PDA

View Full Version : PC hijacked



speedinc
2014-11-19, 09:03
Hi guys:
I had to uninstall and reinstall my browser because it was opening too slow. I believe it was hijacked by malware.
I use FIREFOX when going to the web. Here are my logs:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-11-2014
Ran by Dad (administrator) on YOUR-4DACD0EA75 on 18-11-2014 19:47:24
Running from C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Downloads
Loaded Profiles: MOM & Dad & UpdatusUser (Available profiles: Compaq_Administrator & MOM & lexie & Dad & UpdatusUser & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Affinegy, Inc.) C:\Program Files\Time Warner Cable\TWC WiFi\AffinegyService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft) C:\WINDOWS\arservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
(AVAYA Communication) C:\Program Files\Avaya\Avaya one-X Communicator\QosServM.exe
(SiSoftware) C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\RpcAgentSrv.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\snmp.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Recguard] => C:\WINDOWS\SMINST\RECGUARD.EXE [237568 2005-07-22] ()
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-28] (InstallShield Software Corporation)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-07-28] (InstallShield Software Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [202256 2010-05-31] (RealNetworks, Inc.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20065384 2011-12-05] (Realtek Semiconductor Corp.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [DigiDo] => C:\Program Files\Time Warner Cable\TWC WiFi\TrayApp.exe [1158480 2013-02-27] (Affinegy, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [DelaypluginInstall] => C:\Documents and Settings\All Users\Application Data\Wondershare\Video Converter Ultimate\DelayPluginI.exe
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjgwMTEyNTY3LVQxMy1VODUrMS1CQSsxLVhMKzEtRlA5KzYtVEI5KzItRkwrO (the data entry has 93 more characters).
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\...\Run: [Media Finder] => "C:\Program Files\Media Finder\MF.exe" /opentotray
HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\...\MountPoints2: D - D:\LaunchU3.exe -a
HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\...\MountPoints2: {3b84fb0d-04c3-11dd-90a4-0018f341744e} - D:\LaunchU3.exe -a
HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\...\MountPoints2: {3b84fb0e-04c3-11dd-90a4-0018f341744e} - H:\setupSNK.exe
HKU\S-1-5-21-2250449246-3165194149-3948157566-1016\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-2250449246-3165194149-3948157566-1016\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4825880 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-2250449246-3165194149-3948157566-1017\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
Startup: C:\Documents and Settings\DAD\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (No File)
Startup: C:\Documents and Settings\DAD\Start Menu\Programs\Startup\PinMcLnk.lnk
ShortcutTarget: PinMcLnk.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk
ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk
ShortcutTarget: PinMcLnk.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\lexie\Start Menu\Programs\Startup\PinMcLnk.lnk
ShortcutTarget: PinMcLnk.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\MOM\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3510 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3510 series.lnk -> C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\MOM\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\MOM\Start Menu\Programs\Startup\PinMcLnk.lnk
ShortcutTarget: PinMcLnk.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\UpdatusUser\Start Menu\Programs\Startup\Pin.lnk
ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\UpdatusUser\Start Menu\Programs\Startup\PinMcLnk.lnk
ShortcutTarget: PinMcLnk.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
HKU\S-1-5-21-2250449246-3165194149-3948157566-1016\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-2250449246-3165194149-3948157566-1016\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2250449246-3165194149-3948157566-1016\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
HKU\S-1-5-21-2250449246-3165194149-3948157566-1016\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2250449246-3165194149-3948157566-1016\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF6E8DB774803D001
HKU\S-1-5-21-2250449246-3165194149-3948157566-1016\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKU\S-1-5-21-2250449246-3165194149-3948157566-1017\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
HKU\S-1-5-21-2250449246-3165194149-3948157566-1017\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
HKU\S-1-5-21-2250449246-3165194149-3948157566-1017\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
HKU\S-1-5-21-2250449246-3165194149-3948157566-1017\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
HKU\S-1-5-21-2250449246-3165194149-3948157566-1017\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.google.com" <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\.DEFAULT -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={4798F553-7C93-4DCC-BBC6-D3B781E18F93}&mid=5ce3a7b7122419458ab8edb14ebe45e0-20956b97e42a87a2206895cb73fb0ddfe8cc8e67&lang=en&ds=oc011&pr=sa&d=2013-05-04 22:49:17&v=15.4.0.5&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2250449246-3165194149-3948157566-1009 -> {997E830F-B711-4BBB-BE50-C5BC9B3FE989} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016 -> {47130832-F17F-4B95-A626-D153584228DC} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016 -> {9B97950D-482C-1D79-568F-FC7B9D40C785} URL = http://www.bing.com/search?q={searchTerms}&pc=Z192&form=ZGAIDF&install_date=20111126&iesrc={referrer:source}
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: hpWebHelper Class -> {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} -> C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (Hewlett-Packard)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2250449246-3165194149-3948157566-1009 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.com/books/_Players/MathPlayer.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=928
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
Handler: WSWSVCUchrome - No CLSID Value -
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\01d9hu9p.default-1403971675187
FF Homepage: https://www.google.com/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.732 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.732 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=1.0.0.0 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.732 -> c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2250449246-3165194149-3948157566-1016: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: LavaFox V2-Blue - C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\01d9hu9p.default-1403971675187\Extensions\djziggy@gmail.com [2014-11-16]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-11-10]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-11-10]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-12]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010-05-31]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [aacbndibbcpajfgnkdkaakeiojmmgmnk] - C:\Documents and Settings\MOM\Application Data\Media Finder\Extensions\mf_plugin_gc.crx []
CHR HKLM\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files\Coupons.com CouponBar\chrome\Coupons.com.crx []
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2010-05-31]
CHR HKLM\...\Chrome\Extension: [jpihmmhdcobmllpcnpfbhnipmhamldje] - C:\Documents and Settings\MOM\Application Data\Media Finder\Extensions\gencrawler_gc.crx [2010-05-31]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
R2 AffinegyService; C:\Program Files\Time Warner Cable\TWC WiFi\AffinegyService.exe [592720 2013-02-27] (Affinegy, Inc.)
R2 ARSVC; C:\WINDOWS\arservice.exe [58880 2005-08-03] (Microsoft)
S4 GameConsoleService; C:\Program Files\WildTangent\Apps\My HP Game Console\GameConsoleService.exe [238328 2009-11-13] (WildTangent, Inc.)
R2 iClarityQoSService; C:\Program Files\Avaya\Avaya one-X Communicator\QosServM.exe [233472 2009-03-12] (AVAYA Communication) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [49152 2006-06-21] (Hewlett-Packard Company) [File not signed]
S4 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
S3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [114288 2014-11-13] (Mozilla Foundation) [File not signed]
R2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2253120 2011-10-07] (NVIDIA Corporation)
R2 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\RpcAgentSrv.exe [98488 2008-04-10] (SiSoftware)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AFGSp50; C:\WINDOWS\System32\Drivers\AFGSp50.sys [27072 2010-06-22] (Printing Communications Assoc., Inc. (PCAUSA))
S1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36352 2005-03-09] (Advanced Micro Devices) [File not signed]
S3 aracpi; C:\WINDOWS\System32\DRIVERS\aracpi.sys [22784 2005-08-03] (Microsoft Corporation)
R3 arhidfltr; C:\WINDOWS\System32\DRIVERS\arhidfltr.sys [19200 2005-08-03] (Microsoft Corporation)
R3 arkbcfltr; C:\WINDOWS\System32\DRIVERS\arkbcfltr.sys [5376 2005-08-03] (Microsoft Corporation)
R3 armoucfltr; C:\WINDOWS\System32\DRIVERS\armoucfltr.sys [4992 2005-08-03] (Microsoft Corporation)
R3 ARPolicy; C:\WINDOWS\System32\DRIVERS\arpolicy.sys [10112 2005-08-03] (Microsoft Corporation)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-08-15] (AVG Technologies)
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2008-02-27] () [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 GTNDIS5; C:\WINDOWS\system32\GTNDIS5.SYS [15872 2003-09-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 HSXHWBS2; C:\WINDOWS\System32\DRIVERS\HSXHWBS2.sys [241664 2005-12-06] (Conexant Systems, Inc.) [File not signed]
R3 HSX_DP; C:\WINDOWS\System32\DRIVERS\HSX_DP.sys [936448 2005-12-06] (Conexant Systems, Inc.) [File not signed]
S3 LCcfltr; C:\WINDOWS\System32\Drivers\LCcFltr.Sys [14095 2004-03-03] (Logitech, Inc.) [File not signed]
R2 mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [12544 2005-10-05] (Conexant) [File not signed]
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [70912 2010-03-04] (NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [168040 2010-04-09] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13824 2010-03-04] (NVIDIA Corporation)
S3 PalmUSBD; C:\WINDOWS\System32\drivers\PalmUSBD.sys [16694 2009-02-02] (PalmSource, Inc.)
R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.) [File not signed]
R3 RT61; C:\WINDOWS\System32\DRIVERS\RT61.sys [356096 2005-10-27] (Ralink Technology Inc.)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\WNt500x86\Sandra.sys [21408 2008-03-10] (SiSoftware)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [14776 2013-05-22] ()
S3 swmidi; C:\WINDOWS\System32\drivers\swmidi.sys [54272 2001-08-17] (Microsoft Corporation) [File not signed]
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
R3 winachsx; C:\WINDOWS\System32\DRIVERS\HSX_CNXT.sys [670208 2005-12-06] (Conexant Systems, Inc.) [File not signed]
S3 AFGMp50; System32\Drivers\AFGMp50.sys [X]
R4 AVGIDSDriverl; system32\DRIVERS\avgidsdriverlx.sys [X]
R4 AVGIDSHX; system32\DRIVERS\avgidshx.sys [X]
R4 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [X]
R4 Avgrkx86; system32\DRIVERS\avgrkx86.sys [X]
R4 Avgtdix; system32\DRIVERS\avgtdix.sys [X]
S3 cpuz134; \??\C:\DOCUME~1\DAD~1.YOU\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S3 DCamUSBVeo532; System32\Drivers\ubVeo532.sys [X]
S0 ftsata2; system32\DRIVERS\ftsata2.sys [X]
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-18 19:45 - 2014-11-18 19:47 - 00000000 ____D () C:\FRST
2014-11-18 19:42 - 2014-11-18 19:42 - 00000000 ____D () C:\RegBackup
2014-11-18 19:41 - 2014-11-18 19:41 - 01346048 _____ (Indigo Rose Corporation) C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\uninstall.exe
2014-11-18 19:41 - 2014-11-18 19:41 - 00325960 _____ () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\lua5.1.dll
2014-11-18 19:41 - 2014-11-18 19:41 - 00001535 _____ () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\Tweaking.com - Registry Backup.lnk
2014-11-18 19:41 - 2014-11-18 19:41 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Start Menu\Programs\Tweaking.com
2014-11-18 19:41 - 2014-11-18 19:41 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\Uninstall
2014-11-18 19:41 - 2014-11-18 19:41 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\files
2014-11-18 19:41 - 2014-11-18 19:41 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\color_presets
2014-11-18 17:33 - 2014-11-18 17:33 - 00000738 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-18 17:33 - 2014-11-18 17:33 - 00000732 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-11-18 17:33 - 2014-11-18 17:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-18 17:18 - 2014-11-18 17:18 - 00000000 ____D () C:\WINDOWS\LastGood
2014-11-18 16:23 - 2014-11-18 19:42 - 00003982 _____ () C:\WINDOWS\setupapi.log
2014-11-18 09:51 - 2014-11-18 09:51 - 00000000 ____D () C:\Documents and Settings\MOM\Application Data\AVG2015
2014-11-18 09:50 - 2014-11-18 09:50 - 00000000 ____D () C:\Documents and Settings\MOM\Local Settings\Application Data\Avg2015
2014-11-15 10:21 - 2014-11-15 10:21 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\AVG2015
2014-11-15 10:05 - 2014-11-18 17:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2015
2014-11-15 10:05 - 2014-11-15 10:05 - 00000000 ____D () C:\Documents and Settings\lexie\Local Settings\Application Data\Avg
2014-11-15 10:05 - 2014-11-15 10:05 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Avg
2014-11-15 10:05 - 2014-11-15 10:05 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Avg
2014-11-15 10:00 - 2014-11-18 17:23 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Avg2015
2014-11-15 01:15 - 2014-11-18 17:02 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d000a3e50162dd.job
2014-11-10 22:01 - 2014-11-18 17:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-07 09:46 - 2014-11-18 17:02 - 00000632 _____ () C:\WINDOWS\Tasks\AVG_SYS_TASK_1114av_RUN.job
2014-11-07 09:46 - 2014-11-07 09:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Avg_Update_1114av
2014-11-04 10:21 - 2014-11-04 10:21 - 03145782 _____ () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Green speed percents.bmp
2014-11-02 07:08 - 2014-10-18 08:55 - 00001044 _____ () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\VGGCaddy.lnk
2014-10-19 04:15 - 2014-11-18 17:02 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfeb85a996920e.job

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-18 19:47 - 2011-07-18 00:20 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\temp
2014-11-18 19:47 - 2009-07-30 20:31 - 00000452 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{A5BA4143-133C-40B2-AB6F-015DCEDD0290}.job
2014-11-18 19:44 - 2012-05-17 21:51 - 00000679 _____ () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\Settings.ini
2014-11-18 19:42 - 2005-11-14 19:58 - 00000000 ____D () C:\WINDOWS\repair
2014-11-18 19:42 - 2005-11-14 19:58 - 00000000 ____D () C:\WINDOWS\Registration
2014-11-18 19:38 - 2012-04-23 20:14 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-18 19:14 - 2010-01-06 10:42 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-18 18:34 - 2011-05-29 08:34 - 01609253 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-18 17:33 - 2010-07-13 05:42 - 00000282 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1016.job
2014-11-18 17:33 - 2010-07-13 05:42 - 00000274 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1016.job
2014-11-18 17:23 - 2013-09-24 00:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-11-18 17:03 - 2014-01-29 18:34 - 00000480 _____ () C:\WINDOWS\Tasks\AVG_REG_0214c.job
2014-11-18 17:03 - 2013-12-10 09:32 - 00000480 _____ () C:\WINDOWS\Tasks\AVG_REG_1113a.job
2014-11-18 17:02 - 2014-08-29 07:03 - 00000632 _____ () C:\WINDOWS\Tasks\AVG_SYS_TASK_0814av_RUN.job
2014-11-18 17:02 - 2014-08-28 08:14 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-11-18 17:02 - 2014-04-18 17:46 - 00000626 _____ () C:\WINDOWS\Tasks\AVG_SYS_TASK_0414b_RUN.job
2014-11-18 17:02 - 2013-12-10 09:32 - 00000462 _____ () C:\WINDOWS\Tasks\AVG_SYS_TASK_DELETE.job
2014-11-18 17:02 - 2013-09-24 09:28 - 00000342 _____ () C:\WINDOWS\Tasks\SmartDefragUpdate.job
2014-11-18 17:02 - 2013-01-28 09:23 - 00000408 _____ () C:\WINDOWS\Tasks\ROC_REG_JAN.job
2014-11-18 17:02 - 2011-05-29 11:09 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-11-18 17:02 - 2011-05-29 11:08 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-11-18 17:02 - 2011-05-29 11:07 - 00032524 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-18 17:02 - 2010-12-17 15:46 - 00000278 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1015.job
2014-11-18 17:02 - 2010-07-31 11:31 - 00000308 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1007.job
2014-11-18 17:02 - 2010-06-12 07:50 - 00000274 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1009.job
2014-11-18 17:02 - 2010-05-31 16:40 - 00000276 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1014.job
2014-11-18 17:02 - 2010-01-06 10:42 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-18 17:01 - 2009-10-12 07:11 - 00000642 _____ () C:\WINDOWS\system32\QosServ.log
2014-11-18 17:01 - 2005-08-30 22:17 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-18 16:47 - 2009-10-12 07:49 - 00393216 _____ () C:\WINDOWS\system32\config\VPN.evt
2014-11-18 16:47 - 2009-07-30 19:20 - 00000178 ___SH () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\ntuser.ini
2014-11-18 15:47 - 2009-07-30 19:20 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75
2014-11-18 14:00 - 2013-04-15 09:33 - 00000456 _____ () C:\WINDOWS\Tasks\At4.job
2014-11-18 10:33 - 2013-04-15 09:33 - 00000456 _____ () C:\WINDOWS\Tasks\At3.job
2014-11-18 10:13 - 2008-04-12 12:27 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-18 10:10 - 2013-04-15 09:33 - 00000456 _____ () C:\WINDOWS\Tasks\At1.job
2014-11-18 09:53 - 2008-01-31 18:11 - 00000178 ___SH () C:\Documents and Settings\MOM\ntuser.ini
2014-11-18 09:51 - 2011-07-18 22:42 - 00000000 ____D () C:\Documents and Settings\MOM\Local Settings\temp
2014-11-17 20:40 - 2013-04-15 09:33 - 00000456 _____ () C:\WINDOWS\Tasks\At2.job
2014-11-16 14:54 - 2012-02-01 21:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Driver Genius Professional Edition
2014-11-15 13:55 - 2011-11-20 20:41 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Google
2014-11-15 13:55 - 2009-07-30 19:24 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla
2014-11-15 10:47 - 2013-09-24 00:15 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Avg2014
2014-11-15 10:22 - 2009-02-16 18:06 - 00000000 ____D () C:\Program Files\AVG
2014-11-15 10:21 - 2013-09-24 00:19 - 00000000 ___HD () C:\$AVG
2014-11-15 09:26 - 2011-08-28 20:47 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2014-11-15 01:43 - 2010-05-31 16:40 - 00000284 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1014.job
2014-11-14 11:34 - 2011-05-30 01:06 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\WMTools Downloaded Files
2014-11-14 08:52 - 2013-12-06 09:52 - 00020480 _____ () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-13 14:15 - 2011-05-18 11:54 - 00000000 ___RD () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Resumes
2014-11-13 11:59 - 2010-12-17 15:46 - 00000286 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1015.job
2014-11-12 20:07 - 2010-07-31 11:31 - 00000316 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1007.job
2014-11-12 17:20 - 2008-07-21 19:36 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-11-12 03:18 - 2008-02-11 20:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-11-12 03:13 - 2013-08-13 22:26 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-12 03:05 - 2008-02-01 08:56 - 100445232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-12 00:30 - 2014-08-28 08:14 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-11-11 15:38 - 2012-04-23 20:14 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-11 15:38 - 2011-05-18 11:16 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-11-09 23:15 - 2011-12-14 19:15 - 00000000 ____D () C:\Program Files\Mahjongg - Ancient Mayas
2014-11-08 15:00 - 2014-03-22 05:09 - 00000212 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-11-05 07:17 - 2010-06-06 21:31 - 00000282 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1009.job
2014-11-04 10:21 - 2011-12-24 18:30 - 00432640 __SHC () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Thumbs.db
2014-11-03 10:22 - 2014-10-01 23:05 - 00000000 ____D () C:\Katstown Solutions
2014-11-02 07:12 - 2013-10-03 23:44 - 00002315 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-02 07:05 - 2005-08-30 22:07 - 00703420 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-31 23:30 - 2014-08-28 08:14 - 00000446 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-10-26 06:00 - 2011-07-24 00:00 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\HpUpdate
2014-10-21 07:53 - 2012-05-02 17:59 - 01397728 _____ (Tweaking.com) C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\TweakingRegistryBackup.exe

Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-11-2014
Ran by Dad at 2014-11-18 19:48:33
Running from C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.0.626 - Adobe Systems, Inc.)
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music Importer (HKLM\...\com.amazon.music.uploader) (Version: 2.0.1 - Amazon Services LLC)
Amazon Music Importer (Version: 2.0.1 - Amazon Services LLC) Hidden
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - )
Avaya one-X Communicator (HKLM\...\{EE827DAC-71E4-4E98-805C-66E2CBF41513}) (Version: 1.0.0.84 - Avaya Inc.)
Belarc Advisor 7.2 (HKLM\...\Belarc Advisor) (Version: - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Budget Sheet Manager V4.0 (HKLM\...\Budget Sheet Manager V4.0) (Version: - )
BufferChm (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Cisco AnyConnect VPN Client (HKLM\...\{68D47332-A69E-4B72-83B7-D34AE73B0CE8}) (Version: 2.2.0128 - Cisco Systems, Inc.)
Coby Media Manager (HKLM\...\{9A4F58EC-AA61-4382-81B3-80971396F851}) (Version: 1.0.4313 - Coby)
CP_AtenaShokunin1Config (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CP_CalendarTemplates1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
cp_LightScribeConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
cp_OnlineProjectsConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CP_Package_Basic1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CP_Package_Variety1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CP_Package_Variety2 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CP_Package_Variety3 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CP_Panorama1Config (Version: 70.0.170.000 - Hewlett-Packard) Hidden
cp_PosterPrintConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
cp_UpdateProjectsConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation)
CueTour (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Data Fax SoftModem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: - )
Destinations (Version: 70.0.170.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DJ3510FWUpdateAlert (Version: 1.00.0000 - HP) Hidden
eCalc Scientific (v1.5) (HKLM\...\{A3960197-74C2-4362-B816-11AB39E9C84D}_is1) (Version: - eCalc.com)
Free NaturalReader (HKLM\...\{1F2DF2C6-08F7-40BD-8E85-D16CB436E7F0}) (Version: 9.0 - NaturalSoft Limited)
FullDPAppQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM\...\{37C5A56A-00EA-347B-B7A1-5628BED56702}) (Version: 1.8.0.0 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HandBrake 0.9.9.1 (HKLM\...\HandBrake) (Version: 0.9.9.1 - )
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
HP Boot Optimizer (HKLM\...\{1341D838-719C-4A05-B50F-49420CA1B4BB}) (Version: 3.0.0 - Hewlett-Packard)
HP Deskjet 3510 series Basic Device Software (HKLM\...\{9F1F6E90-519F-4217-9A4B-466632D5CCCB}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3510 series Help (HKLM\...\{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}) (Version: 28.0.0 - Hewlett Packard)
HP Deskjet 3510 series Product Improvement Study (HKLM\...\{1006DA78-79A1-43AD-BEB9-7CDCDAEFD588}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP DVD Play 2.1 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: - )
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 7.0 (HKLM\...\HP Imaging Device Functions) (Version: 7.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart Premier Software 6.5 (HKLM\...\HP Photo & Imaging) (Version: 6.5 - HP)
HP Support Overview (HKLM\...\{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1) (Version: 1.0.0 - Hewlett-Packard Company)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HP Web Helper (HKLM\...\{DAAD5187-62C5-4AD6-A526-803C18C4944D}) (Version: - )
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoSmartExpress (Version: 70.0.170.000 - Hewlett-Packard) Hidden
HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden
InstantShareAlert (Version: 1.00.0000 - HP) Hidden
InstantShareDevices (Version: 70.0.170.000 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Kats Calculators (HKU\S-1-5-21-2250449246-3165194149-3948157566-1016\...\0992c2e475ab8f1e) (Version: 2.0.0.8 - Katstown Solutions)
Kats Wind and Putting Calculators (HKLM\...\{F1F55522-3481-510E-4481-002E73EC7444}) (Version: 9.0.21022.8 - Katstown Solutions)
LightScribe 1.4.105.1 (Version: 1.4.105.1 - http://www.lightscribe.com) Hidden
Mahjongg - Ancient Mayas (HKLM\...\{2E6F5711-0A88-460A-B4C8-EB64573BF7E9}_is1) (Version: - cerasus.media GmbH)
MasterCook Deluxe 9 (HKLM\...\InstallShield_{99B366B0-76B6-4DBA-95A3-A730015A7D01}) (Version: 9.0.000 - ValuSoft)
MasterCook Deluxe 9 (Version: 9.0.000 - ValuSoft) Hidden
Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB953295) (HKLM\...\KB953295) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM\...\KB979904) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Away Mode (HKLM\...\AwayMode160) (Version: 6.0.0160.0 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
Move Networks Media Player for Internet Explorer (HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\...\Move Networks Player - IE) (Version: - )
Mozilla Firefox 33.1.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My HP Games (HKLM\...\WildTangent compaq Master Uninstall) (Version: HPCMPQ1404 - WildTangent)
MyBudgetPlanner (HKLM\...\{12FC1931-EC4C-4884-93EA-7744B238A5B9}) (Version: - )
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9713 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA nView 135.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 135.95 - NVIDIA Corporation)
NVIDIA Update 1.5.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.5.20 - NVIDIA Corporation)
OptionalContentQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Palm (HKLM\...\{32EF6F81-583E-4127-918D-D3768A8957C4}) (Version: 4.1.0420 - Palm, Inc.)
PC-Doctor 5 for Windows (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4060.15 - PC-Doctor, Inc.)
PhotoGallery (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Python 2.2 pywin32 extensions (build 203) (HKLM\...\pywin32-py2.2) (Version: - )
Python 2.2.3 (HKLM\...\Python 2.2.3) (Version: 2.2.3 - PythonLabs at Zope Corporation)
Quicken 2006 (HKLM\...\{2818095F-FB6C-42C8-827E-0A406CC9AFF5}) (Version: 15.1.4.5 - Intuit)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RandMap (Version: 70.0.170.000 - Hewlett-Packard) Hidden
RealPlayer (HKLM\...\RealPlayer 12.0) (Version: - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6526 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shop'NCook Pro version 4.0.17 (HKLM\...\{C8797726-5DE1-4609-9335-D5D1BA0C28B6}_is1) (Version: 4.0.17 - Rufenacht Innovative)
SiSoftware Sandra Lite XII.SP2a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1) (Version: 14.20.2008.4 - SiSoftware)
SkinsHP1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
SlideShow (Version: 70.0.170.000 - Hewlett-Packard) Hidden
SlideShowMusic (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Sonic Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Sonic Solutions)
Sonic MyDVD Plus (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.2.0 - Sonic Solutions)
Sonic RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.6 - Sonic Solutions)
Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.6 - Sonic Solutions)
Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.6 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Sonic_PrimoSDK (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TWC WiFi (HKLM\...\TWC WiFi_is1) (Version: - )
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
Unload (Version: 7.0.0 - Hewlett-Packard) Hidden
Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version: - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live installer (HKLM\...\{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}) (Version: 12.0.1471.1025 - Microsoft Corporation)
Windows Live Messenger (HKLM\...\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}) (Version: 8.5.1302.1018 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Movie Maker 6.1 (HKLM\...\{3CC29C1A-B5FE-457B-8F22-32A2winmovie}}_is1) (Version: - win-movie-maker-free)
Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB908246 (HKLM\...\KB908246) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB925766 (HKLM\...\KB925766) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version: - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Wireless-G PCI Adapter (HKLM\...\{88742616-A6E9-4C7E-9665-B625799541FB}) (Version: - )
Yahoo! Toolbar (HKLM\...\Yahoo! Toolbar) (Version: - )
YTD Video Downloader 4.7.4 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.7.4 - GreenTree Applications SRL) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{0944D16C-D0E3-4389-982A-A085595A9EB3}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Google\Update\1.3.25.5 (the data entry has 19 more characters).
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{3831331E-0D00-4716-871D-68F3B11D23C9}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{3DCD2BC5-8478-48AE-891F-90C8B2F19F56}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{52C01A76-19D1-4A50-AE8A-38FFBCCF9182}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{5954EA75-9BE9-461A-BD34-CEA3A861FF19}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{762EC429-1A4C-4AB8-844A-9A552E1241DA}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Google\Update\1.3.24.1 (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{A506EF88-9EEB-4522-BFE1-A8E886A64D80}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{A5704C37-40C9-49EF-904B-97E5F5F9B1C5}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{B87799AF-2CD8-4DAA-93CF-65F002035369}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{BBC73C94-336B-43CC-B52C-31EB9FA34013}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{C406F816-317C-4F7D-81CB-BA93CA7B70D5}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{D502D4A3-03D5-4EAE-A14E-69606CA63430}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{EC22770D-3332-4C56-8A8D-3E560475F655}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()

==================== Restore Points =========================

21-08-2014 10:25:29 System Checkpoint
22-08-2014 11:25:23 System Checkpoint
23-08-2014 12:25:20 System Checkpoint
24-08-2014 13:25:18 System Checkpoint
25-08-2014 13:25:36 System Checkpoint
26-08-2014 16:19:33 System Checkpoint
27-08-2014 17:04:40 System Checkpoint
28-08-2014 18:04:44 System Checkpoint
29-08-2014 18:33:56 System Checkpoint
30-08-2014 18:36:08 System Checkpoint
31-08-2014 19:36:07 System Checkpoint
01-09-2014 20:36:11 System Checkpoint
02-09-2014 20:38:35 System Checkpoint
03-09-2014 21:13:13 System Checkpoint
04-09-2014 22:14:16 System Checkpoint
05-09-2014 23:13:05 System Checkpoint
06-09-2014 23:51:44 System Checkpoint
07-09-2014 23:54:11 System Checkpoint
09-09-2014 00:54:06 System Checkpoint
10-09-2014 01:55:10 System Checkpoint
11-09-2014 02:12:43 System Checkpoint
12-09-2014 03:09:19 System Checkpoint
12-09-2014 04:41:17 Software Distribution Service 3.0
13-09-2014 05:29:02 System Checkpoint
14-09-2014 06:09:22 System Checkpoint
15-09-2014 06:39:02 System Checkpoint
16-09-2014 07:39:03 System Checkpoint
17-09-2014 08:39:04 System Checkpoint
18-09-2014 09:39:05 System Checkpoint
19-09-2014 10:39:05 System Checkpoint
20-09-2014 11:39:04 System Checkpoint
21-09-2014 12:11:30 System Checkpoint
22-09-2014 13:11:29 System Checkpoint
23-09-2014 15:47:55 System Checkpoint
24-09-2014 17:06:24 System Checkpoint
25-09-2014 17:09:59 System Checkpoint
26-09-2014 18:03:56 System Checkpoint
27-09-2014 19:03:57 System Checkpoint
28-09-2014 19:16:38 System Checkpoint
29-09-2014 20:03:55 System Checkpoint
30-09-2014 20:41:52 System Checkpoint
01-10-2014 20:42:12 System Checkpoint
02-10-2014 21:42:13 System Checkpoint
03-10-2014 21:45:29 System Checkpoint
04-10-2014 22:01:17 System Checkpoint
06-10-2014 04:40:03 System Checkpoint
07-10-2014 06:03:22 System Checkpoint
08-10-2014 06:53:01 System Checkpoint
09-10-2014 13:51:02 System Checkpoint
10-10-2014 17:47:08 System Checkpoint
11-10-2014 18:40:16 System Checkpoint
12-10-2014 19:40:17 System Checkpoint
13-10-2014 20:14:51 System Checkpoint
14-10-2014 21:14:43 System Checkpoint
15-10-2014 22:14:39 System Checkpoint
16-10-2014 07:00:07 Software Distribution Service 3.0
17-10-2014 06:23:43 Removed Java 7 Update 67
18-10-2014 07:16:41 System Checkpoint
19-10-2014 08:13:31 System Checkpoint
20-10-2014 08:14:12 System Checkpoint
21-10-2014 08:58:19 System Checkpoint
22-10-2014 09:58:22 System Checkpoint
23-10-2014 10:58:18 System Checkpoint
24-10-2014 13:00:45 System Checkpoint
25-10-2014 13:17:19 System Checkpoint
26-10-2014 13:58:19 System Checkpoint
27-10-2014 14:58:22 System Checkpoint
28-10-2014 16:39:10 System Checkpoint
29-10-2014 17:11:01 System Checkpoint
30-10-2014 17:15:59 System Checkpoint
31-10-2014 17:56:06 System Checkpoint
01-11-2014 18:55:44 System Checkpoint
02-11-2014 19:03:15 System Checkpoint
03-11-2014 20:03:22 System Checkpoint
04-11-2014 21:03:04 System Checkpoint
05-11-2014 22:03:00 System Checkpoint
06-11-2014 23:03:17 System Checkpoint
08-11-2014 00:25:16 System Checkpoint
09-11-2014 00:25:58 System Checkpoint
10-11-2014 01:25:52 System Checkpoint
11-11-2014 02:34:04 System Checkpoint
12-11-2014 02:44:28 System Checkpoint
12-11-2014 09:05:38 Software Distribution Service 3.0
13-11-2014 09:09:53 System Checkpoint
14-11-2014 10:09:42 System Checkpoint
15-11-2014 11:09:52 System Checkpoint
15-11-2014 16:04:20 Installed AVG 2015
15-11-2014 16:06:38 Installed AVG 2015
15-11-2014 19:55:17 Removed Google Talk Plugin
15-11-2014 19:57:47 Removed Visual Studio 2012 x86 Redistributables
16-11-2014 20:36:46 System Checkpoint
17-11-2014 21:28:21 System Checkpoint
18-11-2014 23:17:34 Removed AVG 2015
18-11-2014 23:19:25 Removed AVG 2015

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-10 05:00 - 2011-07-18 22:38 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\AVG_REG_0214c.job => C:\Documents and Settings\All Users\Application Data\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe
Task: C:\WINDOWS\Tasks\AVG_REG_1113a.job => C:\Documents and Settings\All Users\Application Data\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe
Task: C:\WINDOWS\Tasks\AVG_SYS_TASK_0414b_RUN.job => C:\Documents and Settings\All Users\Application Data\Avg_Update_0414b\AVG-Secure-Search-Update_0414b.exe
Task: C:\WINDOWS\Tasks\AVG_SYS_TASK_0814av_RUN.job => C:\Documents and Settings\All Users\Application Data\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe
Task: C:\WINDOWS\Tasks\AVG_SYS_TASK_1114av_RUN.job => C:\Documents and Settings\All Users\Application Data\Avg_Update_1114av\AVG-Secure-Search-Update_1114av.exe
Task: C:\WINDOWS\Tasks\AVG_SYS_TASK_DELETE.job => C:\Documents and Settings\All Users\Application Data\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfeb85a996920e.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d000a3e50162dd.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1009.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1014.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1015.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1016.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1009.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1014.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1015.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1016.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\ReclaimerResumeInstall_Dad.job => C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\ROC_REG_JAN.job => C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign\ROC.exe
Task: C:\WINDOWS\Tasks\ROC_REG_JAN_DELETE.job => C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign\ROC.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\WINDOWS\Tasks\SmartDefragUpdate.job => C:\_OTL\MovedFiles\09242013_010637\C_Program Files\IObit\Smart Defrag 2\AutoUpdate.exe
Task: C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job => C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{A5BA4143-133C-40B2-AB6F-015DCEDD0290}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2004-08-09 22:00 - 2011-02-04 17:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll
2004-08-09 22:00 - 2013-01-02 00:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2004-08-09 22:00 - 2008-04-13 18:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-09 22:00 - 2008-04-13 18:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-08-28 08:13 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-28 08:13 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-28 08:13 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-08-28 08:13 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-08-28 08:13 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-11-18 17:33 - 2014-11-13 20:42 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:581B0446
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:6F1F66C0
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BED8A204
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:F085C8A1

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\WINDOWS\pss\Secunia PSI Tray.lnkCommon Startup
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: AVG_TRAY => C:\Program Files\AVG\AVG10\avgtray.exe
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPDJ Taskbar Utility => C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

========================= Accounts: ==========================

Administrator (S-1-5-21-2250449246-3165194149-3948157566-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-2250449246-3165194149-3948157566-1018 - Limited - Enabled)
Compaq_Administrator (S-1-5-21-2250449246-3165194149-3948157566-1007 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Compaq_Administrator
Dad (S-1-5-21-2250449246-3165194149-3948157566-1016 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Dad.YOUR-4DACD0EA75
Guest (S-1-5-21-2250449246-3165194149-3948157566-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-2250449246-3165194149-3948157566-1006 - Limited - Disabled)
lexie (S-1-5-21-2250449246-3165194149-3948157566-1015 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\lexie
MOM (S-1-5-21-2250449246-3165194149-3948157566-1009 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\MOM
SUPPORT_388945a0 (S-1-5-21-2250449246-3165194149-3948157566-1002 - Limited - Disabled)
SUPPORT_fddfa904 (S-1-5-21-2250449246-3165194149-3948157566-1005 - Limited - Disabled)
UpdatusUser (S-1-5-21-2250449246-3165194149-3948157566-1017 - Limited - Enabled) => %SystemDrive%\Documents and Settings\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/18/2014 07:42:24 PM) (Source: COM+) (EventID: 4691) (User: )
Description: The run-time environment was unable to initialize for transactions required to support transactional components. Make sure that MS-DTC is running. (DtcGetTransactionManagerEx(): hr = 0x8004d027)

Error: (11/18/2014 07:42:24 PM) (Source: MSDTC Client) (EventID: 4427) (User: )
Description: Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215, Pid: 2948
No Callstack,
CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

Error: (11/17/2014 06:47:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 33.1.0.5423, faulting module mozalloc.dll, version 33.1.0.5423, fault address 0x00001425.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (11/15/2014 10:20:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avgui.exe, version 14.0.0.4765, faulting module avgui.exe, version 14.0.0.4765, fault address 0x002196ba.
Processing media-specific event for [avgui.exe!ws!]

Error: (11/10/2014 08:40:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 33.0.3.5422, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/04/2014 08:24:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 33.0.2.5413, faulting module mozalloc.dll, version 33.0.2.5413, fault address 0x00001425.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (11/04/2014 08:24:02 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 33.0.2.5413, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/01/2014 06:22:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 33.0.2.5413, faulting module mozalloc.dll, version 33.0.2.5413, fault address 0x00001425.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (11/01/2014 06:22:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 33.0.2.5413, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/01/2014 05:38:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 33.0.2.5413, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (11/18/2014 05:03:09 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ftsata2

Error: (11/18/2014 05:03:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (11/18/2014 05:03:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (11/18/2014 05:01:25 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.0.4 for the Network Card with network address 001C10E3BFC0 has been
denied by the DHCP server 192.168.223.1 (The DHCP Server sent a DHCPNACK message).

Error: (11/18/2014 10:30:28 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.

Error: (11/18/2014 10:29:58 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ftsata2

Error: (11/18/2014 10:29:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (11/18/2014 10:29:53 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (11/18/2014 10:13:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AVGIDSAgent service terminated unexpectedly. It has done this 1 time(s).

Error: (11/18/2014 09:59:51 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.


Microsoft Office Sessions:
=========================
Error: (06/11/2010 07:01:40 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 6Microsoft Office Outlook12.0.6514.500012.0.6425.100000

Error: (01/29/2010 11:04:30 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.6504.500012.0.6425.1000304903120

Error: (09/07/2009 01:51:02 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.6504.500012.0.6215.1000440


==================== Memory info ===========================

Processor: AMD Athlon(tm) 64 Processor 3500+
Percentage of memory in use: 81%
Total physical RAM: 702.48 MB
Available physical RAM: 126.67 MB
Total Pagefile: 1335.42 MB
Available Pagefile: 690.44 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.92 MB

==================== Drives ================================

Drive c: (PRESARIO) (Fixed) (Total:140.47 GB) (Free:57.19 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: (PRESARIO_RP) (Fixed) (Total:8.56 GB) (Free:0.58 GB) FAT32 ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: DB5CA2A0)
Partition 1: (Active) - (Size=140.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=8.6 GB) - (Type=0C)

==================== End Of Log ============================

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2014-11-18 19:53:31
-----------------------------
19:53:31.750 OS Version: Windows 5.1.2600 Service Pack 3
19:53:31.750 Number of processors: 1 586 0x4F02
19:53:31.750 ComputerName: YOUR-4DACD0EA75 UserName: Dad
19:53:32.125 Initialize success
19:53:32.218 VM: initialized successfully
19:53:32.218 VM: Amd CPU virtualization not supported
19:57:34.093 AVAST engine defs: 14111802
20:49:24.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0
20:49:24.828 Disk 0 Vendor: ST316081 3.AH Size: 152627MB BusType: 3
20:49:25.062 Disk 0 MBR read successfully
20:49:25.062 Disk 0 MBR scan
20:49:26.218 Disk 0 unknown MBR code
20:49:26.234 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 143839 MB offset 63
20:49:26.265 Disk 0 unknown boot code
20:49:27.218 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 8777 MB offset 294599970
20:49:27.562 Disk 0 statistics 287/0/0 @ 0.90 MB/s
20:49:27.578 Scan finished successfully
20:50:16.453 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\MBR.dat"
20:50:16.546 The log file has been saved successfully to "C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\aswMBR.txt"

Juliet
2014-11-20, 13:16
YTD Video Downloader 4.7.4
Please remove the above through your add/remove programs list, then reboot.

~~~~~~~~~~~~

Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xehzOq95.png.pagespeed.ic.1o1xpAkZbO.png Backup Internet Explorer Favourites (http://www.wikihow.com/Back-Up-Favorites-in-Internet-Explorer)
http://2-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xQlf57ne.png.pagespeed.ic.SnwgqhVB9v.jpg Backup Firefox Bookmarks (https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer)
http://i.imgur.com/U5NwUGc.png Backup Chrome Bookmarks (http://www.wikihow.com/Export-Bookmarks-from-Chrome)
http://i.imgur.com/MMFS6Lg.png Backup Opera Bookmarks (http://www.howtogeek.com/136116/how-to-easily-back-up-and-migrate-your-browser-bookmarks/) (scroll down)


Proceed with the reset once done.

http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xehzOq95.png.pagespeed.ic.1o1xpAkZbO.png Internet Explorer: How to reset Internet Explorer settings (http://support.microsoft.com/kb/923737)
http://2-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xQlf57ne.png.pagespeed.ic.SnwgqhVB9v.jpg Firefox: Reset Firefox (https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems)
http://i.imgur.com/U5NwUGc.png Chrome: Chrome - Reset browser settings (https://support.google.com/chrome/answer/3296214?hl=en)
http://i.imgur.com/MMFS6Lg.png Opera: How to perform a clean reinstall of Opera (http://my.opera.com/spadija/blog/2011/10/17/how-to-perform-a-really-clean-reinstall-of-opera)

~~~~~~~~~~~~~~~~~~~

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)



start
CloseProcesses:
HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
HKU\S-1-5-21-2250449246-3165194149-3948157566-1017\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.google.com" <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\.DEFAULT -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={4798F553-7C93-4DCC-BBC6-D3B781E18F93}&mid=5ce3a7b7122419458ab8edb14ebe45e0-20956b97e42a87a2206895cb73fb0ddfe8cc8e67&lang=en&ds=oc011&pr=sa&d=2013-05-04 22:49:17&v=15.4.0.5&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
CHR HKLM\...\Chrome\Extension: [aacbndibbcpajfgnkdkaakeiojmmgmnk] - C:\Documents and Settings\MOM\Application Data\Media Finder\Extensions\mf_plugin_gc.crx []
CHR HKLM\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files\Coupons.com CouponBar\chrome\Coupons.com.crx []
CHR HKLM\...\Chrome\Extension: [jpihmmhdcobmllpcnpfbhnipmhamldje] - C:\Documents and Settings\MOM\Application Data\Media Finder\Extensions\gencrawler_gc.crx [2010-05-31]
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:581B0446
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:6F1F66C0
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BED8A204
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:F085C8A1
EmptyTemp:
Hosts:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~~`

Malwarebytes Anti-Rootkit

Download http://www.imgdumper.nl/uploads6/51a5f31352f71/51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit (https://malwarebytes.app.box.com/s/xiaxsbl4cjdyyqx5wp8q) to your desktop.

Double-click the icon to start the tool.
It will ask you where to extract it, then it will start.
Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
Click in the introduction screen "next" to continue.
Click in the following screen "Update" to obtain the latest malware definitions.
Once the update is complete select "Next" and click "Scan".
When the scan is finished and no malware has been found select "Exit".
If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
Open the MBAR folder and paste the content of the following files in your next reply:

"mbar-log-{date} (xx-xx-xx).txt"
"system-log.txt"



Please post:
Fixlog.txt
Malwarebytes Anti-Rootkit log

speedinc
2014-11-22, 06:59
Guess we're good. Here's the logs:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 17-11-2014
Ran by Dad at 2014-11-21 15:46:19 Run:2
Running from C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop
Loaded Profile: Dad (Available profiles: Compaq_Administrator & MOM & lexie & Dad & UpdatusUser & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CloseProcesses:
HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
HKU\S-1-5-21-2250449246-3165194149-3948157566-1017\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.google.com" <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\.DEFAULT -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={4798F553-7C93-4DCC-BBC6-D3B781E18F93}&mid=5ce3a7b7122419458ab8edb14ebe45e0-20956b97e42a87a2206895cb73fb0ddfe8cc8e67&lang=en&ds=oc011&pr=sa&d=2013-05-04 22:49:17&v=15.4.0.5&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
CHR HKLM\...\Chrome\Extension: [aacbndibbcpajfgnkdkaakeiojmmgmnk] - C:\Documents and Settings\MOM\Application Data\Media Finder\Extensions\mf_plugin_gc.crx []
CHR HKLM\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files\Coupons.com CouponBar\chrome\Coupons.com.crx []
CHR HKLM\...\Chrome\Extension: [jpihmmhdcobmllpcnpfbhnipmhamldje] - C:\Documents and Settings\MOM\Application Data\Media Finder\Extensions\gencrawler_gc.crx [2010-05-31]
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:581B0446
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:6F1F66C0
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BED8A204
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:F085C8A1
EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.

"HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\Software\Microsoft\Internet Explorer\Main -> Listing permissions failed. Key not found.
HKU\S-1-5-21-2250449246-3165194149-3948157566-1017\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.

"HKU\S-1-5-21-2250449246-3165194149-3948157566-1017\Software\Microsoft\Internet Explorer\Main -> Listing permissions failed. Key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully.
"HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key not found.
C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\aacbndibbcpajfgnkdkaakeiojmmgmnk" => Key deleted successfully.
"C:\Documents and Settings\MOM\Application Data\Media Finder\Extensions\mf_plugin_gc.crx" => File/Directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf" => Key deleted successfully.
"C:\Program Files\Coupons.com CouponBar\chrome\Coupons.com.crx" => File/Directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\jpihmmhdcobmllpcnpfbhnipmhamldje" => Key deleted successfully.
"C:\Documents and Settings\MOM\Application Data\Media Finder\Extensions\gencrawler_gc.crx" => File/Directory not found.
C:\Windows\Tasks\At1.job => Moved successfully.
C:\Windows\Tasks\At2.job => Moved successfully.
C:\Windows\Tasks\At3.job => Moved successfully.
C:\Windows\Tasks\At4.job => Moved successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":581B0446" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":5C321E34" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":6F1F66C0" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":8CE646EE" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":BED8A204" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":F085C8A1" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 27.1 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.204000 GHz
Memory total: 736608256, free: 92344320

Downloaded database version: v2014.11.21.11
Downloaded database version: v2014.11.21.01
=======================================
Initializing...
------------ Kernel report ------------
11/21/2014 16:20:11
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
viaide.sys
intelide.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
nvgts.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
SmartDefragDriver.sys
Mup.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\processr.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\pfc.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\RT61.sys
\SystemRoot\system32\DRIVERS\HSXHWBS2.sys
\SystemRoot\system32\DRIVERS\HSX_DP.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvnetbus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\arkbcfltr.sys
\SystemRoot\system32\DRIVERS\arpolicy.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\NVENETFD.sys
\SystemRoot\system32\DRIVERS\NVNRM.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\WINDOWS\system32\drivers\avgtpx86.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\tcpip6.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\drivers\ip6fw.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\arhidfltr.sys
\SystemRoot\System32\Drivers\BANTExt.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\armoucfltr.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvgts.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\TDTCP.SYS
\SystemRoot\System32\Drivers\RDPWD.SYS
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff83462ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Scsi\nvgts1Port2Path0Target0Lun0\
Lower Device Object: 0xffffffff8336aa38
Lower Device Driver Name: \Driver\nvgts\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff83462ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff83462890, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff83462ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff83431920, DeviceName: \Device\00000073\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8336aa38, DeviceName: \Device\Scsi\nvgts1Port2Path0Target0Lun0\, DriverName: \Driver\nvgts\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File "C:\WINDOWS\system32\drivers\103C_HP_CPC_RE473AA-ABA SR2020NX NA680_YC_0Pres_QCNH634_E64NAemREA3_48_INAOS_SASUSTek Computer INC._V1.05_B3.00_T060630_WXP2_L409_M447_J40_7AMD_8Athlon 64_92.2_#070103_N_Z14F12F20_G10DE0241.MRK" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\103C_HP_CPC_RE473AA-ABA SR2020NX NA680_YC_0Pres_QCNH634_E64NAemREA3_48_INAOS_SASUSTek Computer INC._V1.05_B3.00_T060630_WXP2_L409_M447_J40_7AMD_8Athlon 64_92.2_#070103_N_Z14F12F20_G10DE0241.MRK" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\HSFProf.cty" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\HSFProf.cty" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\cxthsfs2.cty" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\gm.dls" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\gmreadme.txt" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\netwlan5.img" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ativmc20.cod" is compressed (flags = 1)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: DB5CA2A0

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 294583842
Partition file system is NTFS
Partition is bootable

Partition 1 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 294599970 Numsec = 17976735

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Done!
File "C:\Documents and Settings\Dad.YOUR-4DACD0EA75\IETldCache\index.dat" is compressed (flags = 1)
Scan finished

Juliet
2014-11-22, 14:19
Please follow the link below and instructions to see which version of Java you have on the machine.
https://www.java.com/en/download/installed.jsp


********
Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.


Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"




http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMDashboard_zpsddef9b5f.gif (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMDashboard_zpsddef9b5f.gif.html)



On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Dections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
When the scan is finished and the log pops up...select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes


***************************************

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.


Go here (http://www.eset.com/us/online-scanner/) to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

Note:
For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html).
Click the blue Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
Click on Advanced Settings
Make sure that the option Remove found threats is unticked.
Ensure these options are ticked

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology


Click Start
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
Close the ESET online scan.


*************************************

speedinc
2014-11-22, 23:52
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/22/2014
Scan Time: 1:22:22 PM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.22.11
Rootkit Database: v2014.11.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Dad

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 575299
Time Elapsed: 44 min, 23 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


C:\AdwCleaner\Backup\C\Documents and Settings\DAD.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\prefs_23_09_2013_01_58_20.js JS/SecurityDisabler.A.Gen potentially unwanted application deleted - quarantined
C:\AdwCleaner\Backup\C\Documents and Settings\DAD.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\prefs_24_09_2013_23_24_34.js JS/SecurityDisabler.A.Gen potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\DAD.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\user.js.vir JS/SecurityDisabler.A.Gen potentially unwanted application deleted - quarantined
C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\solid-install\InstallManagerX.exe Win32/InstallMonetizer.AZ potentially unwanted application deleted - quarantined
E:\I386\APPS\APP17286\src\CompaqPresario_Spring06.exe a variant of Win32/AdInstaller potentially unwanted application deleted - quarantined
E:\I386\APPS\APP17286\src\HPPavillion_Spring06.exe a variant of Win32/AdInstaller potentially unwanted application deleted - quarantined

Juliet
2014-11-23, 01:40
Looks good just 1 file to remove

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)



start
CloseProcesses:
C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\solid-install\InstallManagerX.exe
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


Ready to remove tools and quarantine folders?

speedinc
2014-11-23, 18:49
Oh Wow. I removed some of the tools I had to download already!:sad:
I added an anti-virus program (AVAST) but the stupid thing added links to Amazon and E-bay to my browser!:mad:
Do I have to uninstall and reinstall the browser again to get rid of those links?

here's the fixit log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-11-2014
Ran by Dad at 2014-11-23 09:22:26 Run:4
Running from C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop
Loaded Profiles: Dad & UpdatusUser (Available profiles: Compaq_Administrator & MOM & lexie & Dad & UpdatusUser & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CloseProcesses:
C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\solid-install\InstallManagerX.exe
End
*****************

Processes closed successfully.
"C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\solid-install\InstallManagerX.exe" => File/Directory not found.


The system needed a reboot.

==== End of Fixlog ====

Juliet
2014-11-23, 23:19
I added an anti-virus program (AVAST) but the stupid thing added links to Amazon and E-bay to my browser
Have you run another tool and this showed up?

I haven't heard of this coming in Avast before.
First, look through your add/remove programs list for items you don't want and can be removed this way.

Juliet
2014-12-20, 16:38
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.