speedinc
2014-11-19, 09:03
Hi guys:
I had to uninstall and reinstall my browser because it was opening too slow. I believe it was hijacked by malware.
I use FIREFOX when going to the web. Here are my logs:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-11-2014
Ran by Dad (administrator) on YOUR-4DACD0EA75 on 18-11-2014 19:47:24
Running from C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Downloads
Loaded Profiles: MOM & Dad & UpdatusUser (Available profiles: Compaq_Administrator & MOM & lexie & Dad & UpdatusUser & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Affinegy, Inc.) C:\Program Files\Time Warner Cable\TWC WiFi\AffinegyService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft) C:\WINDOWS\arservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
(AVAYA Communication) C:\Program Files\Avaya\Avaya one-X Communicator\QosServM.exe
(SiSoftware) C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\RpcAgentSrv.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\snmp.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Recguard] => C:\WINDOWS\SMINST\RECGUARD.EXE [237568 2005-07-22] ()
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-28] (InstallShield Software Corporation)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-07-28] (InstallShield Software Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [202256 2010-05-31] (RealNetworks, Inc.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20065384 2011-12-05] (Realtek Semiconductor Corp.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [DigiDo] => C:\Program Files\Time Warner Cable\TWC WiFi\TrayApp.exe [1158480 2013-02-27] (Affinegy, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [DelaypluginInstall] => C:\Documents and Settings\All Users\Application Data\Wondershare\Video Converter Ultimate\DelayPluginI.exe
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjgwMTEyNTY3LVQxMy1VODUrMS1CQSsxLVhMKzEtRlA5KzYtVEI5KzItRkwrO (the data entry has 93 more characters).
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\...\Run: [Media Finder] => "C:\Program Files\Media Finder\MF.exe" /opentotray
HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\...\MountPoints2: D - D:\LaunchU3.exe -a
HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\...\MountPoints2: {3b84fb0d-04c3-11dd-90a4-0018f341744e} - D:\LaunchU3.exe -a
HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\...\MountPoints2: {3b84fb0e-04c3-11dd-90a4-0018f341744e} - H:\setupSNK.exe
HKU\S-1-5-21-2250449246-3165194149-3948157566-1016\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-2250449246-3165194149-3948157566-1016\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4825880 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-2250449246-3165194149-3948157566-1017\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
Startup: C:\Documents and Settings\DAD\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (No File)
Startup: C:\Documents and Settings\DAD\Start Menu\Programs\Startup\PinMcLnk.lnk
ShortcutTarget: PinMcLnk.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk
ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk
ShortcutTarget: PinMcLnk.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\lexie\Start Menu\Programs\Startup\PinMcLnk.lnk
ShortcutTarget: PinMcLnk.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\MOM\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3510 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3510 series.lnk -> C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\MOM\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\MOM\Start Menu\Programs\Startup\PinMcLnk.lnk
ShortcutTarget: PinMcLnk.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\UpdatusUser\Start Menu\Programs\Startup\Pin.lnk
ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\UpdatusUser\Start Menu\Programs\Startup\PinMcLnk.lnk
ShortcutTarget: PinMcLnk.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
HKU\S-1-5-21-2250449246-3165194149-3948157566-1016\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-2250449246-3165194149-3948157566-1016\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2250449246-3165194149-3948157566-1016\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
HKU\S-1-5-21-2250449246-3165194149-3948157566-1016\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2250449246-3165194149-3948157566-1016\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF6E8DB774803D001
HKU\S-1-5-21-2250449246-3165194149-3948157566-1016\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKU\S-1-5-21-2250449246-3165194149-3948157566-1017\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
HKU\S-1-5-21-2250449246-3165194149-3948157566-1017\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
HKU\S-1-5-21-2250449246-3165194149-3948157566-1017\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
HKU\S-1-5-21-2250449246-3165194149-3948157566-1017\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
HKU\S-1-5-21-2250449246-3165194149-3948157566-1017\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.google.com" <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\.DEFAULT -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={4798F553-7C93-4DCC-BBC6-D3B781E18F93}&mid=5ce3a7b7122419458ab8edb14ebe45e0-20956b97e42a87a2206895cb73fb0ddfe8cc8e67&lang=en&ds=oc011&pr=sa&d=2013-05-04 22:49:17&v=15.4.0.5&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2250449246-3165194149-3948157566-1009 -> {997E830F-B711-4BBB-BE50-C5BC9B3FE989} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016 -> {47130832-F17F-4B95-A626-D153584228DC} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016 -> {9B97950D-482C-1D79-568F-FC7B9D40C785} URL = http://www.bing.com/search?q={searchTerms}&pc=Z192&form=ZGAIDF&install_date=20111126&iesrc={referrer:source}
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: hpWebHelper Class -> {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} -> C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (Hewlett-Packard)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2250449246-3165194149-3948157566-1009 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.com/books/_Players/MathPlayer.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=928
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
Handler: WSWSVCUchrome - No CLSID Value -
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\01d9hu9p.default-1403971675187
FF Homepage: https://www.google.com/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.732 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.732 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=1.0.0.0 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.732 -> c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2250449246-3165194149-3948157566-1016: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: LavaFox V2-Blue - C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\01d9hu9p.default-1403971675187\Extensions\djziggy@gmail.com [2014-11-16]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-11-10]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-11-10]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-12]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010-05-31]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [aacbndibbcpajfgnkdkaakeiojmmgmnk] - C:\Documents and Settings\MOM\Application Data\Media Finder\Extensions\mf_plugin_gc.crx []
CHR HKLM\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files\Coupons.com CouponBar\chrome\Coupons.com.crx []
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2010-05-31]
CHR HKLM\...\Chrome\Extension: [jpihmmhdcobmllpcnpfbhnipmhamldje] - C:\Documents and Settings\MOM\Application Data\Media Finder\Extensions\gencrawler_gc.crx [2010-05-31]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
R2 AffinegyService; C:\Program Files\Time Warner Cable\TWC WiFi\AffinegyService.exe [592720 2013-02-27] (Affinegy, Inc.)
R2 ARSVC; C:\WINDOWS\arservice.exe [58880 2005-08-03] (Microsoft)
S4 GameConsoleService; C:\Program Files\WildTangent\Apps\My HP Game Console\GameConsoleService.exe [238328 2009-11-13] (WildTangent, Inc.)
R2 iClarityQoSService; C:\Program Files\Avaya\Avaya one-X Communicator\QosServM.exe [233472 2009-03-12] (AVAYA Communication) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [49152 2006-06-21] (Hewlett-Packard Company) [File not signed]
S4 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
S3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [114288 2014-11-13] (Mozilla Foundation) [File not signed]
R2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2253120 2011-10-07] (NVIDIA Corporation)
R2 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\RpcAgentSrv.exe [98488 2008-04-10] (SiSoftware)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AFGSp50; C:\WINDOWS\System32\Drivers\AFGSp50.sys [27072 2010-06-22] (Printing Communications Assoc., Inc. (PCAUSA))
S1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36352 2005-03-09] (Advanced Micro Devices) [File not signed]
S3 aracpi; C:\WINDOWS\System32\DRIVERS\aracpi.sys [22784 2005-08-03] (Microsoft Corporation)
R3 arhidfltr; C:\WINDOWS\System32\DRIVERS\arhidfltr.sys [19200 2005-08-03] (Microsoft Corporation)
R3 arkbcfltr; C:\WINDOWS\System32\DRIVERS\arkbcfltr.sys [5376 2005-08-03] (Microsoft Corporation)
R3 armoucfltr; C:\WINDOWS\System32\DRIVERS\armoucfltr.sys [4992 2005-08-03] (Microsoft Corporation)
R3 ARPolicy; C:\WINDOWS\System32\DRIVERS\arpolicy.sys [10112 2005-08-03] (Microsoft Corporation)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-08-15] (AVG Technologies)
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2008-02-27] () [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 GTNDIS5; C:\WINDOWS\system32\GTNDIS5.SYS [15872 2003-09-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 HSXHWBS2; C:\WINDOWS\System32\DRIVERS\HSXHWBS2.sys [241664 2005-12-06] (Conexant Systems, Inc.) [File not signed]
R3 HSX_DP; C:\WINDOWS\System32\DRIVERS\HSX_DP.sys [936448 2005-12-06] (Conexant Systems, Inc.) [File not signed]
S3 LCcfltr; C:\WINDOWS\System32\Drivers\LCcFltr.Sys [14095 2004-03-03] (Logitech, Inc.) [File not signed]
R2 mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [12544 2005-10-05] (Conexant) [File not signed]
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [70912 2010-03-04] (NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [168040 2010-04-09] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13824 2010-03-04] (NVIDIA Corporation)
S3 PalmUSBD; C:\WINDOWS\System32\drivers\PalmUSBD.sys [16694 2009-02-02] (PalmSource, Inc.)
R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.) [File not signed]
R3 RT61; C:\WINDOWS\System32\DRIVERS\RT61.sys [356096 2005-10-27] (Ralink Technology Inc.)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\WNt500x86\Sandra.sys [21408 2008-03-10] (SiSoftware)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [14776 2013-05-22] ()
S3 swmidi; C:\WINDOWS\System32\drivers\swmidi.sys [54272 2001-08-17] (Microsoft Corporation) [File not signed]
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
R3 winachsx; C:\WINDOWS\System32\DRIVERS\HSX_CNXT.sys [670208 2005-12-06] (Conexant Systems, Inc.) [File not signed]
S3 AFGMp50; System32\Drivers\AFGMp50.sys [X]
R4 AVGIDSDriverl; system32\DRIVERS\avgidsdriverlx.sys [X]
R4 AVGIDSHX; system32\DRIVERS\avgidshx.sys [X]
R4 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [X]
R4 Avgrkx86; system32\DRIVERS\avgrkx86.sys [X]
R4 Avgtdix; system32\DRIVERS\avgtdix.sys [X]
S3 cpuz134; \??\C:\DOCUME~1\DAD~1.YOU\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S3 DCamUSBVeo532; System32\Drivers\ubVeo532.sys [X]
S0 ftsata2; system32\DRIVERS\ftsata2.sys [X]
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-18 19:45 - 2014-11-18 19:47 - 00000000 ____D () C:\FRST
2014-11-18 19:42 - 2014-11-18 19:42 - 00000000 ____D () C:\RegBackup
2014-11-18 19:41 - 2014-11-18 19:41 - 01346048 _____ (Indigo Rose Corporation) C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\uninstall.exe
2014-11-18 19:41 - 2014-11-18 19:41 - 00325960 _____ () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\lua5.1.dll
2014-11-18 19:41 - 2014-11-18 19:41 - 00001535 _____ () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\Tweaking.com - Registry Backup.lnk
2014-11-18 19:41 - 2014-11-18 19:41 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Start Menu\Programs\Tweaking.com
2014-11-18 19:41 - 2014-11-18 19:41 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\Uninstall
2014-11-18 19:41 - 2014-11-18 19:41 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\files
2014-11-18 19:41 - 2014-11-18 19:41 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\color_presets
2014-11-18 17:33 - 2014-11-18 17:33 - 00000738 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-18 17:33 - 2014-11-18 17:33 - 00000732 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-11-18 17:33 - 2014-11-18 17:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-18 17:18 - 2014-11-18 17:18 - 00000000 ____D () C:\WINDOWS\LastGood
2014-11-18 16:23 - 2014-11-18 19:42 - 00003982 _____ () C:\WINDOWS\setupapi.log
2014-11-18 09:51 - 2014-11-18 09:51 - 00000000 ____D () C:\Documents and Settings\MOM\Application Data\AVG2015
2014-11-18 09:50 - 2014-11-18 09:50 - 00000000 ____D () C:\Documents and Settings\MOM\Local Settings\Application Data\Avg2015
2014-11-15 10:21 - 2014-11-15 10:21 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\AVG2015
2014-11-15 10:05 - 2014-11-18 17:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2015
2014-11-15 10:05 - 2014-11-15 10:05 - 00000000 ____D () C:\Documents and Settings\lexie\Local Settings\Application Data\Avg
2014-11-15 10:05 - 2014-11-15 10:05 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Avg
2014-11-15 10:05 - 2014-11-15 10:05 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Avg
2014-11-15 10:00 - 2014-11-18 17:23 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Avg2015
2014-11-15 01:15 - 2014-11-18 17:02 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d000a3e50162dd.job
2014-11-10 22:01 - 2014-11-18 17:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-07 09:46 - 2014-11-18 17:02 - 00000632 _____ () C:\WINDOWS\Tasks\AVG_SYS_TASK_1114av_RUN.job
2014-11-07 09:46 - 2014-11-07 09:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Avg_Update_1114av
2014-11-04 10:21 - 2014-11-04 10:21 - 03145782 _____ () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Green speed percents.bmp
2014-11-02 07:08 - 2014-10-18 08:55 - 00001044 _____ () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\VGGCaddy.lnk
2014-10-19 04:15 - 2014-11-18 17:02 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfeb85a996920e.job
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-18 19:47 - 2011-07-18 00:20 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\temp
2014-11-18 19:47 - 2009-07-30 20:31 - 00000452 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{A5BA4143-133C-40B2-AB6F-015DCEDD0290}.job
2014-11-18 19:44 - 2012-05-17 21:51 - 00000679 _____ () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\Settings.ini
2014-11-18 19:42 - 2005-11-14 19:58 - 00000000 ____D () C:\WINDOWS\repair
2014-11-18 19:42 - 2005-11-14 19:58 - 00000000 ____D () C:\WINDOWS\Registration
2014-11-18 19:38 - 2012-04-23 20:14 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-18 19:14 - 2010-01-06 10:42 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-18 18:34 - 2011-05-29 08:34 - 01609253 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-18 17:33 - 2010-07-13 05:42 - 00000282 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1016.job
2014-11-18 17:33 - 2010-07-13 05:42 - 00000274 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1016.job
2014-11-18 17:23 - 2013-09-24 00:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-11-18 17:03 - 2014-01-29 18:34 - 00000480 _____ () C:\WINDOWS\Tasks\AVG_REG_0214c.job
2014-11-18 17:03 - 2013-12-10 09:32 - 00000480 _____ () C:\WINDOWS\Tasks\AVG_REG_1113a.job
2014-11-18 17:02 - 2014-08-29 07:03 - 00000632 _____ () C:\WINDOWS\Tasks\AVG_SYS_TASK_0814av_RUN.job
2014-11-18 17:02 - 2014-08-28 08:14 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-11-18 17:02 - 2014-04-18 17:46 - 00000626 _____ () C:\WINDOWS\Tasks\AVG_SYS_TASK_0414b_RUN.job
2014-11-18 17:02 - 2013-12-10 09:32 - 00000462 _____ () C:\WINDOWS\Tasks\AVG_SYS_TASK_DELETE.job
2014-11-18 17:02 - 2013-09-24 09:28 - 00000342 _____ () C:\WINDOWS\Tasks\SmartDefragUpdate.job
2014-11-18 17:02 - 2013-01-28 09:23 - 00000408 _____ () C:\WINDOWS\Tasks\ROC_REG_JAN.job
2014-11-18 17:02 - 2011-05-29 11:09 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-11-18 17:02 - 2011-05-29 11:08 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-11-18 17:02 - 2011-05-29 11:07 - 00032524 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-18 17:02 - 2010-12-17 15:46 - 00000278 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1015.job
2014-11-18 17:02 - 2010-07-31 11:31 - 00000308 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1007.job
2014-11-18 17:02 - 2010-06-12 07:50 - 00000274 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1009.job
2014-11-18 17:02 - 2010-05-31 16:40 - 00000276 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1014.job
2014-11-18 17:02 - 2010-01-06 10:42 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-18 17:01 - 2009-10-12 07:11 - 00000642 _____ () C:\WINDOWS\system32\QosServ.log
2014-11-18 17:01 - 2005-08-30 22:17 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-18 16:47 - 2009-10-12 07:49 - 00393216 _____ () C:\WINDOWS\system32\config\VPN.evt
2014-11-18 16:47 - 2009-07-30 19:20 - 00000178 ___SH () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\ntuser.ini
2014-11-18 15:47 - 2009-07-30 19:20 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75
2014-11-18 14:00 - 2013-04-15 09:33 - 00000456 _____ () C:\WINDOWS\Tasks\At4.job
2014-11-18 10:33 - 2013-04-15 09:33 - 00000456 _____ () C:\WINDOWS\Tasks\At3.job
2014-11-18 10:13 - 2008-04-12 12:27 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-18 10:10 - 2013-04-15 09:33 - 00000456 _____ () C:\WINDOWS\Tasks\At1.job
2014-11-18 09:53 - 2008-01-31 18:11 - 00000178 ___SH () C:\Documents and Settings\MOM\ntuser.ini
2014-11-18 09:51 - 2011-07-18 22:42 - 00000000 ____D () C:\Documents and Settings\MOM\Local Settings\temp
2014-11-17 20:40 - 2013-04-15 09:33 - 00000456 _____ () C:\WINDOWS\Tasks\At2.job
2014-11-16 14:54 - 2012-02-01 21:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Driver Genius Professional Edition
2014-11-15 13:55 - 2011-11-20 20:41 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Google
2014-11-15 13:55 - 2009-07-30 19:24 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla
2014-11-15 10:47 - 2013-09-24 00:15 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Avg2014
2014-11-15 10:22 - 2009-02-16 18:06 - 00000000 ____D () C:\Program Files\AVG
2014-11-15 10:21 - 2013-09-24 00:19 - 00000000 ___HD () C:\$AVG
2014-11-15 09:26 - 2011-08-28 20:47 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2014-11-15 01:43 - 2010-05-31 16:40 - 00000284 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1014.job
2014-11-14 11:34 - 2011-05-30 01:06 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\WMTools Downloaded Files
2014-11-14 08:52 - 2013-12-06 09:52 - 00020480 _____ () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-13 14:15 - 2011-05-18 11:54 - 00000000 ___RD () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Resumes
2014-11-13 11:59 - 2010-12-17 15:46 - 00000286 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1015.job
2014-11-12 20:07 - 2010-07-31 11:31 - 00000316 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1007.job
2014-11-12 17:20 - 2008-07-21 19:36 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-11-12 03:18 - 2008-02-11 20:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-11-12 03:13 - 2013-08-13 22:26 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-12 03:05 - 2008-02-01 08:56 - 100445232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-12 00:30 - 2014-08-28 08:14 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-11-11 15:38 - 2012-04-23 20:14 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-11 15:38 - 2011-05-18 11:16 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-11-09 23:15 - 2011-12-14 19:15 - 00000000 ____D () C:\Program Files\Mahjongg - Ancient Mayas
2014-11-08 15:00 - 2014-03-22 05:09 - 00000212 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-11-05 07:17 - 2010-06-06 21:31 - 00000282 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1009.job
2014-11-04 10:21 - 2011-12-24 18:30 - 00432640 __SHC () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Thumbs.db
2014-11-03 10:22 - 2014-10-01 23:05 - 00000000 ____D () C:\Katstown Solutions
2014-11-02 07:12 - 2013-10-03 23:44 - 00002315 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-02 07:05 - 2005-08-30 22:07 - 00703420 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-31 23:30 - 2014-08-28 08:14 - 00000446 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-10-26 06:00 - 2011-07-24 00:00 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\HpUpdate
2014-10-21 07:53 - 2012-05-02 17:59 - 01397728 _____ (Tweaking.com) C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\TweakingRegistryBackup.exe
Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-11-2014
Ran by Dad at 2014-11-18 19:48:33
Running from C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.0.626 - Adobe Systems, Inc.)
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music Importer (HKLM\...\com.amazon.music.uploader) (Version: 2.0.1 - Amazon Services LLC)
Amazon Music Importer (Version: 2.0.1 - Amazon Services LLC) Hidden
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - )
Avaya one-X Communicator (HKLM\...\{EE827DAC-71E4-4E98-805C-66E2CBF41513}) (Version: 1.0.0.84 - Avaya Inc.)
Belarc Advisor 7.2 (HKLM\...\Belarc Advisor) (Version: - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Budget Sheet Manager V4.0 (HKLM\...\Budget Sheet Manager V4.0) (Version: - )
BufferChm (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Cisco AnyConnect VPN Client (HKLM\...\{68D47332-A69E-4B72-83B7-D34AE73B0CE8}) (Version: 2.2.0128 - Cisco Systems, Inc.)
Coby Media Manager (HKLM\...\{9A4F58EC-AA61-4382-81B3-80971396F851}) (Version: 1.0.4313 - Coby)
CP_AtenaShokunin1Config (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CP_CalendarTemplates1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
cp_LightScribeConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
cp_OnlineProjectsConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CP_Package_Basic1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CP_Package_Variety1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CP_Package_Variety2 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CP_Package_Variety3 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CP_Panorama1Config (Version: 70.0.170.000 - Hewlett-Packard) Hidden
cp_PosterPrintConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
cp_UpdateProjectsConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation)
CueTour (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Data Fax SoftModem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: - )
Destinations (Version: 70.0.170.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DJ3510FWUpdateAlert (Version: 1.00.0000 - HP) Hidden
eCalc Scientific (v1.5) (HKLM\...\{A3960197-74C2-4362-B816-11AB39E9C84D}_is1) (Version: - eCalc.com)
Free NaturalReader (HKLM\...\{1F2DF2C6-08F7-40BD-8E85-D16CB436E7F0}) (Version: 9.0 - NaturalSoft Limited)
FullDPAppQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM\...\{37C5A56A-00EA-347B-B7A1-5628BED56702}) (Version: 1.8.0.0 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HandBrake 0.9.9.1 (HKLM\...\HandBrake) (Version: 0.9.9.1 - )
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
HP Boot Optimizer (HKLM\...\{1341D838-719C-4A05-B50F-49420CA1B4BB}) (Version: 3.0.0 - Hewlett-Packard)
HP Deskjet 3510 series Basic Device Software (HKLM\...\{9F1F6E90-519F-4217-9A4B-466632D5CCCB}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3510 series Help (HKLM\...\{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}) (Version: 28.0.0 - Hewlett Packard)
HP Deskjet 3510 series Product Improvement Study (HKLM\...\{1006DA78-79A1-43AD-BEB9-7CDCDAEFD588}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP DVD Play 2.1 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: - )
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 7.0 (HKLM\...\HP Imaging Device Functions) (Version: 7.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart Premier Software 6.5 (HKLM\...\HP Photo & Imaging) (Version: 6.5 - HP)
HP Support Overview (HKLM\...\{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1) (Version: 1.0.0 - Hewlett-Packard Company)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HP Web Helper (HKLM\...\{DAAD5187-62C5-4AD6-A526-803C18C4944D}) (Version: - )
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoSmartExpress (Version: 70.0.170.000 - Hewlett-Packard) Hidden
HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden
InstantShareAlert (Version: 1.00.0000 - HP) Hidden
InstantShareDevices (Version: 70.0.170.000 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Kats Calculators (HKU\S-1-5-21-2250449246-3165194149-3948157566-1016\...\0992c2e475ab8f1e) (Version: 2.0.0.8 - Katstown Solutions)
Kats Wind and Putting Calculators (HKLM\...\{F1F55522-3481-510E-4481-002E73EC7444}) (Version: 9.0.21022.8 - Katstown Solutions)
LightScribe 1.4.105.1 (Version: 1.4.105.1 - http://www.lightscribe.com) Hidden
Mahjongg - Ancient Mayas (HKLM\...\{2E6F5711-0A88-460A-B4C8-EB64573BF7E9}_is1) (Version: - cerasus.media GmbH)
MasterCook Deluxe 9 (HKLM\...\InstallShield_{99B366B0-76B6-4DBA-95A3-A730015A7D01}) (Version: 9.0.000 - ValuSoft)
MasterCook Deluxe 9 (Version: 9.0.000 - ValuSoft) Hidden
Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB953295) (HKLM\...\KB953295) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM\...\KB979904) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Away Mode (HKLM\...\AwayMode160) (Version: 6.0.0160.0 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
Move Networks Media Player for Internet Explorer (HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\...\Move Networks Player - IE) (Version: - )
Mozilla Firefox 33.1.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My HP Games (HKLM\...\WildTangent compaq Master Uninstall) (Version: HPCMPQ1404 - WildTangent)
MyBudgetPlanner (HKLM\...\{12FC1931-EC4C-4884-93EA-7744B238A5B9}) (Version: - )
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9713 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA nView 135.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 135.95 - NVIDIA Corporation)
NVIDIA Update 1.5.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.5.20 - NVIDIA Corporation)
OptionalContentQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Palm (HKLM\...\{32EF6F81-583E-4127-918D-D3768A8957C4}) (Version: 4.1.0420 - Palm, Inc.)
PC-Doctor 5 for Windows (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4060.15 - PC-Doctor, Inc.)
PhotoGallery (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Python 2.2 pywin32 extensions (build 203) (HKLM\...\pywin32-py2.2) (Version: - )
Python 2.2.3 (HKLM\...\Python 2.2.3) (Version: 2.2.3 - PythonLabs at Zope Corporation)
Quicken 2006 (HKLM\...\{2818095F-FB6C-42C8-827E-0A406CC9AFF5}) (Version: 15.1.4.5 - Intuit)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RandMap (Version: 70.0.170.000 - Hewlett-Packard) Hidden
RealPlayer (HKLM\...\RealPlayer 12.0) (Version: - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6526 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shop'NCook Pro version 4.0.17 (HKLM\...\{C8797726-5DE1-4609-9335-D5D1BA0C28B6}_is1) (Version: 4.0.17 - Rufenacht Innovative)
SiSoftware Sandra Lite XII.SP2a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1) (Version: 14.20.2008.4 - SiSoftware)
SkinsHP1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
SlideShow (Version: 70.0.170.000 - Hewlett-Packard) Hidden
SlideShowMusic (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Sonic Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Sonic Solutions)
Sonic MyDVD Plus (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.2.0 - Sonic Solutions)
Sonic RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.6 - Sonic Solutions)
Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.6 - Sonic Solutions)
Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.6 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Sonic_PrimoSDK (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TWC WiFi (HKLM\...\TWC WiFi_is1) (Version: - )
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
Unload (Version: 7.0.0 - Hewlett-Packard) Hidden
Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version: - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live installer (HKLM\...\{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}) (Version: 12.0.1471.1025 - Microsoft Corporation)
Windows Live Messenger (HKLM\...\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}) (Version: 8.5.1302.1018 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Movie Maker 6.1 (HKLM\...\{3CC29C1A-B5FE-457B-8F22-32A2winmovie}}_is1) (Version: - win-movie-maker-free)
Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB908246 (HKLM\...\KB908246) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB925766 (HKLM\...\KB925766) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version: - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Wireless-G PCI Adapter (HKLM\...\{88742616-A6E9-4C7E-9665-B625799541FB}) (Version: - )
Yahoo! Toolbar (HKLM\...\Yahoo! Toolbar) (Version: - )
YTD Video Downloader 4.7.4 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.7.4 - GreenTree Applications SRL) <==== ATTENTION
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{0944D16C-D0E3-4389-982A-A085595A9EB3}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Google\Update\1.3.25.5 (the data entry has 19 more characters).
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{3831331E-0D00-4716-871D-68F3B11D23C9}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{3DCD2BC5-8478-48AE-891F-90C8B2F19F56}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{52C01A76-19D1-4A50-AE8A-38FFBCCF9182}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{5954EA75-9BE9-461A-BD34-CEA3A861FF19}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{762EC429-1A4C-4AB8-844A-9A552E1241DA}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Google\Update\1.3.24.1 (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{A506EF88-9EEB-4522-BFE1-A8E886A64D80}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{A5704C37-40C9-49EF-904B-97E5F5F9B1C5}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{B87799AF-2CD8-4DAA-93CF-65F002035369}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{BBC73C94-336B-43CC-B52C-31EB9FA34013}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{C406F816-317C-4F7D-81CB-BA93CA7B70D5}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{D502D4A3-03D5-4EAE-A14E-69606CA63430}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{EC22770D-3332-4C56-8A8D-3E560475F655}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
==================== Restore Points =========================
21-08-2014 10:25:29 System Checkpoint
22-08-2014 11:25:23 System Checkpoint
23-08-2014 12:25:20 System Checkpoint
24-08-2014 13:25:18 System Checkpoint
25-08-2014 13:25:36 System Checkpoint
26-08-2014 16:19:33 System Checkpoint
27-08-2014 17:04:40 System Checkpoint
28-08-2014 18:04:44 System Checkpoint
29-08-2014 18:33:56 System Checkpoint
30-08-2014 18:36:08 System Checkpoint
31-08-2014 19:36:07 System Checkpoint
01-09-2014 20:36:11 System Checkpoint
02-09-2014 20:38:35 System Checkpoint
03-09-2014 21:13:13 System Checkpoint
04-09-2014 22:14:16 System Checkpoint
05-09-2014 23:13:05 System Checkpoint
06-09-2014 23:51:44 System Checkpoint
07-09-2014 23:54:11 System Checkpoint
09-09-2014 00:54:06 System Checkpoint
10-09-2014 01:55:10 System Checkpoint
11-09-2014 02:12:43 System Checkpoint
12-09-2014 03:09:19 System Checkpoint
12-09-2014 04:41:17 Software Distribution Service 3.0
13-09-2014 05:29:02 System Checkpoint
14-09-2014 06:09:22 System Checkpoint
15-09-2014 06:39:02 System Checkpoint
16-09-2014 07:39:03 System Checkpoint
17-09-2014 08:39:04 System Checkpoint
18-09-2014 09:39:05 System Checkpoint
19-09-2014 10:39:05 System Checkpoint
20-09-2014 11:39:04 System Checkpoint
21-09-2014 12:11:30 System Checkpoint
22-09-2014 13:11:29 System Checkpoint
23-09-2014 15:47:55 System Checkpoint
24-09-2014 17:06:24 System Checkpoint
25-09-2014 17:09:59 System Checkpoint
26-09-2014 18:03:56 System Checkpoint
27-09-2014 19:03:57 System Checkpoint
28-09-2014 19:16:38 System Checkpoint
29-09-2014 20:03:55 System Checkpoint
30-09-2014 20:41:52 System Checkpoint
01-10-2014 20:42:12 System Checkpoint
02-10-2014 21:42:13 System Checkpoint
03-10-2014 21:45:29 System Checkpoint
04-10-2014 22:01:17 System Checkpoint
06-10-2014 04:40:03 System Checkpoint
07-10-2014 06:03:22 System Checkpoint
08-10-2014 06:53:01 System Checkpoint
09-10-2014 13:51:02 System Checkpoint
10-10-2014 17:47:08 System Checkpoint
11-10-2014 18:40:16 System Checkpoint
12-10-2014 19:40:17 System Checkpoint
13-10-2014 20:14:51 System Checkpoint
14-10-2014 21:14:43 System Checkpoint
15-10-2014 22:14:39 System Checkpoint
16-10-2014 07:00:07 Software Distribution Service 3.0
17-10-2014 06:23:43 Removed Java 7 Update 67
18-10-2014 07:16:41 System Checkpoint
19-10-2014 08:13:31 System Checkpoint
20-10-2014 08:14:12 System Checkpoint
21-10-2014 08:58:19 System Checkpoint
22-10-2014 09:58:22 System Checkpoint
23-10-2014 10:58:18 System Checkpoint
24-10-2014 13:00:45 System Checkpoint
25-10-2014 13:17:19 System Checkpoint
26-10-2014 13:58:19 System Checkpoint
27-10-2014 14:58:22 System Checkpoint
28-10-2014 16:39:10 System Checkpoint
29-10-2014 17:11:01 System Checkpoint
30-10-2014 17:15:59 System Checkpoint
31-10-2014 17:56:06 System Checkpoint
01-11-2014 18:55:44 System Checkpoint
02-11-2014 19:03:15 System Checkpoint
03-11-2014 20:03:22 System Checkpoint
04-11-2014 21:03:04 System Checkpoint
05-11-2014 22:03:00 System Checkpoint
06-11-2014 23:03:17 System Checkpoint
08-11-2014 00:25:16 System Checkpoint
09-11-2014 00:25:58 System Checkpoint
10-11-2014 01:25:52 System Checkpoint
11-11-2014 02:34:04 System Checkpoint
12-11-2014 02:44:28 System Checkpoint
12-11-2014 09:05:38 Software Distribution Service 3.0
13-11-2014 09:09:53 System Checkpoint
14-11-2014 10:09:42 System Checkpoint
15-11-2014 11:09:52 System Checkpoint
15-11-2014 16:04:20 Installed AVG 2015
15-11-2014 16:06:38 Installed AVG 2015
15-11-2014 19:55:17 Removed Google Talk Plugin
15-11-2014 19:57:47 Removed Visual Studio 2012 x86 Redistributables
16-11-2014 20:36:46 System Checkpoint
17-11-2014 21:28:21 System Checkpoint
18-11-2014 23:17:34 Removed AVG 2015
18-11-2014 23:19:25 Removed AVG 2015
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2004-08-10 05:00 - 2011-07-18 22:38 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\AVG_REG_0214c.job => C:\Documents and Settings\All Users\Application Data\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe
Task: C:\WINDOWS\Tasks\AVG_REG_1113a.job => C:\Documents and Settings\All Users\Application Data\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe
Task: C:\WINDOWS\Tasks\AVG_SYS_TASK_0414b_RUN.job => C:\Documents and Settings\All Users\Application Data\Avg_Update_0414b\AVG-Secure-Search-Update_0414b.exe
Task: C:\WINDOWS\Tasks\AVG_SYS_TASK_0814av_RUN.job => C:\Documents and Settings\All Users\Application Data\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe
Task: C:\WINDOWS\Tasks\AVG_SYS_TASK_1114av_RUN.job => C:\Documents and Settings\All Users\Application Data\Avg_Update_1114av\AVG-Secure-Search-Update_1114av.exe
Task: C:\WINDOWS\Tasks\AVG_SYS_TASK_DELETE.job => C:\Documents and Settings\All Users\Application Data\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfeb85a996920e.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d000a3e50162dd.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1009.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1014.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1015.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1016.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1009.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1014.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1015.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1016.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\ReclaimerResumeInstall_Dad.job => C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\ROC_REG_JAN.job => C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign\ROC.exe
Task: C:\WINDOWS\Tasks\ROC_REG_JAN_DELETE.job => C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign\ROC.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\WINDOWS\Tasks\SmartDefragUpdate.job => C:\_OTL\MovedFiles\09242013_010637\C_Program Files\IObit\Smart Defrag 2\AutoUpdate.exe
Task: C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job => C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{A5BA4143-133C-40B2-AB6F-015DCEDD0290}.job => C:\WINDOWS\system32\msfeedssync.exe
==================== Loaded Modules (whitelisted) =============
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2004-08-09 22:00 - 2011-02-04 17:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll
2004-08-09 22:00 - 2013-01-02 00:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2004-08-09 22:00 - 2008-04-13 18:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-09 22:00 - 2008-04-13 18:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-08-28 08:13 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-28 08:13 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-28 08:13 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-08-28 08:13 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-08-28 08:13 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-11-18 17:33 - 2014-11-13 20:42 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:581B0446
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:6F1F66C0
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BED8A204
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:F085C8A1
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\WINDOWS\pss\Secunia PSI Tray.lnkCommon Startup
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: AVG_TRAY => C:\Program Files\AVG\AVG10\avgtray.exe
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPDJ Taskbar Utility => C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
========================= Accounts: ==========================
Administrator (S-1-5-21-2250449246-3165194149-3948157566-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-2250449246-3165194149-3948157566-1018 - Limited - Enabled)
Compaq_Administrator (S-1-5-21-2250449246-3165194149-3948157566-1007 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Compaq_Administrator
Dad (S-1-5-21-2250449246-3165194149-3948157566-1016 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Dad.YOUR-4DACD0EA75
Guest (S-1-5-21-2250449246-3165194149-3948157566-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-2250449246-3165194149-3948157566-1006 - Limited - Disabled)
lexie (S-1-5-21-2250449246-3165194149-3948157566-1015 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\lexie
MOM (S-1-5-21-2250449246-3165194149-3948157566-1009 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\MOM
SUPPORT_388945a0 (S-1-5-21-2250449246-3165194149-3948157566-1002 - Limited - Disabled)
SUPPORT_fddfa904 (S-1-5-21-2250449246-3165194149-3948157566-1005 - Limited - Disabled)
UpdatusUser (S-1-5-21-2250449246-3165194149-3948157566-1017 - Limited - Enabled) => %SystemDrive%\Documents and Settings\UpdatusUser
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/18/2014 07:42:24 PM) (Source: COM+) (EventID: 4691) (User: )
Description: The run-time environment was unable to initialize for transactions required to support transactional components. Make sure that MS-DTC is running. (DtcGetTransactionManagerEx(): hr = 0x8004d027)
Error: (11/18/2014 07:42:24 PM) (Source: MSDTC Client) (EventID: 4427) (User: )
Description: Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215, Pid: 2948
No Callstack,
CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Error: (11/17/2014 06:47:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 33.1.0.5423, faulting module mozalloc.dll, version 33.1.0.5423, fault address 0x00001425.
Processing media-specific event for [plugin-container.exe!ws!]
Error: (11/15/2014 10:20:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avgui.exe, version 14.0.0.4765, faulting module avgui.exe, version 14.0.0.4765, fault address 0x002196ba.
Processing media-specific event for [avgui.exe!ws!]
Error: (11/10/2014 08:40:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 33.0.3.5422, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (11/04/2014 08:24:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 33.0.2.5413, faulting module mozalloc.dll, version 33.0.2.5413, fault address 0x00001425.
Processing media-specific event for [plugin-container.exe!ws!]
Error: (11/04/2014 08:24:02 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 33.0.2.5413, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (11/01/2014 06:22:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 33.0.2.5413, faulting module mozalloc.dll, version 33.0.2.5413, fault address 0x00001425.
Processing media-specific event for [plugin-container.exe!ws!]
Error: (11/01/2014 06:22:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 33.0.2.5413, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (11/01/2014 05:38:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 33.0.2.5413, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
System errors:
=============
Error: (11/18/2014 05:03:09 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ftsata2
Error: (11/18/2014 05:03:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053
Error: (11/18/2014 05:03:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
Error: (11/18/2014 05:01:25 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.0.4 for the Network Card with network address 001C10E3BFC0 has been
denied by the DHCP server 192.168.223.1 (The DHCP Server sent a DHCPNACK message).
Error: (11/18/2014 10:30:28 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.
Error: (11/18/2014 10:29:58 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ftsata2
Error: (11/18/2014 10:29:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053
Error: (11/18/2014 10:29:53 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
Error: (11/18/2014 10:13:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AVGIDSAgent service terminated unexpectedly. It has done this 1 time(s).
Error: (11/18/2014 09:59:51 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.
Microsoft Office Sessions:
=========================
Error: (06/11/2010 07:01:40 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 6Microsoft Office Outlook12.0.6514.500012.0.6425.100000
Error: (01/29/2010 11:04:30 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.6504.500012.0.6425.1000304903120
Error: (09/07/2009 01:51:02 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.6504.500012.0.6215.1000440
==================== Memory info ===========================
Processor: AMD Athlon(tm) 64 Processor 3500+
Percentage of memory in use: 81%
Total physical RAM: 702.48 MB
Available physical RAM: 126.67 MB
Total Pagefile: 1335.42 MB
Available Pagefile: 690.44 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.92 MB
==================== Drives ================================
Drive c: (PRESARIO) (Fixed) (Total:140.47 GB) (Free:57.19 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: (PRESARIO_RP) (Fixed) (Total:8.56 GB) (Free:0.58 GB) FAT32 ==>[Drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: DB5CA2A0)
Partition 1: (Active) - (Size=140.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=8.6 GB) - (Type=0C)
==================== End Of Log ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2014-11-18 19:53:31
-----------------------------
19:53:31.750 OS Version: Windows 5.1.2600 Service Pack 3
19:53:31.750 Number of processors: 1 586 0x4F02
19:53:31.750 ComputerName: YOUR-4DACD0EA75 UserName: Dad
19:53:32.125 Initialize success
19:53:32.218 VM: initialized successfully
19:53:32.218 VM: Amd CPU virtualization not supported
19:57:34.093 AVAST engine defs: 14111802
20:49:24.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0
20:49:24.828 Disk 0 Vendor: ST316081 3.AH Size: 152627MB BusType: 3
20:49:25.062 Disk 0 MBR read successfully
20:49:25.062 Disk 0 MBR scan
20:49:26.218 Disk 0 unknown MBR code
20:49:26.234 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 143839 MB offset 63
20:49:26.265 Disk 0 unknown boot code
20:49:27.218 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 8777 MB offset 294599970
20:49:27.562 Disk 0 statistics 287/0/0 @ 0.90 MB/s
20:49:27.578 Scan finished successfully
20:50:16.453 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\MBR.dat"
20:50:16.546 The log file has been saved successfully to "C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\aswMBR.txt"
I had to uninstall and reinstall my browser because it was opening too slow. I believe it was hijacked by malware.
I use FIREFOX when going to the web. Here are my logs:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-11-2014
Ran by Dad (administrator) on YOUR-4DACD0EA75 on 18-11-2014 19:47:24
Running from C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Downloads
Loaded Profiles: MOM & Dad & UpdatusUser (Available profiles: Compaq_Administrator & MOM & lexie & Dad & UpdatusUser & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Affinegy, Inc.) C:\Program Files\Time Warner Cable\TWC WiFi\AffinegyService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft) C:\WINDOWS\arservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
(AVAYA Communication) C:\Program Files\Avaya\Avaya one-X Communicator\QosServM.exe
(SiSoftware) C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\RpcAgentSrv.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\snmp.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Recguard] => C:\WINDOWS\SMINST\RECGUARD.EXE [237568 2005-07-22] ()
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-28] (InstallShield Software Corporation)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-07-28] (InstallShield Software Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [202256 2010-05-31] (RealNetworks, Inc.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20065384 2011-12-05] (Realtek Semiconductor Corp.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [DigiDo] => C:\Program Files\Time Warner Cable\TWC WiFi\TrayApp.exe [1158480 2013-02-27] (Affinegy, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [DelaypluginInstall] => C:\Documents and Settings\All Users\Application Data\Wondershare\Video Converter Ultimate\DelayPluginI.exe
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjgwMTEyNTY3LVQxMy1VODUrMS1CQSsxLVhMKzEtRlA5KzYtVEI5KzItRkwrO (the data entry has 93 more characters).
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\...\Run: [Media Finder] => "C:\Program Files\Media Finder\MF.exe" /opentotray
HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\...\MountPoints2: D - D:\LaunchU3.exe -a
HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\...\MountPoints2: {3b84fb0d-04c3-11dd-90a4-0018f341744e} - D:\LaunchU3.exe -a
HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\...\MountPoints2: {3b84fb0e-04c3-11dd-90a4-0018f341744e} - H:\setupSNK.exe
HKU\S-1-5-21-2250449246-3165194149-3948157566-1016\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-2250449246-3165194149-3948157566-1016\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4825880 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-2250449246-3165194149-3948157566-1017\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
Startup: C:\Documents and Settings\DAD\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (No File)
Startup: C:\Documents and Settings\DAD\Start Menu\Programs\Startup\PinMcLnk.lnk
ShortcutTarget: PinMcLnk.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk
ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk
ShortcutTarget: PinMcLnk.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\lexie\Start Menu\Programs\Startup\PinMcLnk.lnk
ShortcutTarget: PinMcLnk.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\MOM\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3510 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3510 series.lnk -> C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\MOM\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\MOM\Start Menu\Programs\Startup\PinMcLnk.lnk
ShortcutTarget: PinMcLnk.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\UpdatusUser\Start Menu\Programs\Startup\Pin.lnk
ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\UpdatusUser\Start Menu\Programs\Startup\PinMcLnk.lnk
ShortcutTarget: PinMcLnk.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
HKU\S-1-5-21-2250449246-3165194149-3948157566-1016\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-2250449246-3165194149-3948157566-1016\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2250449246-3165194149-3948157566-1016\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
HKU\S-1-5-21-2250449246-3165194149-3948157566-1016\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2250449246-3165194149-3948157566-1016\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF6E8DB774803D001
HKU\S-1-5-21-2250449246-3165194149-3948157566-1016\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKU\S-1-5-21-2250449246-3165194149-3948157566-1017\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
HKU\S-1-5-21-2250449246-3165194149-3948157566-1017\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
HKU\S-1-5-21-2250449246-3165194149-3948157566-1017\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
HKU\S-1-5-21-2250449246-3165194149-3948157566-1017\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
HKU\S-1-5-21-2250449246-3165194149-3948157566-1017\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.google.com" <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\.DEFAULT -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={4798F553-7C93-4DCC-BBC6-D3B781E18F93}&mid=5ce3a7b7122419458ab8edb14ebe45e0-20956b97e42a87a2206895cb73fb0ddfe8cc8e67&lang=en&ds=oc011&pr=sa&d=2013-05-04 22:49:17&v=15.4.0.5&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2250449246-3165194149-3948157566-1009 -> {997E830F-B711-4BBB-BE50-C5BC9B3FE989} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016 -> {47130832-F17F-4B95-A626-D153584228DC} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016 -> {9B97950D-482C-1D79-568F-FC7B9D40C785} URL = http://www.bing.com/search?q={searchTerms}&pc=Z192&form=ZGAIDF&install_date=20111126&iesrc={referrer:source}
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: hpWebHelper Class -> {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} -> C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (Hewlett-Packard)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2250449246-3165194149-3948157566-1009 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.com/books/_Players/MathPlayer.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=928
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
Handler: WSWSVCUchrome - No CLSID Value -
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\01d9hu9p.default-1403971675187
FF Homepage: https://www.google.com/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.732 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.732 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=1.0.0.0 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.732 -> c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2250449246-3165194149-3948157566-1016: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: LavaFox V2-Blue - C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\01d9hu9p.default-1403971675187\Extensions\djziggy@gmail.com [2014-11-16]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-11-10]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-11-10]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-12]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010-05-31]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [aacbndibbcpajfgnkdkaakeiojmmgmnk] - C:\Documents and Settings\MOM\Application Data\Media Finder\Extensions\mf_plugin_gc.crx []
CHR HKLM\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files\Coupons.com CouponBar\chrome\Coupons.com.crx []
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2010-05-31]
CHR HKLM\...\Chrome\Extension: [jpihmmhdcobmllpcnpfbhnipmhamldje] - C:\Documents and Settings\MOM\Application Data\Media Finder\Extensions\gencrawler_gc.crx [2010-05-31]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
R2 AffinegyService; C:\Program Files\Time Warner Cable\TWC WiFi\AffinegyService.exe [592720 2013-02-27] (Affinegy, Inc.)
R2 ARSVC; C:\WINDOWS\arservice.exe [58880 2005-08-03] (Microsoft)
S4 GameConsoleService; C:\Program Files\WildTangent\Apps\My HP Game Console\GameConsoleService.exe [238328 2009-11-13] (WildTangent, Inc.)
R2 iClarityQoSService; C:\Program Files\Avaya\Avaya one-X Communicator\QosServM.exe [233472 2009-03-12] (AVAYA Communication) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [49152 2006-06-21] (Hewlett-Packard Company) [File not signed]
S4 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
S3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [114288 2014-11-13] (Mozilla Foundation) [File not signed]
R2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2253120 2011-10-07] (NVIDIA Corporation)
R2 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\RpcAgentSrv.exe [98488 2008-04-10] (SiSoftware)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AFGSp50; C:\WINDOWS\System32\Drivers\AFGSp50.sys [27072 2010-06-22] (Printing Communications Assoc., Inc. (PCAUSA))
S1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36352 2005-03-09] (Advanced Micro Devices) [File not signed]
S3 aracpi; C:\WINDOWS\System32\DRIVERS\aracpi.sys [22784 2005-08-03] (Microsoft Corporation)
R3 arhidfltr; C:\WINDOWS\System32\DRIVERS\arhidfltr.sys [19200 2005-08-03] (Microsoft Corporation)
R3 arkbcfltr; C:\WINDOWS\System32\DRIVERS\arkbcfltr.sys [5376 2005-08-03] (Microsoft Corporation)
R3 armoucfltr; C:\WINDOWS\System32\DRIVERS\armoucfltr.sys [4992 2005-08-03] (Microsoft Corporation)
R3 ARPolicy; C:\WINDOWS\System32\DRIVERS\arpolicy.sys [10112 2005-08-03] (Microsoft Corporation)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-08-15] (AVG Technologies)
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2008-02-27] () [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 GTNDIS5; C:\WINDOWS\system32\GTNDIS5.SYS [15872 2003-09-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 HSXHWBS2; C:\WINDOWS\System32\DRIVERS\HSXHWBS2.sys [241664 2005-12-06] (Conexant Systems, Inc.) [File not signed]
R3 HSX_DP; C:\WINDOWS\System32\DRIVERS\HSX_DP.sys [936448 2005-12-06] (Conexant Systems, Inc.) [File not signed]
S3 LCcfltr; C:\WINDOWS\System32\Drivers\LCcFltr.Sys [14095 2004-03-03] (Logitech, Inc.) [File not signed]
R2 mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [12544 2005-10-05] (Conexant) [File not signed]
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [70912 2010-03-04] (NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [168040 2010-04-09] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13824 2010-03-04] (NVIDIA Corporation)
S3 PalmUSBD; C:\WINDOWS\System32\drivers\PalmUSBD.sys [16694 2009-02-02] (PalmSource, Inc.)
R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.) [File not signed]
R3 RT61; C:\WINDOWS\System32\DRIVERS\RT61.sys [356096 2005-10-27] (Ralink Technology Inc.)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\WNt500x86\Sandra.sys [21408 2008-03-10] (SiSoftware)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [14776 2013-05-22] ()
S3 swmidi; C:\WINDOWS\System32\drivers\swmidi.sys [54272 2001-08-17] (Microsoft Corporation) [File not signed]
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
R3 winachsx; C:\WINDOWS\System32\DRIVERS\HSX_CNXT.sys [670208 2005-12-06] (Conexant Systems, Inc.) [File not signed]
S3 AFGMp50; System32\Drivers\AFGMp50.sys [X]
R4 AVGIDSDriverl; system32\DRIVERS\avgidsdriverlx.sys [X]
R4 AVGIDSHX; system32\DRIVERS\avgidshx.sys [X]
R4 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [X]
R4 Avgrkx86; system32\DRIVERS\avgrkx86.sys [X]
R4 Avgtdix; system32\DRIVERS\avgtdix.sys [X]
S3 cpuz134; \??\C:\DOCUME~1\DAD~1.YOU\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S3 DCamUSBVeo532; System32\Drivers\ubVeo532.sys [X]
S0 ftsata2; system32\DRIVERS\ftsata2.sys [X]
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-18 19:45 - 2014-11-18 19:47 - 00000000 ____D () C:\FRST
2014-11-18 19:42 - 2014-11-18 19:42 - 00000000 ____D () C:\RegBackup
2014-11-18 19:41 - 2014-11-18 19:41 - 01346048 _____ (Indigo Rose Corporation) C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\uninstall.exe
2014-11-18 19:41 - 2014-11-18 19:41 - 00325960 _____ () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\lua5.1.dll
2014-11-18 19:41 - 2014-11-18 19:41 - 00001535 _____ () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\Tweaking.com - Registry Backup.lnk
2014-11-18 19:41 - 2014-11-18 19:41 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Start Menu\Programs\Tweaking.com
2014-11-18 19:41 - 2014-11-18 19:41 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\Uninstall
2014-11-18 19:41 - 2014-11-18 19:41 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\files
2014-11-18 19:41 - 2014-11-18 19:41 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\color_presets
2014-11-18 17:33 - 2014-11-18 17:33 - 00000738 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-18 17:33 - 2014-11-18 17:33 - 00000732 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-11-18 17:33 - 2014-11-18 17:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-18 17:18 - 2014-11-18 17:18 - 00000000 ____D () C:\WINDOWS\LastGood
2014-11-18 16:23 - 2014-11-18 19:42 - 00003982 _____ () C:\WINDOWS\setupapi.log
2014-11-18 09:51 - 2014-11-18 09:51 - 00000000 ____D () C:\Documents and Settings\MOM\Application Data\AVG2015
2014-11-18 09:50 - 2014-11-18 09:50 - 00000000 ____D () C:\Documents and Settings\MOM\Local Settings\Application Data\Avg2015
2014-11-15 10:21 - 2014-11-15 10:21 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\AVG2015
2014-11-15 10:05 - 2014-11-18 17:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2015
2014-11-15 10:05 - 2014-11-15 10:05 - 00000000 ____D () C:\Documents and Settings\lexie\Local Settings\Application Data\Avg
2014-11-15 10:05 - 2014-11-15 10:05 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Avg
2014-11-15 10:05 - 2014-11-15 10:05 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Avg
2014-11-15 10:00 - 2014-11-18 17:23 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Avg2015
2014-11-15 01:15 - 2014-11-18 17:02 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d000a3e50162dd.job
2014-11-10 22:01 - 2014-11-18 17:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-07 09:46 - 2014-11-18 17:02 - 00000632 _____ () C:\WINDOWS\Tasks\AVG_SYS_TASK_1114av_RUN.job
2014-11-07 09:46 - 2014-11-07 09:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Avg_Update_1114av
2014-11-04 10:21 - 2014-11-04 10:21 - 03145782 _____ () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Green speed percents.bmp
2014-11-02 07:08 - 2014-10-18 08:55 - 00001044 _____ () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\VGGCaddy.lnk
2014-10-19 04:15 - 2014-11-18 17:02 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfeb85a996920e.job
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-18 19:47 - 2011-07-18 00:20 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\temp
2014-11-18 19:47 - 2009-07-30 20:31 - 00000452 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{A5BA4143-133C-40B2-AB6F-015DCEDD0290}.job
2014-11-18 19:44 - 2012-05-17 21:51 - 00000679 _____ () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\Settings.ini
2014-11-18 19:42 - 2005-11-14 19:58 - 00000000 ____D () C:\WINDOWS\repair
2014-11-18 19:42 - 2005-11-14 19:58 - 00000000 ____D () C:\WINDOWS\Registration
2014-11-18 19:38 - 2012-04-23 20:14 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-18 19:14 - 2010-01-06 10:42 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-18 18:34 - 2011-05-29 08:34 - 01609253 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-18 17:33 - 2010-07-13 05:42 - 00000282 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1016.job
2014-11-18 17:33 - 2010-07-13 05:42 - 00000274 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1016.job
2014-11-18 17:23 - 2013-09-24 00:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-11-18 17:03 - 2014-01-29 18:34 - 00000480 _____ () C:\WINDOWS\Tasks\AVG_REG_0214c.job
2014-11-18 17:03 - 2013-12-10 09:32 - 00000480 _____ () C:\WINDOWS\Tasks\AVG_REG_1113a.job
2014-11-18 17:02 - 2014-08-29 07:03 - 00000632 _____ () C:\WINDOWS\Tasks\AVG_SYS_TASK_0814av_RUN.job
2014-11-18 17:02 - 2014-08-28 08:14 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-11-18 17:02 - 2014-04-18 17:46 - 00000626 _____ () C:\WINDOWS\Tasks\AVG_SYS_TASK_0414b_RUN.job
2014-11-18 17:02 - 2013-12-10 09:32 - 00000462 _____ () C:\WINDOWS\Tasks\AVG_SYS_TASK_DELETE.job
2014-11-18 17:02 - 2013-09-24 09:28 - 00000342 _____ () C:\WINDOWS\Tasks\SmartDefragUpdate.job
2014-11-18 17:02 - 2013-01-28 09:23 - 00000408 _____ () C:\WINDOWS\Tasks\ROC_REG_JAN.job
2014-11-18 17:02 - 2011-05-29 11:09 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-11-18 17:02 - 2011-05-29 11:08 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-11-18 17:02 - 2011-05-29 11:07 - 00032524 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-18 17:02 - 2010-12-17 15:46 - 00000278 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1015.job
2014-11-18 17:02 - 2010-07-31 11:31 - 00000308 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1007.job
2014-11-18 17:02 - 2010-06-12 07:50 - 00000274 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1009.job
2014-11-18 17:02 - 2010-05-31 16:40 - 00000276 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1014.job
2014-11-18 17:02 - 2010-01-06 10:42 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-18 17:01 - 2009-10-12 07:11 - 00000642 _____ () C:\WINDOWS\system32\QosServ.log
2014-11-18 17:01 - 2005-08-30 22:17 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-18 16:47 - 2009-10-12 07:49 - 00393216 _____ () C:\WINDOWS\system32\config\VPN.evt
2014-11-18 16:47 - 2009-07-30 19:20 - 00000178 ___SH () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\ntuser.ini
2014-11-18 15:47 - 2009-07-30 19:20 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75
2014-11-18 14:00 - 2013-04-15 09:33 - 00000456 _____ () C:\WINDOWS\Tasks\At4.job
2014-11-18 10:33 - 2013-04-15 09:33 - 00000456 _____ () C:\WINDOWS\Tasks\At3.job
2014-11-18 10:13 - 2008-04-12 12:27 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-18 10:10 - 2013-04-15 09:33 - 00000456 _____ () C:\WINDOWS\Tasks\At1.job
2014-11-18 09:53 - 2008-01-31 18:11 - 00000178 ___SH () C:\Documents and Settings\MOM\ntuser.ini
2014-11-18 09:51 - 2011-07-18 22:42 - 00000000 ____D () C:\Documents and Settings\MOM\Local Settings\temp
2014-11-17 20:40 - 2013-04-15 09:33 - 00000456 _____ () C:\WINDOWS\Tasks\At2.job
2014-11-16 14:54 - 2012-02-01 21:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Driver Genius Professional Edition
2014-11-15 13:55 - 2011-11-20 20:41 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Google
2014-11-15 13:55 - 2009-07-30 19:24 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla
2014-11-15 10:47 - 2013-09-24 00:15 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Avg2014
2014-11-15 10:22 - 2009-02-16 18:06 - 00000000 ____D () C:\Program Files\AVG
2014-11-15 10:21 - 2013-09-24 00:19 - 00000000 ___HD () C:\$AVG
2014-11-15 09:26 - 2011-08-28 20:47 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2014-11-15 01:43 - 2010-05-31 16:40 - 00000284 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1014.job
2014-11-14 11:34 - 2011-05-30 01:06 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\WMTools Downloaded Files
2014-11-14 08:52 - 2013-12-06 09:52 - 00020480 _____ () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-13 14:15 - 2011-05-18 11:54 - 00000000 ___RD () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Resumes
2014-11-13 11:59 - 2010-12-17 15:46 - 00000286 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1015.job
2014-11-12 20:07 - 2010-07-31 11:31 - 00000316 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1007.job
2014-11-12 17:20 - 2008-07-21 19:36 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-11-12 03:18 - 2008-02-11 20:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-11-12 03:13 - 2013-08-13 22:26 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-12 03:05 - 2008-02-01 08:56 - 100445232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-12 00:30 - 2014-08-28 08:14 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-11-11 15:38 - 2012-04-23 20:14 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-11 15:38 - 2011-05-18 11:16 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-11-09 23:15 - 2011-12-14 19:15 - 00000000 ____D () C:\Program Files\Mahjongg - Ancient Mayas
2014-11-08 15:00 - 2014-03-22 05:09 - 00000212 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-11-05 07:17 - 2010-06-06 21:31 - 00000282 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1009.job
2014-11-04 10:21 - 2011-12-24 18:30 - 00432640 __SHC () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Thumbs.db
2014-11-03 10:22 - 2014-10-01 23:05 - 00000000 ____D () C:\Katstown Solutions
2014-11-02 07:12 - 2013-10-03 23:44 - 00002315 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-02 07:05 - 2005-08-30 22:07 - 00703420 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-31 23:30 - 2014-08-28 08:14 - 00000446 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-10-26 06:00 - 2011-07-24 00:00 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\HpUpdate
2014-10-21 07:53 - 2012-05-02 17:59 - 01397728 _____ (Tweaking.com) C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\TweakingRegistryBackup.exe
Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-11-2014
Ran by Dad at 2014-11-18 19:48:33
Running from C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.0.626 - Adobe Systems, Inc.)
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music Importer (HKLM\...\com.amazon.music.uploader) (Version: 2.0.1 - Amazon Services LLC)
Amazon Music Importer (Version: 2.0.1 - Amazon Services LLC) Hidden
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - )
Avaya one-X Communicator (HKLM\...\{EE827DAC-71E4-4E98-805C-66E2CBF41513}) (Version: 1.0.0.84 - Avaya Inc.)
Belarc Advisor 7.2 (HKLM\...\Belarc Advisor) (Version: - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Budget Sheet Manager V4.0 (HKLM\...\Budget Sheet Manager V4.0) (Version: - )
BufferChm (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Cisco AnyConnect VPN Client (HKLM\...\{68D47332-A69E-4B72-83B7-D34AE73B0CE8}) (Version: 2.2.0128 - Cisco Systems, Inc.)
Coby Media Manager (HKLM\...\{9A4F58EC-AA61-4382-81B3-80971396F851}) (Version: 1.0.4313 - Coby)
CP_AtenaShokunin1Config (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CP_CalendarTemplates1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
cp_LightScribeConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
cp_OnlineProjectsConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CP_Package_Basic1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CP_Package_Variety1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CP_Package_Variety2 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CP_Package_Variety3 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CP_Panorama1Config (Version: 70.0.170.000 - Hewlett-Packard) Hidden
cp_PosterPrintConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
cp_UpdateProjectsConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation)
CueTour (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Data Fax SoftModem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: - )
Destinations (Version: 70.0.170.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DJ3510FWUpdateAlert (Version: 1.00.0000 - HP) Hidden
eCalc Scientific (v1.5) (HKLM\...\{A3960197-74C2-4362-B816-11AB39E9C84D}_is1) (Version: - eCalc.com)
Free NaturalReader (HKLM\...\{1F2DF2C6-08F7-40BD-8E85-D16CB436E7F0}) (Version: 9.0 - NaturalSoft Limited)
FullDPAppQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM\...\{37C5A56A-00EA-347B-B7A1-5628BED56702}) (Version: 1.8.0.0 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HandBrake 0.9.9.1 (HKLM\...\HandBrake) (Version: 0.9.9.1 - )
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
HP Boot Optimizer (HKLM\...\{1341D838-719C-4A05-B50F-49420CA1B4BB}) (Version: 3.0.0 - Hewlett-Packard)
HP Deskjet 3510 series Basic Device Software (HKLM\...\{9F1F6E90-519F-4217-9A4B-466632D5CCCB}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3510 series Help (HKLM\...\{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}) (Version: 28.0.0 - Hewlett Packard)
HP Deskjet 3510 series Product Improvement Study (HKLM\...\{1006DA78-79A1-43AD-BEB9-7CDCDAEFD588}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP DVD Play 2.1 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: - )
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 7.0 (HKLM\...\HP Imaging Device Functions) (Version: 7.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart Premier Software 6.5 (HKLM\...\HP Photo & Imaging) (Version: 6.5 - HP)
HP Support Overview (HKLM\...\{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1) (Version: 1.0.0 - Hewlett-Packard Company)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HP Web Helper (HKLM\...\{DAAD5187-62C5-4AD6-A526-803C18C4944D}) (Version: - )
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoSmartExpress (Version: 70.0.170.000 - Hewlett-Packard) Hidden
HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden
InstantShareAlert (Version: 1.00.0000 - HP) Hidden
InstantShareDevices (Version: 70.0.170.000 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Kats Calculators (HKU\S-1-5-21-2250449246-3165194149-3948157566-1016\...\0992c2e475ab8f1e) (Version: 2.0.0.8 - Katstown Solutions)
Kats Wind and Putting Calculators (HKLM\...\{F1F55522-3481-510E-4481-002E73EC7444}) (Version: 9.0.21022.8 - Katstown Solutions)
LightScribe 1.4.105.1 (Version: 1.4.105.1 - http://www.lightscribe.com) Hidden
Mahjongg - Ancient Mayas (HKLM\...\{2E6F5711-0A88-460A-B4C8-EB64573BF7E9}_is1) (Version: - cerasus.media GmbH)
MasterCook Deluxe 9 (HKLM\...\InstallShield_{99B366B0-76B6-4DBA-95A3-A730015A7D01}) (Version: 9.0.000 - ValuSoft)
MasterCook Deluxe 9 (Version: 9.0.000 - ValuSoft) Hidden
Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB953295) (HKLM\...\KB953295) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM\...\KB979904) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Away Mode (HKLM\...\AwayMode160) (Version: 6.0.0160.0 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
Move Networks Media Player for Internet Explorer (HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\...\Move Networks Player - IE) (Version: - )
Mozilla Firefox 33.1.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My HP Games (HKLM\...\WildTangent compaq Master Uninstall) (Version: HPCMPQ1404 - WildTangent)
MyBudgetPlanner (HKLM\...\{12FC1931-EC4C-4884-93EA-7744B238A5B9}) (Version: - )
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9713 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA nView 135.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 135.95 - NVIDIA Corporation)
NVIDIA Update 1.5.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.5.20 - NVIDIA Corporation)
OptionalContentQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Palm (HKLM\...\{32EF6F81-583E-4127-918D-D3768A8957C4}) (Version: 4.1.0420 - Palm, Inc.)
PC-Doctor 5 for Windows (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4060.15 - PC-Doctor, Inc.)
PhotoGallery (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Python 2.2 pywin32 extensions (build 203) (HKLM\...\pywin32-py2.2) (Version: - )
Python 2.2.3 (HKLM\...\Python 2.2.3) (Version: 2.2.3 - PythonLabs at Zope Corporation)
Quicken 2006 (HKLM\...\{2818095F-FB6C-42C8-827E-0A406CC9AFF5}) (Version: 15.1.4.5 - Intuit)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RandMap (Version: 70.0.170.000 - Hewlett-Packard) Hidden
RealPlayer (HKLM\...\RealPlayer 12.0) (Version: - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6526 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shop'NCook Pro version 4.0.17 (HKLM\...\{C8797726-5DE1-4609-9335-D5D1BA0C28B6}_is1) (Version: 4.0.17 - Rufenacht Innovative)
SiSoftware Sandra Lite XII.SP2a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1) (Version: 14.20.2008.4 - SiSoftware)
SkinsHP1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
SlideShow (Version: 70.0.170.000 - Hewlett-Packard) Hidden
SlideShowMusic (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Sonic Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Sonic Solutions)
Sonic MyDVD Plus (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.2.0 - Sonic Solutions)
Sonic RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.6 - Sonic Solutions)
Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.6 - Sonic Solutions)
Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.6 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Sonic_PrimoSDK (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TWC WiFi (HKLM\...\TWC WiFi_is1) (Version: - )
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
Unload (Version: 7.0.0 - Hewlett-Packard) Hidden
Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version: - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live installer (HKLM\...\{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}) (Version: 12.0.1471.1025 - Microsoft Corporation)
Windows Live Messenger (HKLM\...\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}) (Version: 8.5.1302.1018 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Movie Maker 6.1 (HKLM\...\{3CC29C1A-B5FE-457B-8F22-32A2winmovie}}_is1) (Version: - win-movie-maker-free)
Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB908246 (HKLM\...\KB908246) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB925766 (HKLM\...\KB925766) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version: - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Wireless-G PCI Adapter (HKLM\...\{88742616-A6E9-4C7E-9665-B625799541FB}) (Version: - )
Yahoo! Toolbar (HKLM\...\Yahoo! Toolbar) (Version: - )
YTD Video Downloader 4.7.4 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.7.4 - GreenTree Applications SRL) <==== ATTENTION
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{0944D16C-D0E3-4389-982A-A085595A9EB3}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Google\Update\1.3.25.5 (the data entry has 19 more characters).
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{3831331E-0D00-4716-871D-68F3B11D23C9}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{3DCD2BC5-8478-48AE-891F-90C8B2F19F56}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{52C01A76-19D1-4A50-AE8A-38FFBCCF9182}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{5954EA75-9BE9-461A-BD34-CEA3A861FF19}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{762EC429-1A4C-4AB8-844A-9A552E1241DA}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Google\Update\1.3.24.1 (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{A506EF88-9EEB-4522-BFE1-A8E886A64D80}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{A5704C37-40C9-49EF-904B-97E5F5F9B1C5}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{B87799AF-2CD8-4DAA-93CF-65F002035369}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{BBC73C94-336B-43CC-B52C-31EB9FA34013}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{C406F816-317C-4F7D-81CB-BA93CA7B70D5}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{D502D4A3-03D5-4EAE-A14E-69606CA63430}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{EC22770D-3332-4C56-8A8D-3E560475F655}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
==================== Restore Points =========================
21-08-2014 10:25:29 System Checkpoint
22-08-2014 11:25:23 System Checkpoint
23-08-2014 12:25:20 System Checkpoint
24-08-2014 13:25:18 System Checkpoint
25-08-2014 13:25:36 System Checkpoint
26-08-2014 16:19:33 System Checkpoint
27-08-2014 17:04:40 System Checkpoint
28-08-2014 18:04:44 System Checkpoint
29-08-2014 18:33:56 System Checkpoint
30-08-2014 18:36:08 System Checkpoint
31-08-2014 19:36:07 System Checkpoint
01-09-2014 20:36:11 System Checkpoint
02-09-2014 20:38:35 System Checkpoint
03-09-2014 21:13:13 System Checkpoint
04-09-2014 22:14:16 System Checkpoint
05-09-2014 23:13:05 System Checkpoint
06-09-2014 23:51:44 System Checkpoint
07-09-2014 23:54:11 System Checkpoint
09-09-2014 00:54:06 System Checkpoint
10-09-2014 01:55:10 System Checkpoint
11-09-2014 02:12:43 System Checkpoint
12-09-2014 03:09:19 System Checkpoint
12-09-2014 04:41:17 Software Distribution Service 3.0
13-09-2014 05:29:02 System Checkpoint
14-09-2014 06:09:22 System Checkpoint
15-09-2014 06:39:02 System Checkpoint
16-09-2014 07:39:03 System Checkpoint
17-09-2014 08:39:04 System Checkpoint
18-09-2014 09:39:05 System Checkpoint
19-09-2014 10:39:05 System Checkpoint
20-09-2014 11:39:04 System Checkpoint
21-09-2014 12:11:30 System Checkpoint
22-09-2014 13:11:29 System Checkpoint
23-09-2014 15:47:55 System Checkpoint
24-09-2014 17:06:24 System Checkpoint
25-09-2014 17:09:59 System Checkpoint
26-09-2014 18:03:56 System Checkpoint
27-09-2014 19:03:57 System Checkpoint
28-09-2014 19:16:38 System Checkpoint
29-09-2014 20:03:55 System Checkpoint
30-09-2014 20:41:52 System Checkpoint
01-10-2014 20:42:12 System Checkpoint
02-10-2014 21:42:13 System Checkpoint
03-10-2014 21:45:29 System Checkpoint
04-10-2014 22:01:17 System Checkpoint
06-10-2014 04:40:03 System Checkpoint
07-10-2014 06:03:22 System Checkpoint
08-10-2014 06:53:01 System Checkpoint
09-10-2014 13:51:02 System Checkpoint
10-10-2014 17:47:08 System Checkpoint
11-10-2014 18:40:16 System Checkpoint
12-10-2014 19:40:17 System Checkpoint
13-10-2014 20:14:51 System Checkpoint
14-10-2014 21:14:43 System Checkpoint
15-10-2014 22:14:39 System Checkpoint
16-10-2014 07:00:07 Software Distribution Service 3.0
17-10-2014 06:23:43 Removed Java 7 Update 67
18-10-2014 07:16:41 System Checkpoint
19-10-2014 08:13:31 System Checkpoint
20-10-2014 08:14:12 System Checkpoint
21-10-2014 08:58:19 System Checkpoint
22-10-2014 09:58:22 System Checkpoint
23-10-2014 10:58:18 System Checkpoint
24-10-2014 13:00:45 System Checkpoint
25-10-2014 13:17:19 System Checkpoint
26-10-2014 13:58:19 System Checkpoint
27-10-2014 14:58:22 System Checkpoint
28-10-2014 16:39:10 System Checkpoint
29-10-2014 17:11:01 System Checkpoint
30-10-2014 17:15:59 System Checkpoint
31-10-2014 17:56:06 System Checkpoint
01-11-2014 18:55:44 System Checkpoint
02-11-2014 19:03:15 System Checkpoint
03-11-2014 20:03:22 System Checkpoint
04-11-2014 21:03:04 System Checkpoint
05-11-2014 22:03:00 System Checkpoint
06-11-2014 23:03:17 System Checkpoint
08-11-2014 00:25:16 System Checkpoint
09-11-2014 00:25:58 System Checkpoint
10-11-2014 01:25:52 System Checkpoint
11-11-2014 02:34:04 System Checkpoint
12-11-2014 02:44:28 System Checkpoint
12-11-2014 09:05:38 Software Distribution Service 3.0
13-11-2014 09:09:53 System Checkpoint
14-11-2014 10:09:42 System Checkpoint
15-11-2014 11:09:52 System Checkpoint
15-11-2014 16:04:20 Installed AVG 2015
15-11-2014 16:06:38 Installed AVG 2015
15-11-2014 19:55:17 Removed Google Talk Plugin
15-11-2014 19:57:47 Removed Visual Studio 2012 x86 Redistributables
16-11-2014 20:36:46 System Checkpoint
17-11-2014 21:28:21 System Checkpoint
18-11-2014 23:17:34 Removed AVG 2015
18-11-2014 23:19:25 Removed AVG 2015
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2004-08-10 05:00 - 2011-07-18 22:38 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\AVG_REG_0214c.job => C:\Documents and Settings\All Users\Application Data\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe
Task: C:\WINDOWS\Tasks\AVG_REG_1113a.job => C:\Documents and Settings\All Users\Application Data\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe
Task: C:\WINDOWS\Tasks\AVG_SYS_TASK_0414b_RUN.job => C:\Documents and Settings\All Users\Application Data\Avg_Update_0414b\AVG-Secure-Search-Update_0414b.exe
Task: C:\WINDOWS\Tasks\AVG_SYS_TASK_0814av_RUN.job => C:\Documents and Settings\All Users\Application Data\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe
Task: C:\WINDOWS\Tasks\AVG_SYS_TASK_1114av_RUN.job => C:\Documents and Settings\All Users\Application Data\Avg_Update_1114av\AVG-Secure-Search-Update_1114av.exe
Task: C:\WINDOWS\Tasks\AVG_SYS_TASK_DELETE.job => C:\Documents and Settings\All Users\Application Data\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfeb85a996920e.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d000a3e50162dd.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1009.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1014.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1015.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1016.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1009.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1014.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1015.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1016.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\ReclaimerResumeInstall_Dad.job => C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\ROC_REG_JAN.job => C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign\ROC.exe
Task: C:\WINDOWS\Tasks\ROC_REG_JAN_DELETE.job => C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign\ROC.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\WINDOWS\Tasks\SmartDefragUpdate.job => C:\_OTL\MovedFiles\09242013_010637\C_Program Files\IObit\Smart Defrag 2\AutoUpdate.exe
Task: C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job => C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{A5BA4143-133C-40B2-AB6F-015DCEDD0290}.job => C:\WINDOWS\system32\msfeedssync.exe
==================== Loaded Modules (whitelisted) =============
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2004-08-09 22:00 - 2011-02-04 17:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll
2004-08-09 22:00 - 2013-01-02 00:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2004-08-09 22:00 - 2008-04-13 18:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-09 22:00 - 2008-04-13 18:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-08-28 08:13 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-28 08:13 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-28 08:13 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-08-28 08:13 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-08-28 08:13 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-11-18 17:33 - 2014-11-13 20:42 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:581B0446
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:6F1F66C0
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BED8A204
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:F085C8A1
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\WINDOWS\pss\Secunia PSI Tray.lnkCommon Startup
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: AVG_TRAY => C:\Program Files\AVG\AVG10\avgtray.exe
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPDJ Taskbar Utility => C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
========================= Accounts: ==========================
Administrator (S-1-5-21-2250449246-3165194149-3948157566-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-2250449246-3165194149-3948157566-1018 - Limited - Enabled)
Compaq_Administrator (S-1-5-21-2250449246-3165194149-3948157566-1007 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Compaq_Administrator
Dad (S-1-5-21-2250449246-3165194149-3948157566-1016 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Dad.YOUR-4DACD0EA75
Guest (S-1-5-21-2250449246-3165194149-3948157566-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-2250449246-3165194149-3948157566-1006 - Limited - Disabled)
lexie (S-1-5-21-2250449246-3165194149-3948157566-1015 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\lexie
MOM (S-1-5-21-2250449246-3165194149-3948157566-1009 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\MOM
SUPPORT_388945a0 (S-1-5-21-2250449246-3165194149-3948157566-1002 - Limited - Disabled)
SUPPORT_fddfa904 (S-1-5-21-2250449246-3165194149-3948157566-1005 - Limited - Disabled)
UpdatusUser (S-1-5-21-2250449246-3165194149-3948157566-1017 - Limited - Enabled) => %SystemDrive%\Documents and Settings\UpdatusUser
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/18/2014 07:42:24 PM) (Source: COM+) (EventID: 4691) (User: )
Description: The run-time environment was unable to initialize for transactions required to support transactional components. Make sure that MS-DTC is running. (DtcGetTransactionManagerEx(): hr = 0x8004d027)
Error: (11/18/2014 07:42:24 PM) (Source: MSDTC Client) (EventID: 4427) (User: )
Description: Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215, Pid: 2948
No Callstack,
CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Error: (11/17/2014 06:47:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 33.1.0.5423, faulting module mozalloc.dll, version 33.1.0.5423, fault address 0x00001425.
Processing media-specific event for [plugin-container.exe!ws!]
Error: (11/15/2014 10:20:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avgui.exe, version 14.0.0.4765, faulting module avgui.exe, version 14.0.0.4765, fault address 0x002196ba.
Processing media-specific event for [avgui.exe!ws!]
Error: (11/10/2014 08:40:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 33.0.3.5422, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (11/04/2014 08:24:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 33.0.2.5413, faulting module mozalloc.dll, version 33.0.2.5413, fault address 0x00001425.
Processing media-specific event for [plugin-container.exe!ws!]
Error: (11/04/2014 08:24:02 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 33.0.2.5413, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (11/01/2014 06:22:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 33.0.2.5413, faulting module mozalloc.dll, version 33.0.2.5413, fault address 0x00001425.
Processing media-specific event for [plugin-container.exe!ws!]
Error: (11/01/2014 06:22:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 33.0.2.5413, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (11/01/2014 05:38:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 33.0.2.5413, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
System errors:
=============
Error: (11/18/2014 05:03:09 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ftsata2
Error: (11/18/2014 05:03:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053
Error: (11/18/2014 05:03:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
Error: (11/18/2014 05:01:25 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.0.4 for the Network Card with network address 001C10E3BFC0 has been
denied by the DHCP server 192.168.223.1 (The DHCP Server sent a DHCPNACK message).
Error: (11/18/2014 10:30:28 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.
Error: (11/18/2014 10:29:58 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ftsata2
Error: (11/18/2014 10:29:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053
Error: (11/18/2014 10:29:53 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
Error: (11/18/2014 10:13:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AVGIDSAgent service terminated unexpectedly. It has done this 1 time(s).
Error: (11/18/2014 09:59:51 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.
Microsoft Office Sessions:
=========================
Error: (06/11/2010 07:01:40 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 6Microsoft Office Outlook12.0.6514.500012.0.6425.100000
Error: (01/29/2010 11:04:30 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.6504.500012.0.6425.1000304903120
Error: (09/07/2009 01:51:02 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.6504.500012.0.6215.1000440
==================== Memory info ===========================
Processor: AMD Athlon(tm) 64 Processor 3500+
Percentage of memory in use: 81%
Total physical RAM: 702.48 MB
Available physical RAM: 126.67 MB
Total Pagefile: 1335.42 MB
Available Pagefile: 690.44 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.92 MB
==================== Drives ================================
Drive c: (PRESARIO) (Fixed) (Total:140.47 GB) (Free:57.19 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: (PRESARIO_RP) (Fixed) (Total:8.56 GB) (Free:0.58 GB) FAT32 ==>[Drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: DB5CA2A0)
Partition 1: (Active) - (Size=140.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=8.6 GB) - (Type=0C)
==================== End Of Log ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2014-11-18 19:53:31
-----------------------------
19:53:31.750 OS Version: Windows 5.1.2600 Service Pack 3
19:53:31.750 Number of processors: 1 586 0x4F02
19:53:31.750 ComputerName: YOUR-4DACD0EA75 UserName: Dad
19:53:32.125 Initialize success
19:53:32.218 VM: initialized successfully
19:53:32.218 VM: Amd CPU virtualization not supported
19:57:34.093 AVAST engine defs: 14111802
20:49:24.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0
20:49:24.828 Disk 0 Vendor: ST316081 3.AH Size: 152627MB BusType: 3
20:49:25.062 Disk 0 MBR read successfully
20:49:25.062 Disk 0 MBR scan
20:49:26.218 Disk 0 unknown MBR code
20:49:26.234 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 143839 MB offset 63
20:49:26.265 Disk 0 unknown boot code
20:49:27.218 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 8777 MB offset 294599970
20:49:27.562 Disk 0 statistics 287/0/0 @ 0.90 MB/s
20:49:27.578 Scan finished successfully
20:50:16.453 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\MBR.dat"
20:50:16.546 The log file has been saved successfully to "C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\aswMBR.txt"