7DDF | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
  The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
  Please contact Microsoft Product Support Services to report this erro

Error - 8/4/2013 5:10:56 AM | Computer Name = 1LWHQ71-B7B7DDF | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. 

Error - 8/4/2013 5:10:56 AM | Computer Name = 1LWHQ71-B7B7DDF | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. 

[ System Events ]
Error - 8/4/2013 12:27:16 AM | Computer Name = 1LWHQ71-B7B7DDF | Source = Service Control Manager | ID = 7034
Description = The pcCMService service terminated unexpectedly.  It has done this
1 time(s).

Error - 8/4/2013 4:43:17 AM | Computer Name = 1LWHQ71-B7B7DDF | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
  It has done this 1 time(s).

Error - 8/4/2013 4:52:10 AM | Computer Name = 1LWHQ71-B7B7DDF | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
  It has done this 1 time(s).

Error - 8/4/2013 8:04:14 PM | Computer Name = 1LWHQ71-B7B7DDF | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
  It has done this 1 time(s).

Error - 8/4/2013 8:04:14 PM | Computer Name = 1LWHQ71-B7B7DDF | Source = Service Control Manager | ID = 7031
Description = The Emsisoft Anti-Malware 8.0 - Service service terminated unexpectedly.
  It has done this 1 time(s).  The following corrective action will be taken in
0 milliseconds: Restart the service.

Error - 8/4/2013 8:04:17 PM | Computer Name = 1LWHQ71-B7B7DDF | Source = Service Control Manager | ID = 7031
Description = The SAS Core Service service terminated unexpectedly.  It has done
this 1 time(s).  The following corrective action will be taken in 1000 milliseconds:
Restart the service.

Error - 8/4/2013 8:04:17 PM | Computer Name = 1LWHQ71-B7B7DDF | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly.  It has done
this 1 time(s).  The following corrective action will be tak

[Ghost]

 
Error - 8/4/2013 8:04:17 PM | Computer Name = 1LWHQ71-B7B7DDF | Source = Service Control Manager | ID = 7031
Description = The ATT MAHostService service terminated unexpectedly.  It has done
this 1 time(s).  The following corrective action will be taken in 1000 milliseconds:
Restart the service.

Error - 8/4/2013 8:04:17 PM | Computer Name = 1LWHQ71-B7B7DDF | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly.  It has done
this 1 time(s).

Error - 8/4/2013 8:04:18 PM | Computer Name = 1LWHQ71-B7B7DDF | Source = Service Control Manager | ID = 7034
Description = The pcCMService service terminated unexpectedly.  It has done this
1 time(s).


< End of repot
thanks,
Ghost

[Corrine]

Hi, Ghost.

Please perform a Custom Fix with OTL. 

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:
  

Code Select Expand


:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKU\S-1-5-21-1343024091-963894560-725345543-1003\..\URLSearchHook: {f15ff29f-85a1-43cd-9674-e5ba40016c97} - No CLSID value found
FF - HKLM\Software\MozillaPlugins\@DailyBibleGuide.com/Plugin: C:\Program Files\DailyBibleGuide\bar\1.bin\NP2vStub.dll (MindSpark)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\2vffxtbr@DailyBibleGuide.com: C:\Program Files\DailyBibleGuide\bar\1.bin [2013/08/04 16:44:15 | 000,000,000 | ---D | M
[2013/02/23 16:17:35 | 000,000,000 | ---D | M] (ShopAtHome.com Toolbar) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rp33vbra.default\extensions\toolbar@shopathome.com
[2013/07/26 08:31:20 | 000,713,729 | ---- | M] () (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rp33vbra.default\extensions\toolbar_AVIRA-V7@apn.ask.com.xpi
O2 - BHO: (Search Assistant BHO) - {0631bff0-6846-48ca-982d-d62d7f376e97} - C:\Program Files\DailyBibleGuide\bar\1.bin\2vSrcAs.dll (MindSpark)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" File not found
O2 - BHO: (Toolbar BHO) - {beea7fa9-d1f4-49a2-9b1f-6fb7a2d9bc2a} - C:\Program Files\DailyBibleGuide\bar\1.bin\2vbar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (DailyBibleGuide) - {2a942ab7-2073-49bc-a7e1-77e93835889a} - C:\Program Files\DailyBibleGuide\bar\1.bin\2vbar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" File not found
O3 - HKU\S-1-5-21-1343024091-963894560-725345543-1003\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" File not found
O4 - HKLM..\Run: []  File not found
O8 - Extra context menu item: &Search - http://tbedits.dailybibleguide.com/one-toolbaredits/menusearch.jhtml?s=100000422&p=XMxdm145YYus&si=GBYFB&a=8E6D9863-F19E-4B49-A9F7-452CD138FDCA&n=2013062918&cv=2 File not found
[2013/06/29 07:29:50 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
[2013/06/29 07:29:48 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013/06/29 07:29:42 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"AhnlabAntiVirus"=-
"ComputerAssociatesAntiVirus"=-
"KasperskyAntiVirus"=-
"McAfeeAntiVirus"=-
"McAfeeFirewall"=-
"PandaAntiVirus"=-
"PandaFirewall"=-
"SophosAntiVirus"=-
"SymantecAntiVirus"=-
"SymantecFirewall"=-
"TinyFirewall"=-
"TrendAntiVirus"=-
"TrendFirewall"=-
"ZoneLabsFirewall"=-

:Commands
[EMPTYTEMP]
[Reboot]

• Then click the Run Fix button at the top.
  
• Let the program run unhindered and reboot the PC when it is done.
  
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

After posting the resulting log, please Rescan with OTL as follows:  Open OTL again and click the Quick Scan button. Post the new log it produces, OTL.txt, in your next reply.

[Ghost]

hi Corrine;-)
here are the logs you requested.

after run fix:
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1343024091-963894560-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{f15ff29f-85a1-43cd-9674-e5ba40016c97} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f15ff29f-85a1-43cd-9674-e5ba40016c97}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{f15ff29f-85a1-43cd-9674-e5ba40016c97}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@DailyBibleGuide.com/Plugin\ deleted successfully.
C:\Program Files\DailyBibleGuide\bar\1.bin\NP2vStub.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\2vffxtbr@DailyBibleGuide.com deleted successfully.
File C:\Program Files\DailyBibleGuide\bar\1.bin [2013/08/04 16:44:15 | 000,000,000 | ---D | M not found.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rp33vbra.default\extensions\toolbar@shopathome.com\META-INF folder moved successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rp33vbra.default\extensions\toolbar@shopathome.com\defaults\preferences folder moved successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rp33vbra.default\extensions\toolbar@shopathome.com\defaults folder moved successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rp33vbra.default\extensions\toolbar@shopathome.com\chrome\skin folder moved successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rp33vbra.default\extensions\toolbar@shopathome.com\chrome\locale\en-US folder moved successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rp33vbra.default\extensions\toolbar@shopathome.com\chrome\locale folder moved successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rp33vbra.default\extensions\toolbar@shopathome.com\chrome\content folder moved successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rp33vbra.default\extensions\toolbar@shopathome.com\chrome folder moved successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rp33vbra.default\extensions\toolbar@shopathome.com folder moved successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rp33vbra.default\extensions\toolbar_AVIRA-V7@apn.ask.com.xpi moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0631bff0-6846-48ca-982d-d62d7f376e97}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0631bff0-6846-48ca-982d-d62d7f376e97}\ deleted successfully.
C:\Program Files\DailyBibleGuide\bar\1.bin\2vSrcAs.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{beea7fa9-d1f4-49a2-9b1f-6fb7a2d9bc2a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{beea7fa9-d1f4-49a2-9b1f-6fb7a2d9bc2a}\ deleted successfully.
C:\Program Files\DailyBibleGuide\bar\1.bin\2vbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2a942ab7-2073-49bc-a7e1-77e93835889a} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a942ab7-2073-49bc-a7e1-77e93835889a}\ deleted successfully.
File C:\Program Files\DailyBibleGuide\bar\1.bin\2vbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{41564952-412D-5637-00A7-7A786E7484D7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}\ not found.
Registry value HKEY_USERS\S-1-5-21-1343024091-963894560-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{41564952-412D-5637-00A7-7A786E7484D7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ deleted successfully.
C:\WINDOWS\system32\drivers\aswVmm.sys.sum moved successfully.
C:\WINDOWS\system32\drivers\aswSnx.sys.sum moved successfully.
C:\WINDOWS\system32\drivers\aswSP.sys.sum moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\AhnlabAntiVirus not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\ComputerAssociatesAntiVirus not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\KasperskyAntiVirus not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\McAfeeAntiVirus not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\McAfeeFirewall not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\PandaAntiVirus not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\PandaFirewall not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\SophosAntiVirus not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\SymantecAntiVirus not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\SymantecFirewall not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\TinyFirewall not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\TrendAntiVirus not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\TrendFirewall not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\ZoneLabsFirewall not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 98371 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 17202818 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 291 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19851 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 17.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08052013_165957

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\HPSLPSVC0001.log not found!
C:\WINDOWS\temp\Perflib_Perfdata_310.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL logfile created on: 8/5/2013 5:06:41 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.36 Mb Total Physical Memory | 562.58 Mb Available Physical Memory | 55.41% Memory free
1.64 Gb Paging File | 1.23 Gb Available in Paging File | 75.01% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 20.08 Gb Free Space | 53.89% Space Free | Partition Type: NTFS

Computer Name: 1LWHQ71-B7B7DDF | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/04 00:35:53 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013/08/04 00:34:08 | 000,076,856 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013/08/04 00:33:49 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/08/04 00:33:46 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/08/03 15:21:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2013/07/02 07:37:00 | 002,938,408 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe
PRC - [2013/05/23 08:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/05/08 04:48:08 | 005,271,040 | ---- | M] (Joyent, Inc) -- C:\Program Files\ATT\8.3.0.34\ma\bin\node.exe
PRC - [2013/05/08 04:48:08 | 000,321,024 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\ATT\8.3.0.34\ma\bin\MAHostService.exe
PRC - [2013/03/02 12:23:26 | 000,369,152 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\pcCMService.exe
PRC - [2008/04/13 12:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/04 00:36:04 | 000,394,824 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2013/03/06 13:26:54 | 000,241,152 | ---- | M] () -- C:\Program Files\ATT\8.3.0.34\ma\node_modules\motive-activex-wrapper\build\Release\NodeActiveXWrapper.node
MOD - [2013/03/06 13:26:36 | 000,264,704 | ---- | M] () -- C:\Program Files\ATT\8.3.0.34\ma\node_modules\motive-osbridge\build\Release\MotiveOSBridgeNodeModule.node
MOD - [2013/03/06 13:26:20 | 000,233,984 | ---- | M] () -- C:\Program Files\ATT\8.3.0.34\ma\node_modules\motive-xmpps\build\Release\MotiveXMPPSNode.node
MOD - [2012/07/12 11:37:54 | 001,380,864 | ---- | M] () -- C:\Program Files\ATT\8.3.0.34\ma\node_modules\libxmljs\build\Release\libxmljs.node
MOD - [2012/06/26 08:40:04 | 000,068,096 | ---- | M] () -- C:\Program Files\ATT\8.3.0.34\ma\node_modules\dnode\node_modules\weak\build\Release\weakref.node
MOD - [2011/11/01 17:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 17:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2006/11/01 16:48:02 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2003/08/02 23:20:57 | 000,126,976 | R--- | M] () -- C:\Program Files\SpywareGuard\spywareguard.dll


========== Services (SafeList) ==========

SRV - [2013/08/04 00:35:53 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/08/04 00:34:13 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2013/08/04 00:33:49 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/07/07 06:39:44 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/02 07:37:00 | 002,938,408 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2013/06/30 07:55:41 | 000,182,184 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/06/25 19:15:24 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/23 08:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/05/08 04:48:08 | 000,321,024 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\ATT\8.3.0.34\ma\bin\MAHostService.exe -- (ATT MAHostService)
SRV - [2013/03/02 12:23:26 | 000,369,152 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService)
SRV - [2012/07/15 03:36:12 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Stopped] -- C:\Program Files\DailyBibleGuide\bar\1.bin\2vbarsvc.exe -- (DailyBibleGuideService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\UIUSys.sys -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (MREMPR5)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/08/04 00:36:40 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/08/04 00:36:40 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013/08/04 00:36:40 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013/08/04 00:36:40 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2013/07/02 07:36:44 | 000,050,208 | ---- | M] (Emsisoft GmbH) [Kernel | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys -- (cleanhlp)
DRV - [2013/03/28 19:03:02 | 000,022,056 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)
DRV - [2012/04/30 18:45:28 | 000,054,072 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2011/07/22 04:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 09:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/02 08:09:42 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/02/02 08:09:42 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2006/10/12 19:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/05/10 15:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/04/06 15:49:00 | 000,088,192 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2005/05/03 15:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 11:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2001/08/17 08:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1343024091-963894560-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1343024091-963894560-725345543-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1343024091-963894560-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1343024091-963894560-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1343024091-963894560-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1343024091-963894560-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\ATT\8.3.0.34\ma\bin\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@Motive.com/npMotiveRequest,version=1.0: C:\Program Files\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\User\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/01/29 05:20:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/07/07 06:38:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/04 11:53:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/01/29 05:20:11 | 000,000,000 | ---D | M]

[2012/01/27 15:22:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2013/08/05 17:00:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rp33vbra.default\extensions
[2012/02/03 06:04:43 | 000,000,000 | ---D | M] (Searchcore Toolbar) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rp33vbra.default\extensions\{af6ac4f2-9825-4fb6-a600-92bc5361f209}
[2013/01/31 14:31:27 | 000,134,683 | ---- | M] () (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rp33vbra.default\extensions\xbjidatbto@xaxaooapszwybbb.jo.xpi
[2013/08/04 11:46:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/07/07 06:39:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/07/07 06:38:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/07 06:39:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome  ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: First user (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Error reading preferences file
CHR - Extension: YouTube = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: YouTube = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google Search = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2004/08/04 00:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1343024091-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1343024091-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1375186667109 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E32E556-3A8F-4E98-8D02-A0912C7E236F}: DhcpNameServer = 10.10.10.1 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3F4AC5D-0657-4602-99F0-4567BC63CE49}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/18 10:00:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/05 16:59:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/05 16:55:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2013/08/04 20:09:09 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareGuard
[2013/08/04 20:09:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareGuard
[2013/08/04 13:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/08/04 12:24:00 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\User\Desktop\dds.scr
[2013/08/04 11:52:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/08/04 11:44:16 | 000,561,889 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\User\Desktop\JRT.exe
[2013/08/04 01:11:04 | 001,893,504 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\User\Desktop\rkill.com
[2013/08/04 00:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Avira
[2013/08/04 00:38:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2013/08/04 00:38:10 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2013/08/04 00:38:05 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013/08/04 00:38:05 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013/08/04 00:38:05 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2013/08/04 00:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013/08/04 00:38:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2013/08/04 00:01:17 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2013/08/03 23:20:07 | 000,000,000 | ---D | C] -- C:\Program Files\InstallShield Installation Information
[2013/08/03 23:19:44 | 000,088,192 | ---- | C] (Texas Instruments) -- C:\WINDOWS\System32\drivers\gtipci21.sys
[2013/08/03 23:19:44 | 000,028,672 | ---- | C] (Gemplus) -- C:\WINDOWS\cttib1.dll
[2013/08/03 23:19:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\tiinst
[2013/08/03 23:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2013/08/03 21:11:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Emsisoft Anti-Malware
[2013/08/03 21:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2013/08/03 21:11:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Anti-Malware
[2013/08/03 20:57:23 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/08/03 20:50:54 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/08/03 20:41:07 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/08/03 20:32:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/08/03 20:32:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/08/03 20:32:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/08/03 20:32:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/08/03 20:31:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/03 20:31:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/08/03 20:28:25 | 005,097,312 | R--- | C] (Swearware) -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2013/08/03 15:21:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2013/08/03 13:00:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft Antimalware
[2013/08/01 05:52:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2013/08/01 05:52:03 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/08/01 02:43:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
[2013/08/01 02:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2013/07/31 23:13:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\My Documents\My Videos
[2013/07/31 23:13:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Administrative Tools
[2013/07/31 01:54:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Revo Uninstaller
[2013/07/31 01:54:13 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/07/30 00:49:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2013/07/30 00:48:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/30 00:48:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/07/30 00:48:11 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/07/30 00:48:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/07/29 02:44:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013/07/29 02:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2013/07/29 02:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2013/07/29 00:47:01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\User\IECompatCache
[2013/07/07 06:38:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2013/08/05 17:05:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/08/05 17:02:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/08/04 20:09:09 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\SpywareGuard.lnk
[2013/08/04 12:29:28 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/08/04 12:24:00 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\User\Desktop\dds.scr
[2013/08/04 11:44:17 | 000,561,889 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\User\Desktop\JRT.exe
[2013/08/04 11:33:51 | 000,666,633 | ---- | M] () -- C:\Documents and Settings\User\Desktop\adwcleaner.exe
[2013/08/04 01:11:09 | 001,893,504 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\User\Desktop\rkill.com
[2013/08/04 00:36:40 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013/08/04 00:36:40 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013/08/04 00:36:40 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2013/08/04 00:36:40 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2013/08/04 00:25:56 | 002,092,792 | ---- | M] () -- C:\Documents and Settings\User\Desktop\avira_free_antivirus.exe
[2013/08/04 00:05:21 | 000,891,098 | ---- | M] () -- C:\Documents and Settings\User\Desktop\SecurityCheck(1).exe
[2013/08/03 21:11:52 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2013/08/03 21:11:52 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Emsisoft Anti-Malware.lnk
[2013/08/03 20:34:13 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2013/08/03 20:28:41 | 005,097,312 | R--- | M] (Swearware) -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2013/08/03 18:53:23 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/03 16:51:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/03 16:09:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/08/03 15:21:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2013/08/03 01:53:41 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/08/01 05:52:15 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/07/31 02:01:12 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/07/31 01:54:14 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Revo Uninstaller.lnk
[2013/07/30 03:06:44 | 002,240,512 | ---- | M] () -- C:\Documents and Settings\User\s-1-5-21-1343024091-963894560-725345543-1003.rrr
[2013/07/30 00:52:27 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/30 00:32:09 | 000,442,140 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/07/30 00:32:09 | 000,071,910 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/07/12 01:32:01 | 000,238,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/07/10 20:50:04 | 001,858,464 | ---- | M] (Coupons.com Incorporated) -- C:\Documents and Settings\User\Desktop\couponprinter.exe

========== Files Created - No Company Name ==========

[2013/08/04 20:09:09 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\SpywareGuard.lnk
[2013/08/04 20:08:17 | 000,935,026 | ---- | C] () -- C:\Documents and Settings\User\Desktop\spywareguardsetupmin.exe
[2013/08/04 11:33:50 | 000,666,633 | ---- | C] () -- C:\Documents and Settings\User\Desktop\adwcleaner.exe
[2013/08/04 00:25:55 | 002,092,792 | ---- | C] () -- C:\Documents and Settings\User\Desktop\avira_free_antivirus.exe
[2013/08/04 00:05:19 | 000,891,098 | ---- | C] () -- C:\Documents and Settings\User\Desktop\SecurityCheck(1).exe
[2013/08/03 23:19:44 | 000,017,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\tiscfw.deb
[2013/08/03 21:11:52 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2013/08/03 21:11:52 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Emsisoft Anti-Malware.lnk
[2013/08/03 20:41:16 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/08/03 20:41:12 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/08/03 20:32:20 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/08/03 20:32:20 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/08/03 20:32:20 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/08/03 20:32:20 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/08/03 20:32:20 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/08/01 05:52:15 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/07/31 01:54:14 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Revo Uninstaller.lnk
[2013/07/30 03:06:43 | 002,240,512 | ---- | C] () -- C:\Documents and Settings\User\s-1-5-21-1343024091-963894560-725345543-1003.rrr
[2013/07/30 00:48:22 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/29 01:51:32 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Internet Explorer (2).lnk
[2012/02/14 13:20:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/13 03:12:54 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/03 06:04:16 | 000,002,612 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\repository.xml
[2012/01/29 05:09:56 | 000,208,377 | ---- | C] () -- C:\WINDOWS\hpoins41.dat
[2012/01/29 05:09:56 | 000,001,112 | ---- | C] () -- C:\WINDOWS\hpomdl41.dat
[2012/01/25 15:07:35 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2012/01/25 15:07:30 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2012/01/25 15:07:29 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2012/01/18 10:04:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/01/18 09:56:41 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/01/18 01:25:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/01/18 01:24:36 | 000,238,352 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2012/01/25 15:03:14 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011/11/01 08:35:20 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 00:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 12:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/06/25 19:30:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/08/03 22:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/01/21 10:29:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2013/01/11 16:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2012/02/11 02:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/07/15 06:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DailyBibleGuide
[2012/01/18 13:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MSNInstaller
[2012/02/03 14:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\searchcoreband
[2012/02/03 14:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\searchcoretoolbar
[2012/01/30 01:48:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Unity
[2013/01/11 16:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\WindSolutions

========== Purity Check ==========



< End of report >

and

OTL logfile created on: 8/5/2013 5:13:31 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.36 Mb Total Physical Memory | 633.09 Mb Available Physical Memory | 62.35% Memory free
1.64 Gb Paging File | 1.23 Gb Available in Paging File | 74.96% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 20.08 Gb Free Space | 53.89% Space Free | Partition Type: NTFS

Computer Name: 1LWHQ71-B7B7DDF | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/04 00:35:53 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013/08/04 00:34:08 | 000,076,856 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013/08/04 00:33:49 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/08/04 00:33:46 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/08/03 15:21:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2013/07/02 07:37:00 | 002,938,408 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe
PRC - [2013/05/23 08:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/05/08 04:48:08 | 005,271,040 | ---- | M] (Joyent, Inc) -- C:\Program Files\ATT\8.3.0.34\ma\bin\node.exe
PRC - [2013/05/08 04:48:08 | 000,321,024 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\ATT\8.3.0.34\ma\bin\MAHostService.exe
PRC - [2013/03/02 12:23:26 | 000,369,152 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\pcCMService.exe
PRC - [2008/04/13 12:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/04 00:36:04 | 000,394,824 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2013/03/06 13:26:54 | 000,241,152 | ---- | M] () -- C:\Program Files\ATT\8.3.0.34\ma\node_modules\motive-activex-wrapper\build\Release\NodeActiveXWrapper.node
MOD - [2013/03/06 13:26:36 | 000,264,704 | ---- | M] () -- C:\Program Files\ATT\8.3.0.34\ma\node_modules\motive-osbridge\build\Release\MotiveOSBridgeNodeModule.node
MOD - [2013/03/06 13:26:20 | 000,233,984 | ---- | M] () -- C:\Program Files\ATT\8.3.0.34\ma\node_modules\motive-xmpps\build\Release\MotiveXMPPSNode.node
MOD - [2012/07/12 11:37:54 | 001,380,864 | ---- | M] () -- C:\Program Files\ATT\8.3.0.34\ma\node_modules\libxmljs\build\Release\libxmljs.node
MOD - [2012/06/26 08:40:04 | 000,068,096 | ---- | M] () -- C:\Program Files\ATT\8.3.0.34\ma\node_modules\dnode\node_modules\weak\build\Release\weakref.node
MOD - [2011/11/01 17:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 17:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2006/11/01 16:48:02 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2003/08/02 23:20:57 | 000,126,976 | R--- | M] () -- C:\Program Files\SpywareGuard\spywareguard.dll


========== Services (SafeList) ==========

SRV - [2013/08/04 00:35:53 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/08/04 00:34:13 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2013/08/04 00:33:49 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/07/07 06:39:44 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/02 07:37:00 | 002,938,408 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2013/06/30 07:55:41 | 000,182,184 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/06/25 19:15:24 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/23 08:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/05/08 04:48:08 | 000,321,024 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\ATT\8.3.0.34\ma\bin\MAHostService.exe -- (ATT MAHostService)
SRV - [2013/03/02 12:23:26 | 000,369,152 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService)
SRV - [2012/07/15 03:36:12 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Stopped] -- C:\Program Files\DailyBibleGuide\bar\1.bin\2vbarsvc.exe -- (DailyBibleGuideService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\UIUSys.sys -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (MREMPR5)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/08/04 00:36:40 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/08/04 00:36:40 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013/08/04 00:36:40 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013/08/04 00:36:40 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2013/07/02 07:36:44 | 000,050,208 | ---- | M] (Emsisoft GmbH) [Kernel | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys -- (cleanhlp)
DRV - [2013/03/28 19:03:02 | 000,022,056 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)
DRV - [2012/04/30 18:45:28 | 000,054,072 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2011/07/22 04:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 09:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/02 08:09:42 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/02/02 08:09:42 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2006/10/12 19:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/05/10 15:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/04/06 15:49:00 | 000,088,192 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2005/05/03 15:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 11:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2001/08/17 08:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1343024091-963894560-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1343024091-963894560-725345543-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1343024091-963894560-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1343024091-963894560-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1343024091-963894560-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1343024091-963894560-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\ATT\8.3.0.34\ma\bin\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@Motive.com/npMotiveRequest,version=1.0: C:\Program Files\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\User\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/01/29 05:20:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/07/07 06:38:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/04 11:53:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/01/29 05:20:11 | 000,000,000 | ---D | M]

[2012/01/27 15:22:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2013/08/05 17:00:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rp33vbra.default\extensions
[2012/02/03 06:04:43 | 000,000,000 | ---D | M] (Searchcore Toolbar) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rp33vbra.default\extensions\{af6ac4f2-9825-4fb6-a600-92bc5361f209}
[2013/01/31 14:31:27 | 000,134,683 | ---- | M] () (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\rp33vbra.default\extensions\xbjidatbto@xaxaooapszwybbb.jo.xpi
[2013/08/04 11:46:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/07/07 06:39:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/07/07 06:38:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/07 06:39:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome  ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: First user (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Wi

[Ghost]

CHR - plugin: Error reading preferences file
CHR - Extension: YouTube = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: YouTube = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google Search = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2004/08/04 00:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1343024091-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1343024091-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1375186667109 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E32E556-3A8F-4E98-8D02-A0912C7E236F}: DhcpNameServer = 10.10.10.1 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3F4AC5D-0657-4602-99F0-4567BC63CE49}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/18 10:00:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/05 16:59:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/05 16:55:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2013/08/04 20:09:09 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareGuard
[2013/08/04 20:09:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareGuard
[2013/08/04 13:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/08/04 12:24:00 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\User\Desktop\dds.scr
[2013/08/04 11:52:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/08/04 11:44:16 | 000,561,889 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\User\Desktop\JRT.exe
[2013/08/04 01:11:04 | 001,893,504 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\User\Desktop\rkill.com
[2013/08/04 00:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Avira
[2013/08/04 00:38:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2013/08/04 00:38:10 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2013/08/04 00:38:05 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013/08/04 00:38:05 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013/08/04 00:38:05 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2013/08/04 00:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013/08/04 00:38:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2013/08/04 00:01:17 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2013/08/03 23:20:07 | 000,000,000 | ---D | C] -- C:\Program Files\InstallShield Installation Information
[2013/08/03 23:19:44 | 000,088,192 | ---- | C] (Texas Instruments) -- C:\WINDOWS\System32\drivers\gtipci21.sys
[2013/08/03 23:19:44 | 000,028,672 | ---- | C] (Gemplus) -- C:\WINDOWS\cttib1.dll
[2013/08/03 23:19:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\tiinst
[2013/08/03 23:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2013/08/03 21:11:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Emsisoft Anti-Malware
[2013/08/03 21:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2013/08/03 21:11:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Anti-Malware
[2013/08/03 20:57:23 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/08/03 20:50:54 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/08/03 20:41:07 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/08/03 20:32:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/08/03 20:32:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/08/03 20:32:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/08/03 20:32:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/08/03 20:31:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/03 20:31:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/08/03 20:28:25 | 005,097,312 | R--- | C] (Swearware) -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2013/08/03 15:21:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2013/08/03 13:00:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft Antimalware
[2013/08/01 05:52:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2013/08/01 05:52:03 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/08/01 02:43:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
[2013/08/01 02:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2013/07/31 23:13:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\My Documents\My Videos
[2013/07/31 23:13:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Administrative Tools
[2013/07/31 01:54:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Revo Uninstaller
[2013/07/31 01:54:13 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/07/30 00:49:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2013/07/30 00:48:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/30 00:48:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/07/30 00:48:11 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/07/30 00:48:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/07/29 02:44:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013/07/29 02:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2013/07/29 02:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2013/07/29 00:47:01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\User\IECompatCache
[2013/07/07 06:38:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2013/08/05 17:05:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/08/05 17:02:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/08/04 20:09:09 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\SpywareGuard.lnk
[2013/08/04 12:29:28 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/08/04 12:24:00 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\User\Desktop\dds.scr
[2013/08/04 11:44:17 | 000,561,889 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\User\Desktop\JRT.exe
[2013/08/04 11:33:51 | 000,666,633 | ---- | M] () -- C:\Documents and Settings\User\Desktop\adwcleaner.exe
[2013/08/04 01:11:09 | 001,893,504 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\User\Desktop\rkill.com
[2013/08/04 00:36:40 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013/08/04 00:36:40 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013/08/04 00:36:40 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2013/08/04 00:36:40 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2013/08/04 00:25:56 | 002,092,792 | ---- | M] () -- C:\Documents and Settings\User\Desktop\avira_free_antivirus.exe
[2013/08/04 00:05:21 | 000,891,098 | ---- | M] () -- C:\Documents and Settings\User\Desktop\SecurityCheck(1).exe
[2013/08/03 21:11:52 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2013/08/03 21:11:52 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Emsisoft Anti-Malware.lnk
[2013/08/03 20:34:13 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2013/08/03 20:28:41 | 005,097,312 | R--- | M] (Swearware) -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2013/08/03 18:53:23 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/03 16:51:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/03 16:09:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/08/03 15:21:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2013/08/03 01:53:41 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/08/01 05:52:15 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/07/31 02:01:12 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/07/31 01:54:14 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Revo Uninstaller.lnk
[2013/07/30 03:06:44 | 002,240,512 | ---- | M] () -- C:\Documents and Settings\User\s-1-5-21-1343024091-963894560-725345543-1003.rrr
[2013/07/30 00:52:27 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/30 00:32:09 | 000,442,140 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/07/30 00:32:09 | 000,071,910 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/07/12 01:32:01 | 000,238,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/07/10 20:50:04 | 001,858,464 | ---- | M] (Coupons.com Incorporated) -- C:\Documents and Settings\User\Desktop\couponprinter.exe

========== Files Created - No Company Name ==========

[2013/08/04 20:09:09 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\SpywareGuard.lnk
[2013/08/04 20:08:17 | 000,935,026 | ---- | C] () -- C:\Documents and Settings\User\Desktop\spywareguardsetupmin.exe
[2013/08/04 11:33:50 | 000,666,633 | ---- | C] () -- C:\Documents and Settings\User\Desktop\adwcleaner.exe
[2013/08/04 00:25:55 | 002,092,792 | ---- | C] () -- C:\Documents and Settings\User\Desktop\avira_free_antivirus.exe
[2013/08/04 00:05:19 | 000,891,098 | ---- | C] () -- C:\Documents and Settings\User\Desktop\SecurityCheck(1).exe
[2013/08/03 23:19:44 | 000,017,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\tiscfw.deb
[2013/08/03 21:11:52 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2013/08/03 21:11:52 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Emsisoft Anti-Malware.lnk
[2013/08/03 20:41:16 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/08/03 20:41:12 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/08/03 20:32:20 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/08/03 20:32:20 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/08/03 20:32:20 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/08/03 20:32:20 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/08/03 20:32:20 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/08/01 05:52:15 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/07/31 01:54:14 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Revo Uninstaller.lnk
[2013/07/30 03:06:43 | 002,240,512 | ---- | C] () -- C:\Documents and Settings\User\s-1-5-21-1343024091-963894560-725345543-1003.rrr
[2013/07/30 00:48:22 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/29 01:51:32 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Internet Explorer (2).lnk
[2012/02/14 13:20:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/13 03:12:54 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/03 06:04:16 | 000,002,612 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\repository.xml
[2012/01/29 05:09:56 | 000,208,377 | ---- | C] () -- C:\WINDOWS\hpoins41.dat
[2012/01/29 05:09:56 | 000,001,112 | ---- | C] () -- C:\WINDOWS\hpomdl41.dat
[2012/01/25 15:07:35 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2012/01/25 15:07:30 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2012/01/25 15:07:29 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2012/01/18 10:04:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/01/18 09:56:41 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/01/18 01:25:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/01/18 01:24:36 | 000,238,352 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2012/01/25 15:03:14 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011/11/01 08:35:20 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 00:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 12:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/06/25 19:30:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/08/03 22:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/01/21 10:29:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2013/01/11 16:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2012/02/11 02:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/07/15 06:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DailyBibleGuide
[2012/01/18 13:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MSNInstaller
[2012/02/03 14:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\searchcoreband
[2012/02/03 14:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\searchcoretoolbar
[2012/01/30 01:48:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Unity
[2013/01/11 16:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\WindSolutions

========== Purity Check ==========



< End of report >
thanks,
ghost

[Corrine]

Nice work, Ghost.  Your persistence has paid off.

If you haven't yet, please update Adobe Reader.  The current version installed is out of date. 

Please do the following to uninstall AdwCleaner.

•   Double-click AdwCleaner.exe to run the tool.
  
•   Click Uninstall
  
•   Confirm with yes

Finally, OTL CleanUp will handle the remaining programs.

• Double-click OTL.exe to run it.  (Windows Vista and Windows 7 users: Right-click on OTL.exe select "Run As Administrator" to run it.  If prompted by UAC, please allow it.)
  
• Press the CleanUp button.
  
• When done, you will be prompted to reboot your system to finish file removal... please select OK to reboot your computer.

If you did not reboot your computer normally, please do so now, before continuing.

If OTL left any of the tools we used behind, please delete them from the desktop. 

You might want to refer your sister-in-law to the Safe Computing Practices and other recommendations in this updated copy of "So how did I get infected in the first place?".

[Ghost]

hi Corrine;-)

Your persistence has paid off.

our persistence has paid off;-)
everything is cleaned up from the desktop.

You might want to refer your sister-in-law to the Safe Computing Practices and other recommendations in this updated copy of "So how did I get infected in the first place?".

oh you bet i will!!!
thanks again Corrine :rose: and a shout out to DonnaB :hallo: too;-))
the laptop is running better;-).
Ghost

[DonnaB]

You're welcome Ghost. I'm glad the computer is running much better.

Like Corrine, I am totally baffled that DDS will not complete a full scan. Very strange indeed!  :shocked:

[anna1362]

Corrine and DonnaB: Thank you very much for all you did in assisting Ghost with repairing my LapTop. I am so greatful to you both. Oh, I did get my bootie chewed (to put it nicely) by my Brother Inlaw. :-) And I did read (three times!) "How did I get infected"! Hopefully I have learned from this experience. Thank you again. Anna1362 :rose: :goodie:

[Corrine]

You're welcome, Anna.  Wishing you the very best during your time in Arizona.   :flowers: