delgadob
2015-04-28, 20:21
Admin Edit
Helpers please see original topic in Spybot Forum for background: http://forums.spybot.info/showthread.php?72288-Virus-not-removed (http://forums.spybot.info/showthread.php?72288-Virus-not-removed&p=463826#post463826)
Hello,
With my deepest and sincere thanks for the continued help, here are the two files requested:
FYI: because of work I will not be able to do anything with your reply until I come back in the country, this coming Monday.
Bert
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-04-2015 01
Ran by Bert Delgado (administrator) on BERT-PNGR3X4VZS on 28-04-2015 12:55:47
Running from C:\Documents and Settings\Bert Delgado\Desktop
Loaded Profiles: Bert Delgado & UpdatusUser (Available profiles: Bert Delgado & UpdatusUser)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IDT, Inc.) C:\Program Files\IDT\IntelXPV_v103\WDM\stacsv.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(SlySoft, Inc.) C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
(Webroot Software, Inc.) C:\Program Files\Webroot\Washer\wwDisp.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK32.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\WINDOWS\system32\PSIService.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Webroot Software, Inc.) C:\Program Files\Webroot\Washer\WasherSvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1634112 2012-02-10] ()
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2010-07-06] (ATI Technologies Inc.)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2052111302-1844823847-839522115-1003\...\Run: [AnyDVD] => C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [109480 2015-03-16] (SlySoft, Inc.)
HKU\S-1-5-21-2052111302-1844823847-839522115-1003\...\Run: [Window Washer] => C:\Program Files\Webroot\Washer\wwDisp.exe [1206600 2007-11-26] (Webroot Software, Inc.)
HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2015-02-03]
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
Startup: C:\Documents and Settings\Bert Delgado\Start Menu\Programs\Startup\HELP_DECRYPT.HTML [2015-04-10] ()
Startup: C:\Documents and Settings\Bert Delgado\Start Menu\Programs\Startup\HELP_DECRYPT.PNG [2015-04-08] ()
Startup: C:\Documents and Settings\Bert Delgado\Start Menu\Programs\Startup\HELP_DECRYPT.TXT [2015-04-08] ()
InternetURL: C:\Documents and Settings\Bert Delgado\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://7oqnsnzwwnm6zb7y.icepaytor.com/w22L89
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2052111302-1844823847-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2052111302-1844823847-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKU\S-1-5-21-2052111302-1844823847-839522115-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll (Microsoft Corporation)
URLSearchHook: [S-1-5-21-2052111302-1844823847-839522115-1008] ATTENTION ==> Default URLSearchHook is missing.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://start.mysearchdial.com/?f=2&a=dnldstr_14_13_ff&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtCtAzz0FyEtD0E0BtA0AyEtN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEtD0Azyzz0DtCtDtGyEzytAtCtG0FtCtDzytG0FyBzyzytGtDtBzz0FyE0CtDyBtCzzyBzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0C0DzyyD0A0B0DtGyDzy0FzytGtAyDtBzztGtCtCyDyCtGtBtBtD0D0F0FyCyEtDtBtAtA2Q&cr=2116146364&ir=" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_13_ff&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtCtAzz0FyEtD0E0BtA0AyEtN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEtD0Azyzz0DtCtDtGyEzytAtCtG0FtCtDzytG0FyBzyzytGtDtBzz0FyE0CtDyBtCzzyBzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0C0DzyyD0A0B0DtGyDzy0FzytGtAyDtBzztGtCtCyDyCtGtBtBtD0D0F0FyCyEtDtBtAtA2Q&cr=2116146364&ir=
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_13_ff&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtCtAzz0FyEtD0E0BtA0AyEtN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEtD0Azyzz0DtCtDtGyEzytAtCtG0FtCtDzytG0FyBzyzytGtDtBzz0FyE0CtDyBtCzzyBzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0C0DzyyD0A0B0DtGyDzy0FzytGtAyDtBzztGtCtCyDyCtGtBtBtD0D0F0FyCyEtDtBtAtA2Q&cr=2116146364&ir=
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2052111302-1844823847-839522115-1008 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2052111302-1844823847-839522115-1003 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: {88D969C0-F192-11D4-A65F-0040963251E5}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\MyRmProt5.0.0.811.dll [2010-07-23] (McAfee, Inc.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2009-12-22] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2009-12-22] (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [147456 2008-12-12] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7D9F5F49-792D-48DB-B06D-40B2FEC575DE}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{8A5DC270-247A-47FB-A09B-EFD985D737CD}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{DC541A91-99C3-44B3-94D3-5E99E0F827DA}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{F5812AE9-20E0-4616-A8F8-7A320CAA4AF8}: [NameServer] 8.8.8.8,8.8.8.8
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Bert Delgado\Application Data\Mozilla\Firefox\Profiles\43ht0op5.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-03] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-25] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-25] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-02-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-02-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-02-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-02-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-02-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2015-02-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2015-02-03] (Apple Inc.)
FF SearchPlugin: C:\Documents and Settings\Bert Delgado\Application Data\Mozilla\Firefox\Profiles\43ht0op5.default\searchplugins\yahoo-msd.xml [2014-08-07]
FF Extension: Logitech Device Detection - C:\Documents and Settings\Bert Delgado\Application Data\Mozilla\Firefox\Profiles\43ht0op5.default\Extensions\DeviceDetection@logitech.com [2011-10-12]
FF Extension: DownloadHelper - C:\Documents and Settings\Bert Delgado\Application Data\Mozilla\Firefox\Profiles\43ht0op5.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-09]
FF Extension: Adblock Plus - C:\Documents and Settings\Bert Delgado\Application Data\Mozilla\Firefox\Profiles\43ht0op5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-07-06]
FF Extension: Quiknowledge - C:\Program Files\Mozilla Firefox\extensions\quiknowledge@quiknowledge.com [2014-03-25]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-31]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-02-03]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF HKLM\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdwteff
FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\!vitruvian-autoenable.js [2014-03-25] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\!vitruvian-csp.js [2014-03-25]
FF ExtraCheck: C:\Program Files\mozilla firefox\vitruvian-autoenable.cfg [2014-03-25] <==== ATTENTION
Chrome:
=======
CHR Profile: C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\Google\Chrome\User Data\Default
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [81920 2005-05-20] (Hewlett-Packard Company)
S3 HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [73728 2004-10-16] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2009-10-27] (Alcatel-Lucent) [File not signed]
S4 myAgtSvc; C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [291064 2011-01-25] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [177704 2007-06-05] ()
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-06-30] (Intuit Inc.) [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 STacSV; c:\program files\idt\intelxpv_v103\wdm\STacSV.exe [254036 2009-03-12] (IDT, Inc.)
R2 wwEngineSvc; C:\Program Files\Webroot\Washer\WasherSvc.exe [598856 2007-11-26] (Webroot Software, Inc.)
S2 bomgar-scc-1232383495; "C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4974AE05\bomgar-scc.exe" -service:run [X]
S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
S2 pdserv; C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe \svc [X]
S2 qksvc; "C:\Program Files\Quiknowledge\Service\qksvc.exe" [X]
S4 RumorServer; "C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" /RunDLL=RumorServer.dll;ServiceHost [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [136488 2014-12-23] (SlySoft, Inc.)
S3 basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [67167 2001-08-17] (Conexant)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 colormunki; C:\WINDOWS\System32\Drivers\colormunki.sys [29184 2007-10-02] (Thesycon GmbH, Germany)
R3 ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [34760 2007-02-15] (SlySoft, Inc.)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [30616 2014-12-20] (Elaborate Bytes AG)
R2 Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [289887 2001-08-17] (Conexant)
R2 Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [115807 2001-08-17] (Conexant)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2005-10-21] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-10-21] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2005-10-22] (HP)
S3 HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [1041536 2004-08-03] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [988032 2007-04-26] (Conexant Systems, Inc.)
S3 hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [542879 2001-08-17] (Conexant)
S3 i1display; C:\WINDOWS\System32\Drivers\i1display.sys [44344 2004-10-15] ()
R2 K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [391199 2001-08-17] (Conexant)
S3 MfeRKDK; C:\WINDOWS\System32\drivers\MfeRKDK.sys [34248 2009-12-15] (McAfee, Inc.)
R1 mfetdik; C:\WINDOWS\System32\drivers\mfetdik.sys [55304 2009-12-15] (McAfee, Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [123712 2012-01-17] (NVIDIA Corporation)
S3 PalmUSBD; C:\WINDOWS\System32\drivers\PalmUSBD.sys [16694 2009-01-23] (PalmSource, Inc.)
R2 PDIHWCTL; C:\WINDOWS\system32\drivers\pdihwctl.sys [14416 2006-05-11] (Portrait Displays, Inc.) [File not signed]
R3 PdiPorts; C:\WINDOWS\System32\Drivers\PdiPorts.sys [15920 2006-11-16] (Portrait Displays, Inc.)
S3 Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [57471 2001-08-17] (Conexant)
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
R1 sf; C:\WINDOWS\System32\drivers\sf.sys [33248 2003-05-09] (Sonic Focus, Inc)
R3 SMBios; C:\WINDOWS\System32\DRIVERS\SMBios.sys [36484 2003-10-14] (Intel Corporation) [File not signed]
R2 SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [199711 2001-08-17] (Conexant)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1550613 2009-03-12] (IDT, Inc.)
R2 Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [50751 2001-08-17] (Conexant)
R2 V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [488383 2001-08-17] (Conexant)
S3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\WINDOWS\System32\drivers\ialmsbw.sys [113504 2003-04-15] (Intel Corporation)
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\WINDOWS\System32\drivers\ialmkchw.sys [78752 2003-04-15] (Intel Corporation)
S2 adfs; No ImagePath
S3 catchme; \??\C:\DOCUME~1\BERTDE~1\LOCALS~1\Temp\catchme.sys [X]
S3 cpuz132; \??\C:\DOCUME~1\BERTDE~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [X]
S3 cpuz134; \??\C:\DOCUME~1\BERTDE~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S3 FilterService; system32\DRIVERS\lvuvcflt.sys [X]
S3 GearAspiWDM; system32\drivers\gearaspiwdm.sys [X]
S4 IntelIde; No ImagePath
S3 lvpopflt; system32\DRIVERS\lvpopflt.sys [X]
S3 LVUSBSta; system32\drivers\LVUSBSta.sys [X]
S3 LVUVC; system32\DRIVERS\lvuvc.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U3 Upcsnrvaouid; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-28 12:55 - 2015-04-28 12:56 - 00020243 _____ () C:\Documents and Settings\Bert Delgado\Desktop\FRST.txt
2015-04-28 12:53 - 2015-04-28 12:55 - 00000000 ____D () C:\FRST
2015-04-28 12:52 - 2015-04-28 12:52 - 01140736 _____ (Farbar) C:\Documents and Settings\Bert Delgado\Desktop\FRST.exe
2015-04-28 12:50 - 2015-04-28 12:50 - 00000000 ____D () C:\RegBackup
2015-04-28 12:49 - 2015-04-28 12:49 - 00001876 _____ () C:\Documents and Settings\All Users\Desktop\Tweaking.com - Registry Backup.lnk
2015-04-28 12:49 - 2015-04-28 12:49 - 00000000 ____D () C:\Program Files\Tweaking.com
2015-04-28 12:49 - 2015-04-28 12:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2015-04-28 12:44 - 2015-04-28 12:44 - 04720448 _____ () C:\Documents and Settings\Bert Delgado\Desktop\tweaking.com_registry_backup_setup.exe
2015-04-28 12:30 - 2015-04-28 12:28 - 00000162 _____ () C:\Documents and Settings\Bert Delgado\Desktop\-BEFORE You POST-(Please read this Procedure Before Requesting Assistance)- Updated.url
2015-04-21 13:28 - 2015-04-21 13:28 - 02986038 _____ () C:\Documents and Settings\Bert Delgado\Desktop\virus-002.bmp
2015-04-21 13:27 - 2015-04-21 13:27 - 02986038 _____ () C:\Documents and Settings\Bert Delgado\Desktop\Virus-001.bmp
2015-04-21 13:26 - 2015-04-21 13:26 - 00001515 _____ () C:\Documents and Settings\Bert Delgado\Desktop\Paint.lnk
2015-04-21 13:21 - 2015-04-08 14:01 - 00001512 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20150421-132100.backup
2015-04-21 13:12 - 2015-04-21 13:12 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\My Documents\ProcAlyzer Dumps
2015-04-21 12:36 - 2015-04-08 14:01 - 00001512 __RSH () C:\WINDOWS\system32\Drivers\etc\hosts.20150421-123648.backup
2015-04-20 12:27 - 2015-04-28 12:26 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-04-20 12:27 - 2015-04-20 12:27 - 00001842 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-04-20 12:27 - 2015-04-20 12:27 - 00001836 _____ () C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2015-04-20 12:27 - 2015-04-20 12:27 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2015-04-20 12:27 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2015-04-20 11:53 - 2015-04-20 11:53 - 00275982 _____ () C:\Documents and Settings\All Users\Application Data\1429545111.bdinstall.bin
2015-04-20 11:53 - 2015-04-20 11:53 - 00049283 _____ () C:\Documents and Settings\All Users\Application Data\1429545211.bdinstall.bin
2015-04-20 11:53 - 2015-04-20 11:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Bitdefender 60-Second Virus Scanner
2015-04-11 11:00 - 2015-04-11 11:00 - 00000385 _____ () C:\Documents and Settings\Bert Delgado\Application Datauser_gensett.xml
2015-04-11 10:38 - 2015-04-11 10:38 - 00000754 _____ () C:\WINDOWS\WORDPAD.INI
2015-04-11 10:34 - 2015-04-11 10:34 - 00001861 _____ () C:\Documents and Settings\All Users\Desktop\HP Officejet 6700.lnk
2015-04-11 10:34 - 2015-04-11 10:34 - 00001639 _____ () C:\Documents and Settings\All Users\Desktop\HP ePrintCenter - HP Officejet 6700.lnk
2015-04-11 10:34 - 2015-04-11 10:34 - 00000869 _____ () C:\Documents and Settings\All Users\Desktop\Shop for Supplies - HP Officejet 6700.lnk
2015-04-11 10:34 - 2011-09-09 15:53 - 00544616 ____N (Hewlett-Packard Co.) C:\WINDOWS\system32\HPDiscoPM5C12.dll
2015-04-11 10:27 - 2015-04-11 10:27 - 00000057 _____ () C:\Documents and Settings\All Users\Application Data\Ament.ini
2015-04-10 16:27 - 2015-04-10 16:27 - 00000385 _____ () C:\WINDOWS\system32\user_gensett.xml
2015-04-10 16:18 - 2015-04-10 16:18 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\QuickScan
2015-04-10 16:16 - 2015-04-10 16:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWdf01009$
2015-04-10 16:16 - 2015-04-10 16:30 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\BDLogging
2015-04-10 16:16 - 2015-04-10 16:16 - 00004303 _____ () C:\WINDOWS\Wdf01009Inst.log
2015-04-10 16:16 - 2015-04-10 16:16 - 00000000 ____H () C:\WINDOWS\system32\Drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2015-04-10 16:16 - 2015-04-10 16:16 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-04-10 16:16 - 2009-07-14 12:27 - 01461992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01009.dll
2015-04-10 16:16 - 2008-11-07 18:55 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll
2015-04-10 16:15 - 2015-04-10 16:29 - 00074000 _____ (BitDefender SRL) C:\WINDOWS\system32\bdsandboxuiskin.dll
2015-04-10 16:15 - 2014-12-02 13:37 - 00026624 _____ (BitDefender SRL) C:\WINDOWS\system32\bdsandboxuh.dll
2015-04-10 16:15 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\capicom.dll
2015-04-10 16:07 - 2015-04-10 16:07 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\QuickScan
2015-04-10 16:05 - 2015-04-20 12:10 - 00000000 ____D () C:\Program Files\Bitdefender
2015-04-10 15:56 - 2015-04-13 13:51 - 00000000 ____D () C:\WINDOWS\FrameworkUpdate
2015-04-10 15:56 - 2015-04-10 15:56 - 00000480 ____H () C:\Documents and Settings\Bert Delgado\Application Data\麽鎒駓覜
2015-04-10 15:53 - 2015-04-20 11:53 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2015-04-08 15:07 - 2015-04-08 15:07 - 00023040 _____ () C:\Documents and Settings\Bert Delgado\Application Data\~uTorrentPartFile_4985C65.dat
2015-04-08 14:57 - 2015-04-20 11:52 - 00024346 _____ () C:\WINDOWS\setupapi.log
2015-04-08 14:57 - 2015-04-09 08:38 - 00000925 _____ () C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
2015-04-08 14:57 - 2015-04-08 14:57 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\VS Revo Group
2015-04-08 14:56 - 2015-04-09 08:38 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
2015-04-08 14:56 - 2015-04-08 14:56 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-04-08 14:56 - 2015-04-08 14:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\VS Revo Group
2015-04-08 14:56 - 2009-12-30 10:20 - 00027064 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2015-04-08 14:43 - 2015-04-08 14:44 - 00033751 _____ () C:\WINDOWS\ie8Uninst.log
2015-04-08 14:43 - 2015-04-08 14:43 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-04-08 14:02 - 2015-04-08 14:02 - 00000761 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.txt
2015-04-08 13:02 - 2015-04-08 13:03 - 00000030 _____ () C:\Documents and Settings\Bert Delgado\„…†‡ˆ‰Š‹ŒŽ‘’“Ù
2015-04-01 13:40 - 2015-04-10 15:59 - 00002698 _____ () C:\WINDOWS\wininit.ini
2015-04-01 13:33 - 2015-04-01 13:33 - 00008572 _____ () C:\HELP_DECRYPT.HTML
2015-04-01 13:33 - 2015-04-01 13:33 - 00004226 _____ () C:\HELP_DECRYPT.TXT
2015-04-01 13:33 - 2015-04-01 13:33 - 00000276 _____ () C:\HELP_DECRYPT.URL
2015-04-01 13:31 - 2015-04-01 13:31 - 00008572 _____ () C:\Documents and Settings\UpdatusUser\Application Data\HELP_DECRYPT.HTML
2015-04-01 13:31 - 2015-04-01 13:31 - 00008572 _____ () C:\Documents and Settings\LocalService\Local Settings\HELP_DECRYPT.HTML
2015-04-01 13:31 - 2015-04-01 13:31 - 00008572 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\HELP_DECRYPT.HTML
2015-04-01 13:31 - 2015-04-01 13:31 - 00008572 _____ () C:\Documents and Settings\LocalService\Application Data\HELP_DECRYPT.HTML
2015-04-01 13:31 - 2015-04-01 13:31 - 00008572 _____ () C:\Documents and Settings\Default User\HELP_DECRYPT.HTML
2015-04-01 13:31 - 2015-04-01 13:31 - 00008572 _____ () C:\Documents and Settings\Default User\Application Data\HELP_DECRYPT.HTML
2015-04-01 13:31 - 2015-04-01 13:31 - 00004226 _____ () C:\Documents and Settings\UpdatusUser\HELP_DECRYPT.TXT
2015-04-01 13:31 - 2015-04-01 13:31 - 00004226 _____ () C:\Documents and Settings\UpdatusUser\Application Data\HELP_DECRYPT.TXT
2015-04-01 13:31 - 2015-04-01 13:31 - 00004226 _____ () C:\Documents and Settings\LocalService\Local Settings\HELP_DECRYPT.TXT
2015-04-01 13:31 - 2015-04-01 13:31 - 00004226 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\HELP_DECRYPT.TXT
2015-04-01 13:31 - 2015-04-01 13:31 - 00004226 _____ () C:\Documents and Settings\LocalService\HELP_DECRYPT.TXT
2015-04-01 13:31 - 2015-04-01 13:31 - 00004226 _____ () C:\Documents and Settings\LocalService\Application Data\HELP_DECRYPT.TXT
2015-04-01 13:31 - 2015-04-01 13:31 - 00004226 _____ () C:\Documents and Settings\Default User\HELP_DECRYPT.TXT
2015-04-01 13:31 - 2015-04-01 13:31 - 00004226 _____ () C:\Documents and Settings\Default User\Application Data\HELP_DECRYPT.TXT
2015-04-01 13:31 - 2015-04-01 13:31 - 00004226 _____ () C:\Documents and Settings\Bert Delgado\My Documents\HELP_DECRYPT.TXT
2015-04-01 13:31 - 2015-04-01 13:31 - 00004226 _____ () C:\Documents and Settings\Bert Delgado\HELP_DECRYPT.TXT
2015-04-01 13:31 - 2015-04-01 13:31 - 00000276 _____ () C:\Documents and Settings\UpdatusUser\HELP_DECRYPT.URL
2015-04-01 13:31 - 2015-04-01 13:31 - 00000276 _____ () C:\Documents and Settings\UpdatusUser\Application Data\HELP_DECRYPT.URL
2015-04-01 13:31 - 2015-04-01 13:31 - 00000276 _____ () C:\Documents and Settings\LocalService\Local Settings\HELP_DECRYPT.URL
2015-04-01 13:31 - 2015-04-01 13:31 - 00000276 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\HELP_DECRYPT.URL
2015-04-01 13:31 - 2015-04-01 13:31 - 00000276 _____ () C:\Documents and Settings\LocalService\HELP_DECRYPT.URL
2015-04-01 13:31 - 2015-04-01 13:31 - 00000276 _____ () C:\Documents and Settings\LocalService\Application Data\HELP_DECRYPT.URL
2015-04-01 13:31 - 2015-04-01 13:31 - 00000276 _____ () C:\Documents and Settings\Default User\HELP_DECRYPT.URL
2015-04-01 13:31 - 2015-04-01 13:31 - 00000276 _____ () C:\Documents and Settings\Default User\Application Data\HELP_DECRYPT.URL
2015-04-01 13:31 - 2015-04-01 13:31 - 00000276 _____ () C:\Documents and Settings\Bert Delgado\My Documents\HELP_DECRYPT.URL
2015-04-01 13:31 - 2015-04-01 13:31 - 00000276 _____ () C:\Documents and Settings\Bert Delgado\HELP_DECRYPT.URL
2015-04-01 13:30 - 2015-04-01 13:30 - 00008572 _____ () C:\Documents and Settings\Bert Delgado\Local Settings\HELP_DECRYPT.HTML
2015-04-01 13:30 - 2015-04-01 13:30 - 00008572 _____ () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\HELP_DECRYPT.HTML
2015-04-01 13:30 - 2015-04-01 13:30 - 00004226 _____ () C:\Documents and Settings\Bert Delgado\Local Settings\HELP_DECRYPT.TXT
2015-04-01 13:30 - 2015-04-01 13:30 - 00004226 _____ () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\HELP_DECRYPT.TXT
2015-04-01 13:30 - 2015-04-01 13:30 - 00000276 _____ () C:\Documents and Settings\Bert Delgado\Local Settings\HELP_DECRYPT.URL
2015-04-01 13:30 - 2015-04-01 13:30 - 00000276 _____ () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\HELP_DECRYPT.URL
2015-04-01 13:25 - 2015-04-01 13:25 - 00008572 _____ () C:\Documents and Settings\Bert Delgado\Application Data\HELP_DECRYPT.HTML
2015-04-01 13:25 - 2015-04-01 13:25 - 00004226 _____ () C:\Documents and Settings\Bert Delgado\Application Data\HELP_DECRYPT.TXT
2015-04-01 13:25 - 2015-04-01 13:25 - 00000276 _____ () C:\Documents and Settings\Bert Delgado\Application Data\HELP_DECRYPT.URL
2015-04-01 13:10 - 2015-04-01 13:10 - 00008572 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.HTML
2015-04-01 13:10 - 2015-04-01 13:10 - 00008572 _____ () C:\Documents and Settings\All Users\Application Data\HELP_DECRYPT.HTML
2015-04-01 13:10 - 2015-04-01 13:10 - 00004226 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.TXT
2015-04-01 13:10 - 2015-04-01 13:10 - 00004226 _____ () C:\Documents and Settings\All Users\Application Data\HELP_DECRYPT.TXT
2015-04-01 13:10 - 2015-04-01 13:10 - 00000276 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.URL
2015-04-01 13:10 - 2015-04-01 13:10 - 00000276 _____ () C:\Documents and Settings\All Users\Application Data\HELP_DECRYPT.URL
2015-04-01 11:45 - 2015-04-10 16:26 - 00000000 ___HD () C:\Documents and Settings\All Users\Application Data\{DAAC48D9-7CDE-44F3-8A98-4C1BDFAACBA7}
2015-04-01 11:45 - 2015-04-01 11:45 - 00408600 _____ () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\cvzhqkiqij.dat
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-28 12:56 - 2015-02-03 13:12 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Local Settings\temp
2015-04-28 12:50 - 2008-12-31 11:12 - 00000000 ____D () C:\WINDOWS\Registration
2015-04-28 12:50 - 2008-12-31 05:58 - 00000000 ____D () C:\WINDOWS\repair
2015-04-28 12:32 - 2012-05-07 10:47 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-28 12:26 - 2003-03-31 08:00 - 00012598 _____ () C:\WINDOWS\system32\wpa.dbl
2015-04-28 12:25 - 2010-04-10 12:07 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-28 12:25 - 2008-12-31 11:14 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-28 12:25 - 2008-12-31 06:04 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-04-28 12:25 - 2008-12-31 06:04 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-04-27 12:41 - 2008-12-31 12:16 - 01359066 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-27 12:41 - 2008-12-31 11:39 - 00000178 ___SH () C:\Documents and Settings\Bert Delgado\ntuser.ini
2015-04-27 12:41 - 2008-12-31 11:23 - 00032606 _____ () C:\WINDOWS\SchedLgU.Txt
2015-04-26 12:20 - 2010-04-10 12:07 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-21 13:19 - 2014-07-22 11:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2015-04-21 13:12 - 2008-12-31 06:00 - 00000361 __RSH () C:\boot.ini
2015-04-21 12:32 - 2014-07-22 11:53 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-04-20 11:50 - 2010-10-09 11:03 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\HpUpdate
2015-04-15 09:11 - 2009-02-24 08:35 - 00000000 __SHD () C:\WINDOWS\CSC
2015-04-15 08:55 - 2012-05-07 10:47 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-04-15 08:55 - 2011-05-13 18:55 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-04-15 08:55 - 2009-01-05 14:52 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\Adobe
2015-04-11 11:00 - 2008-12-31 11:39 - 00000000 ____D () C:\Documents and Settings\Bert Delgado
2015-04-11 10:41 - 2008-12-31 14:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP
2015-04-11 10:41 - 2008-12-31 14:07 - 00000000 ____D () C:\Program Files\HP
2015-04-11 10:31 - 2008-12-31 05:58 - 00000000 ____D () C:\WINDOWS\twain_32
2015-04-11 10:28 - 2009-03-15 10:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HP
2015-04-11 10:25 - 2009-11-05 16:29 - 00195248 ____C () C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2015-04-11 10:25 - 2008-12-31 15:07 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\HP
2015-04-11 10:13 - 2015-03-18 10:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2015-04-10 16:31 - 2015-02-03 17:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975558_WM8$
2015-04-10 16:31 - 2015-02-03 14:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2378111_WM9$
2015-04-10 16:31 - 2015-02-03 14:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2686509$
2015-04-10 16:31 - 2015-02-03 14:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2485663$
2015-04-10 16:31 - 2015-02-03 14:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2229593$
2015-04-10 16:31 - 2015-02-03 14:46 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862335$
2015-04-10 16:31 - 2015-02-03 14:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB961118$
2015-04-10 16:31 - 2015-02-03 14:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2904266$
2015-04-10 16:31 - 2015-02-03 14:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2015-04-10 16:31 - 2015-02-03 14:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2592799$
2015-04-10 16:31 - 2015-02-03 14:42 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2535512$
2015-04-10 16:31 - 2015-02-03 14:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB963093$
2015-04-10 16:31 - 2015-02-03 14:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2807986$
2015-04-10 16:31 - 2015-02-03 14:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2570947$
2015-04-10 16:31 - 2015-02-03 14:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868038$
2015-04-10 16:31 - 2015-02-03 14:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978695_WM9$
2015-04-10 16:31 - 2015-02-03 14:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2603381$
2015-04-10 16:31 - 2015-02-03 14:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978542$
2015-04-10 16:31 - 2015-02-03 14:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2698365$
2015-04-10 16:31 - 2015-02-03 14:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB981997$
2015-04-10 16:31 - 2015-02-03 14:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979309$
2015-04-10 16:31 - 2015-02-03 14:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2723135-v2$
2015-04-10 16:31 - 2015-02-03 14:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862330$
2015-04-10 16:31 - 2015-02-03 14:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2676562$
2015-04-10 16:31 - 2015-02-03 14:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB982665$
2015-04-10 16:31 - 2015-02-03 14:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2620712$
2015-04-10 16:31 - 2015-02-03 14:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2478960$
2015-04-10 16:31 - 2015-02-03 14:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2393802$
2015-04-10 16:31 - 2015-02-03 14:21 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2015-04-10 16:31 - 2015-02-03 14:21 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2661637$
2015-04-10 16:31 - 2015-02-03 14:21 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2584146$
2015-04-10 16:31 - 2015-02-03 14:21 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2566454$
2015-04-10 16:31 - 2015-02-03 14:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2423089$
2015-04-10 16:31 - 2015-02-03 13:12 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2015-04-10 16:31 - 2014-03-25 12:42 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2467659$
2015-04-10 16:31 - 2010-04-19 11:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v3$
2015-04-10 16:31 - 2010-03-25 10:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB940157$
2015-04-10 16:31 - 2010-03-25 10:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB915800-v4$
2015-04-10 16:31 - 2010-02-18 10:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB970430$
2015-04-10 16:31 - 2010-02-18 10:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971737$
2015-04-10 16:31 - 2010-02-16 12:53 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978262$
2015-04-10 16:31 - 2010-02-16 12:53 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978207$
2015-04-10 16:31 - 2010-02-16 12:53 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB976098-v2$
2015-04-10 16:31 - 2010-02-16 12:53 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971468$
2015-04-10 16:31 - 2010-02-16 12:53 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB960859$
2015-04-10 16:31 - 2010-02-16 12:53 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB959426$
2015-04-10 16:31 - 2010-02-16 12:53 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB958869$
2015-04-10 16:31 - 2010-02-16 12:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978037$
2015-04-10 16:31 - 2010-02-16 12:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975713$
2015-04-10 16:31 - 2010-02-16 12:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974318$
2015-04-10 16:31 - 2010-02-16 12:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971657$
2015-04-10 16:31 - 2010-02-16 12:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB969059$
2015-04-10 16:31 - 2010-02-16 12:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB968816_WM9$
2015-04-10 16:31 - 2010-02-16 12:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB960225$
2015-04-10 16:31 - 2010-02-16 12:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB955759$
2015-04-10 16:31 - 2010-02-16 12:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB951978$
2015-04-10 16:31 - 2010-02-16 12:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975560$
2015-04-10 16:31 - 2010-02-16 12:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975025$
2015-04-10 16:31 - 2010-02-16 12:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974571$
2015-04-10 16:31 - 2010-02-16 12:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974112$
2015-04-10 16:31 - 2010-02-16 12:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973507$
2015-04-10 16:31 - 2010-02-16 12:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB967715$
2015-04-10 16:31 - 2010-02-16 12:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB961501$
2015-04-10 16:31 - 2010-02-16 12:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952004$
2015-04-10 16:31 - 2010-02-16 12:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB939683$
2015-04-10 16:31 - 2010-02-16 12:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978706$
2015-04-10 16:31 - 2010-02-16 12:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB977914$
2015-04-10 16:31 - 2010-02-16 12:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974392$
2015-04-10 16:31 - 2010-02-16 12:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB970238$
2015-04-10 16:31 - 2010-02-16 12:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB960803$
2015-04-10 16:31 - 2010-02-16 12:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB951748$
2015-04-10 16:31 - 2010-02-16 12:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975467$
2015-04-10 16:31 - 2010-02-16 12:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973815$
2015-04-10 16:31 - 2010-02-16 12:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB968389$
2015-04-10 16:31 - 2010-02-16 11:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB954155_WM9$
2015-04-10 16:31 - 2010-02-16 11:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978251$
2015-04-10 16:31 - 2010-02-16 11:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973869$
2015-04-10 16:31 - 2010-02-16 11:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB972270$
2015-04-10 16:31 - 2010-02-16 11:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956844$
2015-04-10 16:31 - 2010-02-16 11:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956744$
2015-04-10 16:31 - 2010-02-16 11:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956572$
2015-04-10 16:31 - 2010-02-16 11:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973904$
2015-04-10 16:31 - 2010-02-16 11:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973687$
2015-04-10 16:31 - 2010-02-16 11:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973540_WM9$
2015-04-10 16:31 - 2010-02-16 11:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973354$
2015-04-10 16:31 - 2010-02-16 11:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB929399$
2015-04-10 16:31 - 2010-02-16 11:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971486$
2015-04-10 16:31 - 2010-02-16 11:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB954154_WM11$
2015-04-10 16:31 - 2010-02-16 11:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971961$
2015-04-10 16:31 - 2010-02-16 11:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB969947$
2015-04-10 16:31 - 2010-02-16 11:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB923561$
2015-04-10 16:31 - 2010-02-15 18:13 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB960714$
2015-04-10 16:31 - 2010-02-15 18:13 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB958644$
2015-04-10 16:31 - 2010-02-15 18:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB958215$
2015-04-10 16:31 - 2010-02-15 18:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB957097$
2015-04-10 16:31 - 2010-02-15 18:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB957095$
2015-04-10 16:31 - 2010-02-15 18:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956841$
2015-04-10 16:31 - 2010-02-15 18:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956803$
2015-04-10 16:31 - 2010-02-15 18:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956802$
2015-04-10 16:31 - 2010-02-15 18:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB955069$
2015-04-10 16:31 - 2010-02-15 18:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB954600$
2015-04-10 16:31 - 2010-02-15 18:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB954211$
2015-04-10 16:31 - 2010-02-15 18:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952954$
2015-04-10 16:31 - 2010-02-15 18:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952287$
2015-04-10 16:31 - 2010-02-15 18:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB951698$
2015-04-10 16:31 - 2010-02-15 18:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB951376-v2$
2015-04-10 16:31 - 2010-02-15 18:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB951066$
2015-04-10 16:31 - 2010-02-15 18:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB950974$
2015-04-10 16:31 - 2010-02-15 18:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB950762$
2015-04-10 16:31 - 2010-02-15 18:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB946648$
2015-04-10 16:31 - 2010-02-15 18:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB938464$
2015-04-10 16:31 - 2010-02-15 17:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2015-04-10 16:31 - 2009-03-24 16:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallMSCompPackV1$
2015-04-10 16:31 - 2009-03-24 15:59 - 00000000 __HDC () C:\WINDOWS\$NtUninstallwmp11$
2015-04-10 16:31 - 2009-03-22 15:20 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB926239$
2015-04-10 16:31 - 2009-03-22 15:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWMFDist11$
2015-04-10 16:31 - 2009-03-22 15:18 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWudf01000$
2015-04-10 16:31 - 2009-01-17 13:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB916089$
2015-04-10 16:31 - 2009-01-03 12:18 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWIC$
2015-04-10 16:31 - 2009-01-02 10:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB941569$
2015-04-10 16:31 - 2008-12-31 16:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956803_0$
2015-04-10 16:31 - 2008-12-31 16:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB955839$
2015-04-10 16:31 - 2008-12-31 16:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952954_0$
2015-04-10 16:31 - 2008-12-31 16:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952069_WM9$
2015-04-10 16:31 - 2008-12-31 16:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB951376-v2_0$
2015-04-10 16:31 - 2008-12-31 16:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB946648_0$
2015-04-10 16:31 - 2008-12-31 16:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB958215_0$
2015-04-10 16:31 - 2008-12-31 16:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB957095_0$
2015-04-10 16:31 - 2008-12-31 16:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956391$
2015-04-10 16:31 - 2008-12-31 16:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB954211_0$
2015-04-10 16:31 - 2008-12-31 16:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB951698_0$
2015-04-10 16:31 - 2008-12-31 16:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB950974_0$
2015-04-10 16:31 - 2008-12-31 16:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB885626$
2015-04-10 16:31 - 2008-12-31 16:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB960714_0$
2015-04-10 16:31 - 2008-12-31 16:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB957097_0$
2015-04-10 16:31 - 2008-12-31 16:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956841_0$
2015-04-10 16:31 - 2008-12-31 16:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB954600_0$
2015-04-10 16:31 - 2008-12-31 16:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952287_0$
2015-04-10 16:31 - 2008-12-31 16:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB951066_0$
2015-04-10 16:31 - 2008-12-31 16:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB950762_0$
2015-04-10 16:31 - 2008-12-31 16:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB938464_0$
2015-04-10 16:31 - 2008-12-31 16:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB958644_0$
2015-04-10 16:31 - 2008-12-31 16:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956802_0$
2015-04-10 16:31 - 2008-12-31 16:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB955069_0$
2015-04-10 16:31 - 2008-12-31 16:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB944338-v2$
2015-04-10 16:31 - 2008-12-31 12:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB898461$
2015-04-10 16:31 - 2008-12-31 11:13 - 00000000 ___RD () C:\WINDOWS\Offline Web Pages
2015-04-10 16:17 - 2009-03-22 15:18 - 00000000 ____D () C:\WINDOWS\system32\LogFiles
2015-04-10 16:16 - 2015-02-03 14:19 - 00252095 _____ () C:\WINDOWS\iis6.log
2015-04-10 16:16 - 2015-02-03 14:19 - 00234946 _____ () C:\WINDOWS\FaxSetup.log
2015-04-10 16:16 - 2015-02-03 14:19 - 00112328 _____ () C:\WINDOWS\ocgen.log
2015-04-10 16:16 - 2015-02-03 14:19 - 00107199 _____ () C:\WINDOWS\tsoc.log
2015-04-10 16:16 - 2015-02-03 14:19 - 00078181 _____ () C:\WINDOWS\comsetup.log
2015-04-10 16:16 - 2015-02-03 14:19 - 00071090 _____ () C:\WINDOWS\msmqinst.log
2015-04-10 16:16 - 2015-02-03 14:19 - 00047367 _____ () C:\WINDOWS\ntdtcsetup.log
2015-04-10 16:16 - 2015-02-03 14:19 - 00041154 _____ () C:\WINDOWS\netfxocm.log
2015-04-10 16:16 - 2015-02-03 14:19 - 00016150 _____ () C:\WINDOWS\MedCtrOC.log
2015-04-10 16:16 - 2015-02-03 14:19 - 00012996 _____ () C:\WINDOWS\ocmsn.log
2015-04-10 16:16 - 2015-02-03 14:19 - 00011818 _____ () C:\WINDOWS\tabletoc.log
2015-04-10 16:16 - 2015-02-03 14:19 - 00011742 _____ () C:\WINDOWS\msgsocm.log
2015-04-10 16:16 - 2015-02-03 14:19 - 00001802 _____ () C:\WINDOWS\setupact.log
2015-04-10 16:16 - 2015-02-03 14:19 - 00001374 _____ () C:\WINDOWS\imsins.log
2015-04-10 16:03 - 2008-12-31 11:23 - 00000178 __SHC () C:\Documents and Settings\LocalService\ntuser.ini
2015-04-10 15:55 - 2008-12-31 12:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\McAfee
2015-04-08 16:13 - 2011-10-21 15:05 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-04-08 15:07 - 2008-12-31 14:05 - 00000000 ___SD () C:\Documents and Settings\Bert Delgado\UserData
2015-04-08 14:47 - 2008-12-31 11:39 - 00000803 _____ () C:\Documents and Settings\Bert Delgado\Start Menu\Programs\Internet Explorer.lnk
2015-04-08 14:47 - 2008-12-31 11:39 - 00000000 ___RD () C:\Documents and Settings\Bert Delgado\Start Menu\Programs\Accessories
2015-04-08 14:46 - 2008-12-31 05:58 - 00000000 ____D () C:\WINDOWS\Help
2015-04-08 14:44 - 2015-02-03 14:19 - 00001355 _____ () C:\WINDOWS\imsins.BAK
2015-04-08 14:44 - 2014-03-25 12:41 - 00000000 ____D () C:\WINDOWS\ie8updates
2015-04-08 14:43 - 2015-02-03 14:26 - 00021426 _____ () C:\WINDOWS\updspapi.log
2015-04-08 14:43 - 2008-12-31 05:58 - 00000000 ____D () C:\WINDOWS\Media
2015-04-08 14:33 - 2003-03-31 08:00 - 00000655 _____ () C:\WINDOWS\win.ini
2015-04-08 14:33 - 2003-03-31 08:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-04-08 14:25 - 2009-01-06 08:27 - 00000000 ____D () C:\WINDOWS\pss
2015-04-08 14:23 - 2008-12-31 06:01 - 03915056 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-04-08 14:18 - 2015-02-03 14:01 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\WinZip
2015-04-08 14:18 - 2011-10-19 13:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\WinZip
2015-04-08 14:06 - 2013-12-18 17:35 - 00000000 ____D () C:\Program Files\iYogi Support Dock
2015-04-01 13:54 - 2015-02-03 13:25 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\AVAST Software
2015-04-01 13:54 - 2015-02-03 13:24 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2015-04-01 13:51 - 2010-01-03 11:30 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\Temp
2015-04-01 13:32 - 2015-02-03 13:03 - 00000000 ____D () C:\Qoobox
2015-04-01 13:32 - 2009-01-05 14:06 - 00000000 ____D () C:\PhSp_CS2_UE_Upg
2015-04-01 13:31 - 2013-02-13 12:27 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\McAfee
2015-04-01 13:31 - 2012-02-22 12:14 - 00000000 ____D () C:\Documents and Settings\UpdatusUser\Application Data\Adobe
2015-04-01 13:31 - 2010-09-03 14:39 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\HP
2015-04-01 13:31 - 2010-02-15 17:23 - 00000000 ____D () C:\Intel
2015-04-01 13:31 - 2009-12-11 13:29 - 00000000 ____D () C:\FW_UP_DW552G
2015-04-01 13:31 - 2009-12-09 22:23 - 00000000 ____D () C:\FW_UP_DW
2015-04-01 13:31 - 2009-01-19 12:10 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Ipswitch
2015-04-01 13:31 - 2008-12-31 11:23 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-04-01 13:30 - 2010-09-03 15:14 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\My Documents\My Scans
2015-04-01 13:30 - 2009-01-26 09:29 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\Nero
2015-04-01 13:30 - 2008-12-31 15:58 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\Thunderbird
2015-04-01 13:30 - 2008-12-31 12:49 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\My Documents\CCWin
2015-04-01 13:29 - 2008-12-31 15:54 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\Mozilla
2015-04-01 13:27 - 2010-01-03 11:30 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\Google
2015-04-01 13:27 - 2009-03-06 10:08 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Desktop\ICONS
2015-04-01 13:27 - 2009-01-01 14:57 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\Ahead
2015-04-01 13:27 - 2008-12-31 18:00 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\Corel
2015-04-01 13:25 - 2011-05-05 19:24 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\PocketWizard
2015-04-01 13:25 - 2011-01-17 21:22 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\X-Rite
2015-04-01 13:25 - 2009-01-06 15:02 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\Sun
2015-04-01 13:25 - 2009-01-02 15:15 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\Skype
2015-04-01 13:25 - 2008-12-31 15:58 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\Thunderbird
2015-04-01 13:24 - 2011-02-25 16:51 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\iYogi Optimize
2015-04-01 13:24 - 2009-06-04 12:30 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\Nero
2015-04-01 13:24 - 2009-05-08 09:51 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\onOne Software
2015-04-01 13:24 - 2009-03-15 14:51 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\HP
2015-04-01 13:24 - 2009-03-15 10:28 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\Image Zone Express
2015-04-01 13:24 - 2009-01-05 12:43 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\Ipswitch
2015-04-01 13:24 - 2009-01-01 15:33 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\Intuit
2015-04-01 13:24 - 2008-12-31 15:54 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\Mozilla
2015-04-01 13:24 - 2008-12-31 14:49 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\Corel
2015-04-01 13:22 - 2010-07-16 19:39 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2015-04-01 13:16 - 2011-11-11 16:59 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\advfn
2015-04-01 13:16 - 2010-06-11 13:04 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\Aura4You
2015-04-01 13:16 - 2010-06-11 12:30 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\Aura YouTube Downloader
2015-04-01 13:16 - 2009-01-11 15:03 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\Backup MyPC
2015-04-01 13:16 - 2008-12-31 13:10 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\Adobe
2015-04-01 13:10 - 2008-12-31 11:13 - 00000000 __SHD () C:\Documents and Settings\All Users\DRM
2015-04-01 13:09 - 2009-01-02 15:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2015-04-01 13:08 - 2013-07-10 10:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\iyogi-scc-51DD70F9
2015-04-01 13:08 - 2013-07-10 10:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\iyogi-scc-51DD6C36
2015-04-01 13:08 - 2010-07-16 19:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Motive
2015-04-01 13:08 - 2010-01-28 14:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2015-04-01 13:08 - 2009-01-05 12:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Ipswitch
2015-04-01 13:08 - 2009-01-01 14:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Nero
2015-04-01 13:08 - 2008-12-31 15:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Logishrd
2015-04-01 13:08 - 2008-12-31 14:38 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Macrovision
2015-04-01 13:07 - 2010-03-16 11:59 - 00000000 ____D () C:\ATI
2015-04-01 13:07 - 2009-05-07 14:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\FLEXnet
2015-04-01 13:07 - 2009-01-01 17:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
2015-04-01 13:07 - 2008-12-31 14:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Corel
2015-04-01 13:07 - 2008-12-31 14:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Intuit
2015-04-01 13:05 - 2015-02-03 12:48 - 00000000 ____D () C:\AdwCleaner
==================== Files in the root of some directories =======
2010-09-19 16:14 - 2010-10-13 12:26 - 0000132 ____C () C:\Documents and Settings\Bert Delgado\Application Data\Adobe BMP Format CS5 Prefs
2010-08-24 11:18 - 2010-09-19 17:03 - 0000132 ____C () C:\Documents and Settings\Bert Delgado\Application Data\Adobe GIF Format CS5 Prefs
2010-10-20 20:28 - 2010-10-22 10:40 - 0000132 ____C () C:\Documents and Settings\Bert Delgado\Application Data\Adobe PNG Format CS5 Prefs
2010-10-08 19:15 - 2011-06-02 14:42 - 0001118 ____C () C:\Documents and Settings\Bert Delgado\Application Data\ConvAPIPlugin.log
2009-01-04 12:52 - 2009-01-04 12:52 - 0000085 ____C () C:\Documents and Settings\Bert Delgado\Application Data\default.pls
2009-01-26 09:29 - 2013-12-21 10:51 - 0000180 ____C () C:\Documents and Settings\Bert Delgado\Application Data\default.rss
2009-05-17 11:35 - 2009-05-17 11:35 - 0000000 ____C () C:\Documents and Settings\Bert Delgado\Application Data\downloads.m3u
2015-04-01 13:25 - 2015-04-01 13:25 - 0008572 _____ () C:\Documents and Settings\Bert Delgado\Application Data\HELP_DECRYPT.HTML
2015-04-01 13:25 - 2015-04-01 13:25 - 0045592 _____ () C:\Documents and Settings\Bert Delgado\Application Data\HELP_DECRYPT.PNG
2015-04-01 13:25 - 2015-04-01 13:25 - 0004226 _____ () C:\Documents and Settings\Bert Delgado\Application Data\HELP_DECRYPT.TXT
2015-04-01 13:25 - 2015-04-01 13:25 - 0000276 _____ () C:\Documents and Settings\Bert Delgado\Application Data\HELP_DECRYPT.URL
2009-07-26 09:13 - 2009-07-26 09:13 - 0000000 ____C () C:\Documents and Settings\Bert Delgado\Application Data\IVOPEN.$$$
2009-01-01 12:05 - 2009-01-01 12:05 - 0012358 ____C () C:\Documents and Settings\Bert Delgado\Application Data\PFP120JCM.{PB
2009-01-01 12:05 - 2009-01-01 12:05 - 0061678 ____C () C:\Documents and Settings\Bert Delgado\Application Data\PFP120JPR.{PB
2014-09-29 11:50 - 2014-09-29 11:50 - 0000043 _____ () C:\Documents and Settings\Bert Delgado\Application Data\WB.CFG
2015-04-08 15:07 - 2015-04-08 15:07 - 0023040 _____ () C:\Documents and Settings\Bert Delgado\Application Data\~uTorrentPartFile_4985C65.dat
2015-04-10 15:56 - 2015-04-10 15:56 - 0000480 ____H () C:\Documents and Settings\Bert Delgado\Application Data\麽鎒駓覜
2015-04-01 11:45 - 2015-04-01 11:45 - 0000032 _____ () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\bnjrqrcrev.png
2015-04-01 11:45 - 2015-04-01 11:45 - 0408600 _____ () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\cvzhqkiqij.dat
2009-11-06 15:55 - 2014-09-29 11:42 - 0108544 ____C () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-11-05 16:28 - 2009-11-05 16:28 - 0000135 ____C () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\fusioncache.dat
2015-04-01 13:30 - 2015-04-01 13:30 - 0008572 _____ () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\HELP_DECRYPT.HTML
2015-04-01 13:30 - 2015-04-01 13:30 - 0045592 _____ () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\HELP_DECRYPT.PNG
2015-04-01 13:30 - 2015-04-01 13:30 - 0004226 _____ () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\HELP_DECRYPT.TXT
2015-04-01 13:30 - 2015-04-01 13:30 - 0000276 _____ () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\HELP_DECRYPT.URL
2015-04-01 11:47 - 2015-04-01 11:47 - 0000000 _____ () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\osuxguttxq.png
2008-02-05 14:28 - 2008-02-05 14:28 - 0000336 ____N () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\setup.txt
2014-01-17 10:07 - 2014-04-19 09:38 - 0000000 ____C () C:\Documents and Settings\All Users\Drwtsn32.log~~Drwtsn32.log~~.txt
2015-04-01 13:10 - 2015-04-01 13:10 - 0008572 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.HTML
2015-04-01 13:10 - 2015-04-01 13:10 - 0045592 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.PNG
2015-04-01 13:10 - 2015-04-01 13:10 - 0004226 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.TXT
2015-04-01 13:10 - 2015-04-01 13:10 - 0000276 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.URL
Files to move or delete:
====================
C:\Documents and Settings\Bert Delgado\Application DatadMb.dat
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
ADDITION.txt
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-04-2015 01
Ran by Bert Delgado at 2015-04-28 12:56:36
Running from C:\Documents and Settings\Bert Delgado\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2052111302-1844823847-839522115-500 - Administrator - Enabled)
ASPNET (S-1-5-21-2052111302-1844823847-839522115-1005 - Limited - Enabled)
Bert Delgado (S-1-5-21-2052111302-1844823847-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Bert Delgado
Guest (S-1-5-21-2052111302-1844823847-839522115-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-2052111302-1844823847-839522115-1000 - Limited - Disabled)
McAfeeMVSUser (S-1-5-21-2052111302-1844823847-839522115-1004 - Limited - Enabled)
SUPPORT_388945a0 (S-1-5-21-2052111302-1844823847-839522115-1002 - Limited - Disabled)
UpdatusUser (S-1-5-21-2052111302-1844823847-839522115-1008 - Limited - Enabled) => %SystemDrive%\Documents and Settings\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 8.1.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader 9.3.3 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.3 - Adobe Systems Incorporated)
AnyDVD (HKLM\...\AnyDVD) (Version: 7.5.9.0 - SlySoft)
Apple Application Support (HKLM\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{1829AFBC-19F5-B1FE-73B1-30FF9DA49062}) (Version: 3.0.786.0 - ATI Technologies, Inc.)
ATT-RC Self Support Tool (HKLM\...\ATT-RC) (Version: - )
Bonjour (HKLM\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
CloneCD (HKLM\...\CloneCD) (Version: - SlySoft)
CloneDVD2 (HKLM\...\CloneDVD2) (Version: 2.9.3.0 - Elaborate Bytes)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DDC Driver 1.5 (HKLM\...\DDC Driver_is1) (Version: - )
Defraggler (HKLM\...\Defraggler) (Version: 2.07 - Piriform)
Diamond Drivers 6.3 XP Installation (HKLM\...\{F29242D3-F00D-4A32-904D-5C7F191B766E}) (Version: 6.30.0000 - Diamond Multimedia)
DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version: - )
Freemake Video Converter version 4.1.4 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HP Officejet 6700 Basic Device Software (HKLM\...\{6B7C73A0-07C7-4C06-A13C-48108D39CF03}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet 6700 Help (HKLM\...\{50DA41E2-0701-43E2-A8BB-FAA0CB64B28B}) (Version: 140.0.2.2 - Hewlett Packard)
hp print screen utility (HKLM\...\hp print screen utility) (Version: - )
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (Version: 140.0.213.000 - Hewlett-Packard) Hidden
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.20001.0 - IDT)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
InstallIQ Updater (HKLM\...\{294A2E0E-3A0B-4D1F-8282-11DEF2040227}) (Version: 1.4.2.0 - W3i, LLC)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - )
Intel(R) Network Connections 14.8.43.0 (HKLM\...\{11107A2A-AD44-4BC8-ABB5-E88E63BCA785}) (Version: 14.8.43.0 - Intel)
Intellihance Pro 4.0 (HKLM\...\{32C7FDDF-8D18-4B29-B81A-CDA512093274}) (Version: 4.0 - onOne Software)
Ipswitch WS_FTP Professional 2007 (HKLM\...\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}) (Version: 11.0.0.0 - Ipswitch)
iSEEK AnswerWorks English Runtime (HKLM\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Logitech Vid (HKLM\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Macromedia Flash Player (HKLM\...\{0456ebd7-5f67-4ab6-852e-63781e3f389c}) (Version: 7.0.19.0 - Macromedia, Inc.)
McAfee Browser Protection Service (HKLM\...\McAfeeBrowserProtection) (Version: 5.2.1.114 - McAfee, Inc.) <==== ATTENTION
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30730 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30730 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 22.0 - Mozilla)
MSVCSetup (Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB925673) (HKLM\...\{FE9126DB-5F84-495A-BB46-3C724F1C2D08}) (Version: 6.00.3888.0 - Microsoft Corporation)
Nero 9 (HKLM\...\{c600e295-bd29-48f7-8656-36659fef96a5}) (Version: - Nero AG)
NetZero For Riverdeep (HKLM\...\{B09603CB-1737-48A6-8A53-F7B043CFCF40}) (Version: 1.0.2 - NetZero, Inc.)
Nmap 5.51 (HKLM\...\Nmap) (Version: - )
Nuance PDF Create! 5 (HKLM\...\{851DE017-C00B-4A50-B413-4C05740AF56E}) (Version: 5.20.3200 - Nuance Communications, Inc)
NVIDIA Graphics Driver 295.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 295.73 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.12.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.12.0 - NVIDIA Corporation)
NVIDIA nView 136.18 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.18 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0209 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0209 - NVIDIA Corporation)
NVIDIA Update 1.7.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.7.11 - NVIDIA Corporation)
PCI SoftV92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: - )
QBIDPServiceInstall (HKLM\...\{C639494E-FAF1-47FB-9EB3-AA296040F456}) (Version: 1.23.4003 - Intuit, Inc.)
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Remote Control USB Driver (HKLM\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
Scansoft PDF Create (Version: - ) Hidden
SDK (Version: 1.40.002 - Portrait Displays, Inc.) Hidden
ShareIns (Version: 1.00.0000 - Hewlett-Packard) Hidden
Smart FLV Converter Pro 3.3.2.46 (HKLM\...\Smart FLV Converter Pro_is1) (Version: 3.3.2.46 - SmartSoft, Ltd.)
Sorenson Squeeze 4.3 (Version: 4.3.1 - Sorenson Media) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version: - )
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
UninstallDeviceDll 1.1 (HKLM\...\UninstallDeviceDll_is1) (Version: - X-Rite)
update (Version: 2.00.0000 - Your Company Name) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
Window Washer (HKLM\...\Window Washer) (Version: - )
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E6}) (Version: 19.0.11294 - WinZip Computing, S.L. )
WordPerfect Office X5 SDK (HKLM\...\{F90E8ACF-2DCD-48CD-BEDE-278390E16B49}) (Version: 15.0.0.410 - Corel Corporation)
XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden
Xvid 1.1.3 final uninstall (HKLM\...\Xvid_is1) (Version: 1.1 - Xvid team (Koepi))
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{0DA49AC1-FBD9-4F26-89C4-42074DE9F500}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{12630C47-7373-4463-8C38-EF1F45D08BB8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{149EE4A0-EE69-11D2-AC32-006008E3F0A2}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{149EE4A0-EE69-11D2-AC32-006008E3F0A2}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{149EE4A1-EE69-11D2-AC32-006008E3F0A2}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{149EE4A1-EE69-11D2-AC32-006008E3F0A2}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{164A4365-064D-494D-92C8-9303A5080157}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{188047CE-0F0A-11D7-8331-00C04FA03755}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{1C43DF3D-E1C6-473E-9627-D7638EF63690}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{1D67C047-F016-11D6-831E-00C04FA03755}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{1E8640C7-545F-4E6A-83F4-D92706C99E00}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{209DAEB8-0F02-11D7-8331-00C04FA03755}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{227B4731-1051-4FF3-969F-94A8644D1863}\InprocServer32 -> C:\Documents and Settings\All Users\Application Data\{DAAC48D9-7CDE-44F3-8A98-4C1BDFAACBA7}\xrWCtmg2 (the data entry has 12 more characters).
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{28B8F788-271C-4618-9F55-4B1B40E6DF16}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{28DC33AE-D0A8-40A7-A9EA-5F6598207496}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{2CE29E35-35AA-455F-894F-F70BE74DB639}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{2E0C66AC-5A87-4AFF-AC9F-93B33D43E4ED}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{3597288E-FF31-49C2-A58A-EA88F3CEDD42}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{3B33746E-C60D-4213-9438-B36424338150}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{3B52D512-935F-11D6-82D4-00C04FA03755}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{3E1A2BBD-5707-4646-B268-518B997DC94D}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{4054F903-7C40-43D0-8ACE-3F5D73A9890C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{43F73EA1-92AE-11D6-82D3-00C04FA03755}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{49EB4C90-AE3D-4846-A719-F775FFEE600A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{57B98049-D96F-471B-942B-6B05CB2CFE0A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{5AA15E20-EE68-11D2-AC32-006008E3F0A2}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{61B7A221-D11F-4702-B5C0-79C492A726B9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{6357BCA7-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{6357BCBC-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{6600B26A-CCCE-4EF9-870E-DAB97E489CDF}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{660AF3D0-0EC6-4285-8447-B286B724687B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{75C8163F-59DF-4C9D-BC00-D0419B2CED5B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{763F9014-A89C-11D6-82E7-00C04FA03755}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{78547CB6-2D08-47F4-A1EB-AF576A33E433}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{7D11ED93-A77D-41FA-8EA5-5B39BC29E7F9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{7DEBC7E0-FA1F-11D2-AC32-006008E3F0A2}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{7DEBC7E4-FA1F-11D2-AC32-006008E3F0A2}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{7DEBC7E6-FA1F-11D2-AC32-006008E3F0A2}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{7DEBC7E7-FA1F-11D2-AC32-006008E3F0A2}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{7DEBC7E9-FA1F-11D2-AC32-006008E3F0A2}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{80C297AB-A0CB-4CE4-A5F1-36EB810BE047}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{887A7C26-B4AF-4F22-BE5E-20C00D340C74}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{92DA540D-FCC0-442C-8F82-7F6C1DBD66C8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{A0C20550-9476-407C-BFB0-3C84C2639AE6}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{A13FAF1A-6069-40A4-AD5F-110EFA282490}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{A1EED615-F007-4D40-9C06-A3CCD3CB68E1}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{A4C43001-108F-48E8-B2FF-F174977EDF03}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{A50DA40C-59F7-40A6-B2D1-748493584E9C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{A545EB9B-B12D-4BA6-8110-1D61A3566A93}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{A61F01A5-CD25-4780-A3B9-041172CD6450}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{AB40E4E0-0F0C-11D7-8331-00C04FA03755}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{AD74B184-E73A-4565-A38C-1329A29C7260}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{AF04C884-2C5F-430F-97ED-6E127F47046C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{AF478991-F6B0-40E8-856B-E80BE0677AFC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{B2565128-0F22-11D7-8331-00C04FA03755}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{B2F7AF3C-0CA7-4EAE-BBBF-A748FBC500DD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{B416D295-53BA-4E16-8D54-B80281643A8A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{B53B7736-61FA-4EF3-8989-B83C80979D89}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{B9BF9DA9-1746-4C14-B53C-1826F81EAE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{BD73860F-5142-44C9-B7C4-26CD2AB55477}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{BE1B5231-A3E2-11D6-82E3-00C04FA03755}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{BE1B5233-A3E2-11D6-82E3-00C04FA03755}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{BE1B5235-A3E2-11D6-82E3-00C04FA03755}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{C0010C26-F44B-4BE2-9D65-04D3934C5E46}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{C11BCF07-4F91-4748-956E-2B4FFC9401C5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{C2775C61-2C1C-4D50-A5E6-4814620116CD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{C3DB9DF7-64EC-46EC-86C4-27668ABA9777}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{D75FA101-6942-47DF-88DF-353F30D35682}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{D79AC66C-BDB2-4028-B79A-F1465F8FBB56}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{DCDA65F9-134B-4333-BCA0-809306CB2F55}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{DD7731C5-1E16-4087-A57F-FEDCFBD8EB2B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{DEF0B543-775C-4963-A116-DF304EE2C4DA}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{DFD4C164-AE18-11D6-82EC-00C04FA03755}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{E5A0FEE6-087B-4E48-BE06-5E1A1EF5E116}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{E851CFC8-5724-406D-9B36-11A44E72EA11}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{EE469827-4ED9-443B-9FB0-EFA81FEA6646}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{F0905939-16C0-4D2E-8F4F-73A4BEDEBE73}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{F1523FBD-0E09-4E8F-A952-B053B118FAAE}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{F21AC7C7-D6F5-11D6-8306-00C04FA03755}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> No File Path
==================== Restore Points =========================
03-02-2015 13:04:04 ComboFix created restore point
03-02-2015 13:24:57 avast! antivirus system restore point
03-02-2015 14:02:18 Software Distribution Service 3.0
03-02-2015 14:18:48 Software Distribution Service 3.0
03-02-2015 17:17:12 Software Distribution Service 3.0
03-02-2015 17:51:01 Software Distribution Service 3.0
06-02-2015 16:18:16 System Checkpoint
18-03-2015 10:30:56 System Checkpoint
19-03-2015 14:22:51 System Checkpoint
30-03-2015 11:15:47 System Checkpoint
01-04-2015 13:49:05 avast! antivirus system restore point
10-04-2015 16:16:39 Installed Windows XP Wdf01009.
11-04-2015 10:41:12 Removed HP Update.
13-04-2015 12:22:07 System Checkpoint
15-04-2015 08:43:54 System Checkpoint
20-04-2015 11:51:47 Revo Uninstaller Pro's restore point - Bitdefender Total Security 2015
20-04-2015 11:59:05 Revo Uninstaller Pro's restore point - 60-Second Virus Scanner
20-04-2015 12:02:54 Revo Uninstaller Pro's restore point - 60-Second Virus Scanner
26-04-2015 11:39:08 System Checkpoint
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2003-03-31 08:00 - 2015-04-08 14:01 - 00001512 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
212.83.162.102 www.google-analytics.com (http://www.google-analytics.com).
212.83.162.102 google-analytics.com.
212.83.162.102 connect.facebook.net.
162.247.13.78 www.google-analytics.com (http://www.google-analytics.com).
162.247.13.78 google-analytics.com.
162.247.13.78 connect.facebook.net.
89.163.213.174 www.google-analytics.com (http://www.google-analytics.com).
89.163.213.174 google-analytics.com.
89.163.213.174 connect.facebook.net.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2009-01-05 12:57 - 2006-06-22 14:38 - 00311296 ____N () C:\Program Files\Ipswitch\WS_FTP Professional\ipspgp.dll
2009-01-05 12:57 - 2006-06-22 14:37 - 00163840 ____N () C:\Program Files\Ipswitch\WS_FTP Professional\wsftplib.dll
2009-01-05 12:57 - 2006-06-22 14:38 - 00073728 ____N () C:\Program Files\Ipswitch\WS_FTP Professional\wsfirscr.dll
2009-01-05 12:57 - 2006-06-22 14:39 - 00049152 ____N () C:\Program Files\Ipswitch\WS_FTP Professional\wshosts.dll
2015-04-20 12:27 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-04-20 12:27 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-04-20 12:27 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2003-03-31 08:00 - 2008-04-14 06:42 - 00386048 ____N () C:\WINDOWS\System32\qdvd.dll
2011-11-12 10:47 - 2007-11-26 15:47 - 00038216 _____ () C:\Program Files\Webroot\Washer\Languages\English.dll
2007-06-05 14:20 - 2007-06-05 14:20 - 00177704 ____N () C:\WINDOWS\system32\PSIService.exe
2015-04-20 12:27 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-04-20 12:27 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-07-31 11:39 - 2015-02-03 13:49 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:FED912DB
AlternateDataStreams: C:\Documents and Settings\Bert Delgado\Local Settings:init
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com (http://www.008k.com)
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com (http://www.00hq.com)
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com (http://www.0scan.com)
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com (http://www.1-2005-search.com)
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com (http://www.1-domains-registrations.com)
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com (http://www.1000gratisproben.com)
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com (http://www.1001namen.com)
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com (http://www.100sexlinks.com)
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com (http://www.10sek.com)
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info (http://www.123fporn.info)
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com (http://www.123haustiereundmehr.com)
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com (http://www.123moviedownload.com)
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com (http://www.123simsen.com)
There are 7866 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2052111302-1844823847-839522115-1003\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-2052111302-1844823847-839522115-1008\Control Panel\Desktop\\Wallpaper -> (None)
DNS Servers: 8.8.8.8
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ColorMunki Gamma.lnk => C:\WINDOWS\pss\ColorMunki Gamma.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ColorMunkiPhotoTray.exe.lnk => C:\WINDOWS\pss\ColorMunkiPhotoTray.exe.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk => C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logo Calibration Loader.lnk => C:\WINDOWS\pss\Logo Calibration Loader.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PKZIP Attachments Status.lnk => C:\WINDOWS\pss\PKZIP Attachments Status.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ProfileReminder.lnk => C:\WINDOWS\pss\ProfileReminder.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\WINDOWS\pss\QuickBooks_Standard_21.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk => C:\WINDOWS\pss\Windows Search.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Bert Delgado^Start Menu^Programs^Startup^HELP_DECRYPT.HTML => C:\WINDOWS\pss\HELP_DECRYPT.HTMLStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Bert Delgado^Start Menu^Programs^Startup^HELP_DECRYPT.PNG => C:\WINDOWS\pss\HELP_DECRYPT.PNGStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Bert Delgado^Start Menu^Programs^Startup^HELP_DECRYPT.TXT => C:\WINDOWS\pss\HELP_DECRYPT.TXTStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Bert Delgado^Start Menu^Programs^Startup^HELP_DECRYPT.URL => C:\WINDOWS\pss\HELP_DECRYPT.URLStartup
MSCONFIG\startupreg: Adobe ARM => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSCONFIG\startupreg: Adobe Reader Speed Launcher => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
MSCONFIG\startupreg: AnyDVD => C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: CloneCDTray => "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: igfxpers => C:\WINDOWS\system32\igfxpers.exe
MSCONFIG\startupreg: igfxtray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: Logitech Vid => "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: MVS Splash => C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
MSCONFIG\startupreg: PDF5 Registry Controller => C:\Program Files\Nuance\PDF Create 5\RegistryController.exe
MSCONFIG\startupreg: PDFHook => C:\Program Files\Nuance\PDF Create 5\pdfcreate5hook.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: SDTray =>
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: Startup Manager => C:\Program Files\iYogi SupportDock\Optimize\startupmanager.exe
MSCONFIG\startupreg: SunJavaUpdateSched => C:\Program Files\Common Files\Java\Java Update\jusched.exe
MSCONFIG\startupreg: SysTrayApp => %ProgramFiles%\IDT\WDM\sttray.exe
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\BERTDE~1\LOCALS~1\temp\radBB622.tmp.exe] => Enabled:radBB622.tmp
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\BERTDE~1\LOCALS~1\temp\rad14CAA.tmp.exe] => Enabled:rad14CAA.tmp
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\rundll32.exe] => Enabled:rundll32
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/28/2015 00:25:30 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
Error: (04/28/2015 00:25:30 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
Error: (04/28/2015 00:25:30 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
Error: (04/28/2015 00:25:30 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
Error: (04/27/2015 00:27:00 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
Error: (04/27/2015 00:27:00 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
Error: (04/27/2015 00:27:00 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
Error: (04/27/2015 00:27:00 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
Error: (04/26/2015 00:41:17 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
Error: (04/26/2015 00:41:17 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
System errors:
=============
Error: (04/28/2015 00:26:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053
Error: (04/28/2015 00:26:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
Error: (04/28/2015 00:26:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Quiknowledge Client Service service failed to start due to the following error:
%%3
Error: (04/28/2015 00:26:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Bitdefender 60-Second Virus Scanner Service service failed to start due to the following error:
%%2
Error: (04/28/2015 00:26:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Java Quick Starter service failed to start due to the following error:
%%2
Error: (04/28/2015 00:26:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Bomgar Support Customer Client [1232383495] service failed to start due to the following error:
%%3
Error: (04/28/2015 00:26:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The adfs service failed to start due to the following error:
%%2
Error: (04/27/2015 00:27:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053
Error: (04/27/2015 00:27:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
Error: (04/27/2015 00:27:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Quiknowledge Client Service service failed to start due to the following error:
%%3
Microsoft Office Sessions:
=========================
Error: (05/11/2010 11:52:43 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.6504.500012.0.6425.1000130
Error: (02/11/2009 10:20:55 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.4518.101412.0.4518.10147160
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
Percentage of memory in use: 31%
Total physical RAM: 3325.63 MB
Available physical RAM: 2267.76 MB
Total Pagefile: 5209.38 MB
Available Pagefile: 4265.81 MB
Total Virtual: 2047.88 MB
Available Virtual: 1933.52 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:100.76 GB) (Free:76.42 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:99.6 GB) (Free:99.37 GB) NTFS
Drive e: () (Fixed) (Total:97.73 GB) (Free:97.62 GB) NTFS
==================== MBR & Partition Table ==================
=================================================
=======
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: D591D591)
Partition 1: (Active) - (Size=100.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=197.3 GB) - (Type=05)
==================== End Of Log ============================
I do not believe that the computer had any malware prevention.
Helpers please see original topic in Spybot Forum for background: http://forums.spybot.info/showthread.php?72288-Virus-not-removed (http://forums.spybot.info/showthread.php?72288-Virus-not-removed&p=463826#post463826)
Hello,
With my deepest and sincere thanks for the continued help, here are the two files requested:
FYI: because of work I will not be able to do anything with your reply until I come back in the country, this coming Monday.
Bert
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-04-2015 01
Ran by Bert Delgado (administrator) on BERT-PNGR3X4VZS on 28-04-2015 12:55:47
Running from C:\Documents and Settings\Bert Delgado\Desktop
Loaded Profiles: Bert Delgado & UpdatusUser (Available profiles: Bert Delgado & UpdatusUser)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IDT, Inc.) C:\Program Files\IDT\IntelXPV_v103\WDM\stacsv.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(SlySoft, Inc.) C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
(Webroot Software, Inc.) C:\Program Files\Webroot\Washer\wwDisp.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK32.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\WINDOWS\system32\PSIService.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Webroot Software, Inc.) C:\Program Files\Webroot\Washer\WasherSvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1634112 2012-02-10] ()
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2010-07-06] (ATI Technologies Inc.)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2052111302-1844823847-839522115-1003\...\Run: [AnyDVD] => C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [109480 2015-03-16] (SlySoft, Inc.)
HKU\S-1-5-21-2052111302-1844823847-839522115-1003\...\Run: [Window Washer] => C:\Program Files\Webroot\Washer\wwDisp.exe [1206600 2007-11-26] (Webroot Software, Inc.)
HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2015-02-03]
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
Startup: C:\Documents and Settings\Bert Delgado\Start Menu\Programs\Startup\HELP_DECRYPT.HTML [2015-04-10] ()
Startup: C:\Documents and Settings\Bert Delgado\Start Menu\Programs\Startup\HELP_DECRYPT.PNG [2015-04-08] ()
Startup: C:\Documents and Settings\Bert Delgado\Start Menu\Programs\Startup\HELP_DECRYPT.TXT [2015-04-08] ()
InternetURL: C:\Documents and Settings\Bert Delgado\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://7oqnsnzwwnm6zb7y.icepaytor.com/w22L89
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2052111302-1844823847-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2052111302-1844823847-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKU\S-1-5-21-2052111302-1844823847-839522115-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll (Microsoft Corporation)
URLSearchHook: [S-1-5-21-2052111302-1844823847-839522115-1008] ATTENTION ==> Default URLSearchHook is missing.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://start.mysearchdial.com/?f=2&a=dnldstr_14_13_ff&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtCtAzz0FyEtD0E0BtA0AyEtN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEtD0Azyzz0DtCtDtGyEzytAtCtG0FtCtDzytG0FyBzyzytGtDtBzz0FyE0CtDyBtCzzyBzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0C0DzyyD0A0B0DtGyDzy0FzytGtAyDtBzztGtCtCyDyCtGtBtBtD0D0F0FyCyEtDtBtAtA2Q&cr=2116146364&ir=" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_13_ff&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtCtAzz0FyEtD0E0BtA0AyEtN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEtD0Azyzz0DtCtDtGyEzytAtCtG0FtCtDzytG0FyBzyzytGtDtBzz0FyE0CtDyBtCzzyBzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0C0DzyyD0A0B0DtGyDzy0FzytGtAyDtBzztGtCtCyDyCtGtBtBtD0D0F0FyCyEtDtBtAtA2Q&cr=2116146364&ir=
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_13_ff&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtCtAzz0FyEtD0E0BtA0AyEtN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEtD0Azyzz0DtCtDtGyEzytAtCtG0FtCtDzytG0FyBzyzytGtDtBzz0FyE0CtDyBtCzzyBzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0C0DzyyD0A0B0DtGyDzy0FzytGtAyDtBzztGtCtCyDyCtGtBtBtD0D0F0FyCyEtDtBtAtA2Q&cr=2116146364&ir=
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2052111302-1844823847-839522115-1008 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2052111302-1844823847-839522115-1003 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: {88D969C0-F192-11D4-A65F-0040963251E5}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\MyRmProt5.0.0.811.dll [2010-07-23] (McAfee, Inc.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2009-12-22] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2009-12-22] (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [147456 2008-12-12] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7D9F5F49-792D-48DB-B06D-40B2FEC575DE}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{8A5DC270-247A-47FB-A09B-EFD985D737CD}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{DC541A91-99C3-44B3-94D3-5E99E0F827DA}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{F5812AE9-20E0-4616-A8F8-7A320CAA4AF8}: [NameServer] 8.8.8.8,8.8.8.8
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Bert Delgado\Application Data\Mozilla\Firefox\Profiles\43ht0op5.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-03] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-25] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-25] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-02-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-02-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-02-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-02-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-02-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2015-02-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2015-02-03] (Apple Inc.)
FF SearchPlugin: C:\Documents and Settings\Bert Delgado\Application Data\Mozilla\Firefox\Profiles\43ht0op5.default\searchplugins\yahoo-msd.xml [2014-08-07]
FF Extension: Logitech Device Detection - C:\Documents and Settings\Bert Delgado\Application Data\Mozilla\Firefox\Profiles\43ht0op5.default\Extensions\DeviceDetection@logitech.com [2011-10-12]
FF Extension: DownloadHelper - C:\Documents and Settings\Bert Delgado\Application Data\Mozilla\Firefox\Profiles\43ht0op5.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-09]
FF Extension: Adblock Plus - C:\Documents and Settings\Bert Delgado\Application Data\Mozilla\Firefox\Profiles\43ht0op5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-07-06]
FF Extension: Quiknowledge - C:\Program Files\Mozilla Firefox\extensions\quiknowledge@quiknowledge.com [2014-03-25]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-31]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-02-03]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF HKLM\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdwteff
FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\!vitruvian-autoenable.js [2014-03-25] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\!vitruvian-csp.js [2014-03-25]
FF ExtraCheck: C:\Program Files\mozilla firefox\vitruvian-autoenable.cfg [2014-03-25] <==== ATTENTION
Chrome:
=======
CHR Profile: C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\Google\Chrome\User Data\Default
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [81920 2005-05-20] (Hewlett-Packard Company)
S3 HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [73728 2004-10-16] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2009-10-27] (Alcatel-Lucent) [File not signed]
S4 myAgtSvc; C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [291064 2011-01-25] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [177704 2007-06-05] ()
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-06-30] (Intuit Inc.) [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 STacSV; c:\program files\idt\intelxpv_v103\wdm\STacSV.exe [254036 2009-03-12] (IDT, Inc.)
R2 wwEngineSvc; C:\Program Files\Webroot\Washer\WasherSvc.exe [598856 2007-11-26] (Webroot Software, Inc.)
S2 bomgar-scc-1232383495; "C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4974AE05\bomgar-scc.exe" -service:run [X]
S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
S2 pdserv; C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe \svc [X]
S2 qksvc; "C:\Program Files\Quiknowledge\Service\qksvc.exe" [X]
S4 RumorServer; "C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" /RunDLL=RumorServer.dll;ServiceHost [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [136488 2014-12-23] (SlySoft, Inc.)
S3 basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [67167 2001-08-17] (Conexant)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 colormunki; C:\WINDOWS\System32\Drivers\colormunki.sys [29184 2007-10-02] (Thesycon GmbH, Germany)
R3 ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [34760 2007-02-15] (SlySoft, Inc.)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [30616 2014-12-20] (Elaborate Bytes AG)
R2 Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [289887 2001-08-17] (Conexant)
R2 Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [115807 2001-08-17] (Conexant)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2005-10-21] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-10-21] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2005-10-22] (HP)
S3 HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [1041536 2004-08-03] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [988032 2007-04-26] (Conexant Systems, Inc.)
S3 hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [542879 2001-08-17] (Conexant)
S3 i1display; C:\WINDOWS\System32\Drivers\i1display.sys [44344 2004-10-15] ()
R2 K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [391199 2001-08-17] (Conexant)
S3 MfeRKDK; C:\WINDOWS\System32\drivers\MfeRKDK.sys [34248 2009-12-15] (McAfee, Inc.)
R1 mfetdik; C:\WINDOWS\System32\drivers\mfetdik.sys [55304 2009-12-15] (McAfee, Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [123712 2012-01-17] (NVIDIA Corporation)
S3 PalmUSBD; C:\WINDOWS\System32\drivers\PalmUSBD.sys [16694 2009-01-23] (PalmSource, Inc.)
R2 PDIHWCTL; C:\WINDOWS\system32\drivers\pdihwctl.sys [14416 2006-05-11] (Portrait Displays, Inc.) [File not signed]
R3 PdiPorts; C:\WINDOWS\System32\Drivers\PdiPorts.sys [15920 2006-11-16] (Portrait Displays, Inc.)
S3 Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [57471 2001-08-17] (Conexant)
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
R1 sf; C:\WINDOWS\System32\drivers\sf.sys [33248 2003-05-09] (Sonic Focus, Inc)
R3 SMBios; C:\WINDOWS\System32\DRIVERS\SMBios.sys [36484 2003-10-14] (Intel Corporation) [File not signed]
R2 SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [199711 2001-08-17] (Conexant)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1550613 2009-03-12] (IDT, Inc.)
R2 Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [50751 2001-08-17] (Conexant)
R2 V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [488383 2001-08-17] (Conexant)
S3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\WINDOWS\System32\drivers\ialmsbw.sys [113504 2003-04-15] (Intel Corporation)
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\WINDOWS\System32\drivers\ialmkchw.sys [78752 2003-04-15] (Intel Corporation)
S2 adfs; No ImagePath
S3 catchme; \??\C:\DOCUME~1\BERTDE~1\LOCALS~1\Temp\catchme.sys [X]
S3 cpuz132; \??\C:\DOCUME~1\BERTDE~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [X]
S3 cpuz134; \??\C:\DOCUME~1\BERTDE~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S3 FilterService; system32\DRIVERS\lvuvcflt.sys [X]
S3 GearAspiWDM; system32\drivers\gearaspiwdm.sys [X]
S4 IntelIde; No ImagePath
S3 lvpopflt; system32\DRIVERS\lvpopflt.sys [X]
S3 LVUSBSta; system32\drivers\LVUSBSta.sys [X]
S3 LVUVC; system32\DRIVERS\lvuvc.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U3 Upcsnrvaouid; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-28 12:55 - 2015-04-28 12:56 - 00020243 _____ () C:\Documents and Settings\Bert Delgado\Desktop\FRST.txt
2015-04-28 12:53 - 2015-04-28 12:55 - 00000000 ____D () C:\FRST
2015-04-28 12:52 - 2015-04-28 12:52 - 01140736 _____ (Farbar) C:\Documents and Settings\Bert Delgado\Desktop\FRST.exe
2015-04-28 12:50 - 2015-04-28 12:50 - 00000000 ____D () C:\RegBackup
2015-04-28 12:49 - 2015-04-28 12:49 - 00001876 _____ () C:\Documents and Settings\All Users\Desktop\Tweaking.com - Registry Backup.lnk
2015-04-28 12:49 - 2015-04-28 12:49 - 00000000 ____D () C:\Program Files\Tweaking.com
2015-04-28 12:49 - 2015-04-28 12:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2015-04-28 12:44 - 2015-04-28 12:44 - 04720448 _____ () C:\Documents and Settings\Bert Delgado\Desktop\tweaking.com_registry_backup_setup.exe
2015-04-28 12:30 - 2015-04-28 12:28 - 00000162 _____ () C:\Documents and Settings\Bert Delgado\Desktop\-BEFORE You POST-(Please read this Procedure Before Requesting Assistance)- Updated.url
2015-04-21 13:28 - 2015-04-21 13:28 - 02986038 _____ () C:\Documents and Settings\Bert Delgado\Desktop\virus-002.bmp
2015-04-21 13:27 - 2015-04-21 13:27 - 02986038 _____ () C:\Documents and Settings\Bert Delgado\Desktop\Virus-001.bmp
2015-04-21 13:26 - 2015-04-21 13:26 - 00001515 _____ () C:\Documents and Settings\Bert Delgado\Desktop\Paint.lnk
2015-04-21 13:21 - 2015-04-08 14:01 - 00001512 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20150421-132100.backup
2015-04-21 13:12 - 2015-04-21 13:12 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\My Documents\ProcAlyzer Dumps
2015-04-21 12:36 - 2015-04-08 14:01 - 00001512 __RSH () C:\WINDOWS\system32\Drivers\etc\hosts.20150421-123648.backup
2015-04-20 12:27 - 2015-04-28 12:26 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-04-20 12:27 - 2015-04-20 12:27 - 00001842 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-04-20 12:27 - 2015-04-20 12:27 - 00001836 _____ () C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2015-04-20 12:27 - 2015-04-20 12:27 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2015-04-20 12:27 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2015-04-20 11:53 - 2015-04-20 11:53 - 00275982 _____ () C:\Documents and Settings\All Users\Application Data\1429545111.bdinstall.bin
2015-04-20 11:53 - 2015-04-20 11:53 - 00049283 _____ () C:\Documents and Settings\All Users\Application Data\1429545211.bdinstall.bin
2015-04-20 11:53 - 2015-04-20 11:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Bitdefender 60-Second Virus Scanner
2015-04-11 11:00 - 2015-04-11 11:00 - 00000385 _____ () C:\Documents and Settings\Bert Delgado\Application Datauser_gensett.xml
2015-04-11 10:38 - 2015-04-11 10:38 - 00000754 _____ () C:\WINDOWS\WORDPAD.INI
2015-04-11 10:34 - 2015-04-11 10:34 - 00001861 _____ () C:\Documents and Settings\All Users\Desktop\HP Officejet 6700.lnk
2015-04-11 10:34 - 2015-04-11 10:34 - 00001639 _____ () C:\Documents and Settings\All Users\Desktop\HP ePrintCenter - HP Officejet 6700.lnk
2015-04-11 10:34 - 2015-04-11 10:34 - 00000869 _____ () C:\Documents and Settings\All Users\Desktop\Shop for Supplies - HP Officejet 6700.lnk
2015-04-11 10:34 - 2011-09-09 15:53 - 00544616 ____N (Hewlett-Packard Co.) C:\WINDOWS\system32\HPDiscoPM5C12.dll
2015-04-11 10:27 - 2015-04-11 10:27 - 00000057 _____ () C:\Documents and Settings\All Users\Application Data\Ament.ini
2015-04-10 16:27 - 2015-04-10 16:27 - 00000385 _____ () C:\WINDOWS\system32\user_gensett.xml
2015-04-10 16:18 - 2015-04-10 16:18 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\QuickScan
2015-04-10 16:16 - 2015-04-10 16:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWdf01009$
2015-04-10 16:16 - 2015-04-10 16:30 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\BDLogging
2015-04-10 16:16 - 2015-04-10 16:16 - 00004303 _____ () C:\WINDOWS\Wdf01009Inst.log
2015-04-10 16:16 - 2015-04-10 16:16 - 00000000 ____H () C:\WINDOWS\system32\Drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2015-04-10 16:16 - 2015-04-10 16:16 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-04-10 16:16 - 2009-07-14 12:27 - 01461992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01009.dll
2015-04-10 16:16 - 2008-11-07 18:55 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll
2015-04-10 16:15 - 2015-04-10 16:29 - 00074000 _____ (BitDefender SRL) C:\WINDOWS\system32\bdsandboxuiskin.dll
2015-04-10 16:15 - 2014-12-02 13:37 - 00026624 _____ (BitDefender SRL) C:\WINDOWS\system32\bdsandboxuh.dll
2015-04-10 16:15 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\capicom.dll
2015-04-10 16:07 - 2015-04-10 16:07 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\QuickScan
2015-04-10 16:05 - 2015-04-20 12:10 - 00000000 ____D () C:\Program Files\Bitdefender
2015-04-10 15:56 - 2015-04-13 13:51 - 00000000 ____D () C:\WINDOWS\FrameworkUpdate
2015-04-10 15:56 - 2015-04-10 15:56 - 00000480 ____H () C:\Documents and Settings\Bert Delgado\Application Data\麽鎒駓覜
2015-04-10 15:53 - 2015-04-20 11:53 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2015-04-08 15:07 - 2015-04-08 15:07 - 00023040 _____ () C:\Documents and Settings\Bert Delgado\Application Data\~uTorrentPartFile_4985C65.dat
2015-04-08 14:57 - 2015-04-20 11:52 - 00024346 _____ () C:\WINDOWS\setupapi.log
2015-04-08 14:57 - 2015-04-09 08:38 - 00000925 _____ () C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
2015-04-08 14:57 - 2015-04-08 14:57 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\VS Revo Group
2015-04-08 14:56 - 2015-04-09 08:38 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
2015-04-08 14:56 - 2015-04-08 14:56 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-04-08 14:56 - 2015-04-08 14:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\VS Revo Group
2015-04-08 14:56 - 2009-12-30 10:20 - 00027064 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2015-04-08 14:43 - 2015-04-08 14:44 - 00033751 _____ () C:\WINDOWS\ie8Uninst.log
2015-04-08 14:43 - 2015-04-08 14:43 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-04-08 14:02 - 2015-04-08 14:02 - 00000761 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.txt
2015-04-08 13:02 - 2015-04-08 13:03 - 00000030 _____ () C:\Documents and Settings\Bert Delgado\„…†‡ˆ‰Š‹ŒŽ‘’“Ù
2015-04-01 13:40 - 2015-04-10 15:59 - 00002698 _____ () C:\WINDOWS\wininit.ini
2015-04-01 13:33 - 2015-04-01 13:33 - 00008572 _____ () C:\HELP_DECRYPT.HTML
2015-04-01 13:33 - 2015-04-01 13:33 - 00004226 _____ () C:\HELP_DECRYPT.TXT
2015-04-01 13:33 - 2015-04-01 13:33 - 00000276 _____ () C:\HELP_DECRYPT.URL
2015-04-01 13:31 - 2015-04-01 13:31 - 00008572 _____ () C:\Documents and Settings\UpdatusUser\Application Data\HELP_DECRYPT.HTML
2015-04-01 13:31 - 2015-04-01 13:31 - 00008572 _____ () C:\Documents and Settings\LocalService\Local Settings\HELP_DECRYPT.HTML
2015-04-01 13:31 - 2015-04-01 13:31 - 00008572 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\HELP_DECRYPT.HTML
2015-04-01 13:31 - 2015-04-01 13:31 - 00008572 _____ () C:\Documents and Settings\LocalService\Application Data\HELP_DECRYPT.HTML
2015-04-01 13:31 - 2015-04-01 13:31 - 00008572 _____ () C:\Documents and Settings\Default User\HELP_DECRYPT.HTML
2015-04-01 13:31 - 2015-04-01 13:31 - 00008572 _____ () C:\Documents and Settings\Default User\Application Data\HELP_DECRYPT.HTML
2015-04-01 13:31 - 2015-04-01 13:31 - 00004226 _____ () C:\Documents and Settings\UpdatusUser\HELP_DECRYPT.TXT
2015-04-01 13:31 - 2015-04-01 13:31 - 00004226 _____ () C:\Documents and Settings\UpdatusUser\Application Data\HELP_DECRYPT.TXT
2015-04-01 13:31 - 2015-04-01 13:31 - 00004226 _____ () C:\Documents and Settings\LocalService\Local Settings\HELP_DECRYPT.TXT
2015-04-01 13:31 - 2015-04-01 13:31 - 00004226 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\HELP_DECRYPT.TXT
2015-04-01 13:31 - 2015-04-01 13:31 - 00004226 _____ () C:\Documents and Settings\LocalService\HELP_DECRYPT.TXT
2015-04-01 13:31 - 2015-04-01 13:31 - 00004226 _____ () C:\Documents and Settings\LocalService\Application Data\HELP_DECRYPT.TXT
2015-04-01 13:31 - 2015-04-01 13:31 - 00004226 _____ () C:\Documents and Settings\Default User\HELP_DECRYPT.TXT
2015-04-01 13:31 - 2015-04-01 13:31 - 00004226 _____ () C:\Documents and Settings\Default User\Application Data\HELP_DECRYPT.TXT
2015-04-01 13:31 - 2015-04-01 13:31 - 00004226 _____ () C:\Documents and Settings\Bert Delgado\My Documents\HELP_DECRYPT.TXT
2015-04-01 13:31 - 2015-04-01 13:31 - 00004226 _____ () C:\Documents and Settings\Bert Delgado\HELP_DECRYPT.TXT
2015-04-01 13:31 - 2015-04-01 13:31 - 00000276 _____ () C:\Documents and Settings\UpdatusUser\HELP_DECRYPT.URL
2015-04-01 13:31 - 2015-04-01 13:31 - 00000276 _____ () C:\Documents and Settings\UpdatusUser\Application Data\HELP_DECRYPT.URL
2015-04-01 13:31 - 2015-04-01 13:31 - 00000276 _____ () C:\Documents and Settings\LocalService\Local Settings\HELP_DECRYPT.URL
2015-04-01 13:31 - 2015-04-01 13:31 - 00000276 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\HELP_DECRYPT.URL
2015-04-01 13:31 - 2015-04-01 13:31 - 00000276 _____ () C:\Documents and Settings\LocalService\HELP_DECRYPT.URL
2015-04-01 13:31 - 2015-04-01 13:31 - 00000276 _____ () C:\Documents and Settings\LocalService\Application Data\HELP_DECRYPT.URL
2015-04-01 13:31 - 2015-04-01 13:31 - 00000276 _____ () C:\Documents and Settings\Default User\HELP_DECRYPT.URL
2015-04-01 13:31 - 2015-04-01 13:31 - 00000276 _____ () C:\Documents and Settings\Default User\Application Data\HELP_DECRYPT.URL
2015-04-01 13:31 - 2015-04-01 13:31 - 00000276 _____ () C:\Documents and Settings\Bert Delgado\My Documents\HELP_DECRYPT.URL
2015-04-01 13:31 - 2015-04-01 13:31 - 00000276 _____ () C:\Documents and Settings\Bert Delgado\HELP_DECRYPT.URL
2015-04-01 13:30 - 2015-04-01 13:30 - 00008572 _____ () C:\Documents and Settings\Bert Delgado\Local Settings\HELP_DECRYPT.HTML
2015-04-01 13:30 - 2015-04-01 13:30 - 00008572 _____ () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\HELP_DECRYPT.HTML
2015-04-01 13:30 - 2015-04-01 13:30 - 00004226 _____ () C:\Documents and Settings\Bert Delgado\Local Settings\HELP_DECRYPT.TXT
2015-04-01 13:30 - 2015-04-01 13:30 - 00004226 _____ () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\HELP_DECRYPT.TXT
2015-04-01 13:30 - 2015-04-01 13:30 - 00000276 _____ () C:\Documents and Settings\Bert Delgado\Local Settings\HELP_DECRYPT.URL
2015-04-01 13:30 - 2015-04-01 13:30 - 00000276 _____ () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\HELP_DECRYPT.URL
2015-04-01 13:25 - 2015-04-01 13:25 - 00008572 _____ () C:\Documents and Settings\Bert Delgado\Application Data\HELP_DECRYPT.HTML
2015-04-01 13:25 - 2015-04-01 13:25 - 00004226 _____ () C:\Documents and Settings\Bert Delgado\Application Data\HELP_DECRYPT.TXT
2015-04-01 13:25 - 2015-04-01 13:25 - 00000276 _____ () C:\Documents and Settings\Bert Delgado\Application Data\HELP_DECRYPT.URL
2015-04-01 13:10 - 2015-04-01 13:10 - 00008572 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.HTML
2015-04-01 13:10 - 2015-04-01 13:10 - 00008572 _____ () C:\Documents and Settings\All Users\Application Data\HELP_DECRYPT.HTML
2015-04-01 13:10 - 2015-04-01 13:10 - 00004226 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.TXT
2015-04-01 13:10 - 2015-04-01 13:10 - 00004226 _____ () C:\Documents and Settings\All Users\Application Data\HELP_DECRYPT.TXT
2015-04-01 13:10 - 2015-04-01 13:10 - 00000276 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.URL
2015-04-01 13:10 - 2015-04-01 13:10 - 00000276 _____ () C:\Documents and Settings\All Users\Application Data\HELP_DECRYPT.URL
2015-04-01 11:45 - 2015-04-10 16:26 - 00000000 ___HD () C:\Documents and Settings\All Users\Application Data\{DAAC48D9-7CDE-44F3-8A98-4C1BDFAACBA7}
2015-04-01 11:45 - 2015-04-01 11:45 - 00408600 _____ () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\cvzhqkiqij.dat
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-28 12:56 - 2015-02-03 13:12 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Local Settings\temp
2015-04-28 12:50 - 2008-12-31 11:12 - 00000000 ____D () C:\WINDOWS\Registration
2015-04-28 12:50 - 2008-12-31 05:58 - 00000000 ____D () C:\WINDOWS\repair
2015-04-28 12:32 - 2012-05-07 10:47 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-28 12:26 - 2003-03-31 08:00 - 00012598 _____ () C:\WINDOWS\system32\wpa.dbl
2015-04-28 12:25 - 2010-04-10 12:07 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-28 12:25 - 2008-12-31 11:14 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-28 12:25 - 2008-12-31 06:04 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-04-28 12:25 - 2008-12-31 06:04 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-04-27 12:41 - 2008-12-31 12:16 - 01359066 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-27 12:41 - 2008-12-31 11:39 - 00000178 ___SH () C:\Documents and Settings\Bert Delgado\ntuser.ini
2015-04-27 12:41 - 2008-12-31 11:23 - 00032606 _____ () C:\WINDOWS\SchedLgU.Txt
2015-04-26 12:20 - 2010-04-10 12:07 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-21 13:19 - 2014-07-22 11:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2015-04-21 13:12 - 2008-12-31 06:00 - 00000361 __RSH () C:\boot.ini
2015-04-21 12:32 - 2014-07-22 11:53 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-04-20 11:50 - 2010-10-09 11:03 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\HpUpdate
2015-04-15 09:11 - 2009-02-24 08:35 - 00000000 __SHD () C:\WINDOWS\CSC
2015-04-15 08:55 - 2012-05-07 10:47 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-04-15 08:55 - 2011-05-13 18:55 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-04-15 08:55 - 2009-01-05 14:52 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\Adobe
2015-04-11 11:00 - 2008-12-31 11:39 - 00000000 ____D () C:\Documents and Settings\Bert Delgado
2015-04-11 10:41 - 2008-12-31 14:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP
2015-04-11 10:41 - 2008-12-31 14:07 - 00000000 ____D () C:\Program Files\HP
2015-04-11 10:31 - 2008-12-31 05:58 - 00000000 ____D () C:\WINDOWS\twain_32
2015-04-11 10:28 - 2009-03-15 10:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HP
2015-04-11 10:25 - 2009-11-05 16:29 - 00195248 ____C () C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2015-04-11 10:25 - 2008-12-31 15:07 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\HP
2015-04-11 10:13 - 2015-03-18 10:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2015-04-10 16:31 - 2015-02-03 17:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975558_WM8$
2015-04-10 16:31 - 2015-02-03 14:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2378111_WM9$
2015-04-10 16:31 - 2015-02-03 14:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2686509$
2015-04-10 16:31 - 2015-02-03 14:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2485663$
2015-04-10 16:31 - 2015-02-03 14:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2229593$
2015-04-10 16:31 - 2015-02-03 14:46 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862335$
2015-04-10 16:31 - 2015-02-03 14:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB961118$
2015-04-10 16:31 - 2015-02-03 14:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2904266$
2015-04-10 16:31 - 2015-02-03 14:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2015-04-10 16:31 - 2015-02-03 14:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2592799$
2015-04-10 16:31 - 2015-02-03 14:42 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2535512$
2015-04-10 16:31 - 2015-02-03 14:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB963093$
2015-04-10 16:31 - 2015-02-03 14:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2807986$
2015-04-10 16:31 - 2015-02-03 14:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2570947$
2015-04-10 16:31 - 2015-02-03 14:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868038$
2015-04-10 16:31 - 2015-02-03 14:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978695_WM9$
2015-04-10 16:31 - 2015-02-03 14:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2603381$
2015-04-10 16:31 - 2015-02-03 14:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978542$
2015-04-10 16:31 - 2015-02-03 14:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2698365$
2015-04-10 16:31 - 2015-02-03 14:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB981997$
2015-04-10 16:31 - 2015-02-03 14:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979309$
2015-04-10 16:31 - 2015-02-03 14:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2723135-v2$
2015-04-10 16:31 - 2015-02-03 14:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862330$
2015-04-10 16:31 - 2015-02-03 14:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2676562$
2015-04-10 16:31 - 2015-02-03 14:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB982665$
2015-04-10 16:31 - 2015-02-03 14:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2620712$
2015-04-10 16:31 - 2015-02-03 14:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2478960$
2015-04-10 16:31 - 2015-02-03 14:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2393802$
2015-04-10 16:31 - 2015-02-03 14:21 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2015-04-10 16:31 - 2015-02-03 14:21 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2661637$
2015-04-10 16:31 - 2015-02-03 14:21 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2584146$
2015-04-10 16:31 - 2015-02-03 14:21 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2566454$
2015-04-10 16:31 - 2015-02-03 14:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2423089$
2015-04-10 16:31 - 2015-02-03 13:12 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2015-04-10 16:31 - 2014-03-25 12:42 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2467659$
2015-04-10 16:31 - 2010-04-19 11:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v3$
2015-04-10 16:31 - 2010-03-25 10:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB940157$
2015-04-10 16:31 - 2010-03-25 10:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB915800-v4$
2015-04-10 16:31 - 2010-02-18 10:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB970430$
2015-04-10 16:31 - 2010-02-18 10:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971737$
2015-04-10 16:31 - 2010-02-16 12:53 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978262$
2015-04-10 16:31 - 2010-02-16 12:53 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978207$
2015-04-10 16:31 - 2010-02-16 12:53 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB976098-v2$
2015-04-10 16:31 - 2010-02-16 12:53 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971468$
2015-04-10 16:31 - 2010-02-16 12:53 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB960859$
2015-04-10 16:31 - 2010-02-16 12:53 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB959426$
2015-04-10 16:31 - 2010-02-16 12:53 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB958869$
2015-04-10 16:31 - 2010-02-16 12:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978037$
2015-04-10 16:31 - 2010-02-16 12:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975713$
2015-04-10 16:31 - 2010-02-16 12:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974318$
2015-04-10 16:31 - 2010-02-16 12:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971657$
2015-04-10 16:31 - 2010-02-16 12:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB969059$
2015-04-10 16:31 - 2010-02-16 12:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB968816_WM9$
2015-04-10 16:31 - 2010-02-16 12:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB960225$
2015-04-10 16:31 - 2010-02-16 12:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB955759$
2015-04-10 16:31 - 2010-02-16 12:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB951978$
2015-04-10 16:31 - 2010-02-16 12:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975560$
2015-04-10 16:31 - 2010-02-16 12:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975025$
2015-04-10 16:31 - 2010-02-16 12:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974571$
2015-04-10 16:31 - 2010-02-16 12:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974112$
2015-04-10 16:31 - 2010-02-16 12:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973507$
2015-04-10 16:31 - 2010-02-16 12:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB967715$
2015-04-10 16:31 - 2010-02-16 12:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB961501$
2015-04-10 16:31 - 2010-02-16 12:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952004$
2015-04-10 16:31 - 2010-02-16 12:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB939683$
2015-04-10 16:31 - 2010-02-16 12:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978706$
2015-04-10 16:31 - 2010-02-16 12:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB977914$
2015-04-10 16:31 - 2010-02-16 12:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974392$
2015-04-10 16:31 - 2010-02-16 12:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB970238$
2015-04-10 16:31 - 2010-02-16 12:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB960803$
2015-04-10 16:31 - 2010-02-16 12:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB951748$
2015-04-10 16:31 - 2010-02-16 12:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975467$
2015-04-10 16:31 - 2010-02-16 12:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973815$
2015-04-10 16:31 - 2010-02-16 12:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB968389$
2015-04-10 16:31 - 2010-02-16 11:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB954155_WM9$
2015-04-10 16:31 - 2010-02-16 11:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978251$
2015-04-10 16:31 - 2010-02-16 11:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973869$
2015-04-10 16:31 - 2010-02-16 11:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB972270$
2015-04-10 16:31 - 2010-02-16 11:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956844$
2015-04-10 16:31 - 2010-02-16 11:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956744$
2015-04-10 16:31 - 2010-02-16 11:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956572$
2015-04-10 16:31 - 2010-02-16 11:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973904$
2015-04-10 16:31 - 2010-02-16 11:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973687$
2015-04-10 16:31 - 2010-02-16 11:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973540_WM9$
2015-04-10 16:31 - 2010-02-16 11:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973354$
2015-04-10 16:31 - 2010-02-16 11:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB929399$
2015-04-10 16:31 - 2010-02-16 11:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971486$
2015-04-10 16:31 - 2010-02-16 11:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB954154_WM11$
2015-04-10 16:31 - 2010-02-16 11:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971961$
2015-04-10 16:31 - 2010-02-16 11:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB969947$
2015-04-10 16:31 - 2010-02-16 11:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB923561$
2015-04-10 16:31 - 2010-02-15 18:13 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB960714$
2015-04-10 16:31 - 2010-02-15 18:13 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB958644$
2015-04-10 16:31 - 2010-02-15 18:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB958215$
2015-04-10 16:31 - 2010-02-15 18:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB957097$
2015-04-10 16:31 - 2010-02-15 18:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB957095$
2015-04-10 16:31 - 2010-02-15 18:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956841$
2015-04-10 16:31 - 2010-02-15 18:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956803$
2015-04-10 16:31 - 2010-02-15 18:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956802$
2015-04-10 16:31 - 2010-02-15 18:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB955069$
2015-04-10 16:31 - 2010-02-15 18:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB954600$
2015-04-10 16:31 - 2010-02-15 18:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB954211$
2015-04-10 16:31 - 2010-02-15 18:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952954$
2015-04-10 16:31 - 2010-02-15 18:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952287$
2015-04-10 16:31 - 2010-02-15 18:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB951698$
2015-04-10 16:31 - 2010-02-15 18:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB951376-v2$
2015-04-10 16:31 - 2010-02-15 18:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB951066$
2015-04-10 16:31 - 2010-02-15 18:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB950974$
2015-04-10 16:31 - 2010-02-15 18:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB950762$
2015-04-10 16:31 - 2010-02-15 18:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB946648$
2015-04-10 16:31 - 2010-02-15 18:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB938464$
2015-04-10 16:31 - 2010-02-15 17:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2015-04-10 16:31 - 2009-03-24 16:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallMSCompPackV1$
2015-04-10 16:31 - 2009-03-24 15:59 - 00000000 __HDC () C:\WINDOWS\$NtUninstallwmp11$
2015-04-10 16:31 - 2009-03-22 15:20 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB926239$
2015-04-10 16:31 - 2009-03-22 15:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWMFDist11$
2015-04-10 16:31 - 2009-03-22 15:18 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWudf01000$
2015-04-10 16:31 - 2009-01-17 13:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB916089$
2015-04-10 16:31 - 2009-01-03 12:18 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWIC$
2015-04-10 16:31 - 2009-01-02 10:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB941569$
2015-04-10 16:31 - 2008-12-31 16:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956803_0$
2015-04-10 16:31 - 2008-12-31 16:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB955839$
2015-04-10 16:31 - 2008-12-31 16:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952954_0$
2015-04-10 16:31 - 2008-12-31 16:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952069_WM9$
2015-04-10 16:31 - 2008-12-31 16:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB951376-v2_0$
2015-04-10 16:31 - 2008-12-31 16:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB946648_0$
2015-04-10 16:31 - 2008-12-31 16:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB958215_0$
2015-04-10 16:31 - 2008-12-31 16:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB957095_0$
2015-04-10 16:31 - 2008-12-31 16:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956391$
2015-04-10 16:31 - 2008-12-31 16:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB954211_0$
2015-04-10 16:31 - 2008-12-31 16:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB951698_0$
2015-04-10 16:31 - 2008-12-31 16:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB950974_0$
2015-04-10 16:31 - 2008-12-31 16:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB885626$
2015-04-10 16:31 - 2008-12-31 16:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB960714_0$
2015-04-10 16:31 - 2008-12-31 16:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB957097_0$
2015-04-10 16:31 - 2008-12-31 16:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956841_0$
2015-04-10 16:31 - 2008-12-31 16:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB954600_0$
2015-04-10 16:31 - 2008-12-31 16:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952287_0$
2015-04-10 16:31 - 2008-12-31 16:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB951066_0$
2015-04-10 16:31 - 2008-12-31 16:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB950762_0$
2015-04-10 16:31 - 2008-12-31 16:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB938464_0$
2015-04-10 16:31 - 2008-12-31 16:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB958644_0$
2015-04-10 16:31 - 2008-12-31 16:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956802_0$
2015-04-10 16:31 - 2008-12-31 16:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB955069_0$
2015-04-10 16:31 - 2008-12-31 16:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB944338-v2$
2015-04-10 16:31 - 2008-12-31 12:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB898461$
2015-04-10 16:31 - 2008-12-31 11:13 - 00000000 ___RD () C:\WINDOWS\Offline Web Pages
2015-04-10 16:17 - 2009-03-22 15:18 - 00000000 ____D () C:\WINDOWS\system32\LogFiles
2015-04-10 16:16 - 2015-02-03 14:19 - 00252095 _____ () C:\WINDOWS\iis6.log
2015-04-10 16:16 - 2015-02-03 14:19 - 00234946 _____ () C:\WINDOWS\FaxSetup.log
2015-04-10 16:16 - 2015-02-03 14:19 - 00112328 _____ () C:\WINDOWS\ocgen.log
2015-04-10 16:16 - 2015-02-03 14:19 - 00107199 _____ () C:\WINDOWS\tsoc.log
2015-04-10 16:16 - 2015-02-03 14:19 - 00078181 _____ () C:\WINDOWS\comsetup.log
2015-04-10 16:16 - 2015-02-03 14:19 - 00071090 _____ () C:\WINDOWS\msmqinst.log
2015-04-10 16:16 - 2015-02-03 14:19 - 00047367 _____ () C:\WINDOWS\ntdtcsetup.log
2015-04-10 16:16 - 2015-02-03 14:19 - 00041154 _____ () C:\WINDOWS\netfxocm.log
2015-04-10 16:16 - 2015-02-03 14:19 - 00016150 _____ () C:\WINDOWS\MedCtrOC.log
2015-04-10 16:16 - 2015-02-03 14:19 - 00012996 _____ () C:\WINDOWS\ocmsn.log
2015-04-10 16:16 - 2015-02-03 14:19 - 00011818 _____ () C:\WINDOWS\tabletoc.log
2015-04-10 16:16 - 2015-02-03 14:19 - 00011742 _____ () C:\WINDOWS\msgsocm.log
2015-04-10 16:16 - 2015-02-03 14:19 - 00001802 _____ () C:\WINDOWS\setupact.log
2015-04-10 16:16 - 2015-02-03 14:19 - 00001374 _____ () C:\WINDOWS\imsins.log
2015-04-10 16:03 - 2008-12-31 11:23 - 00000178 __SHC () C:\Documents and Settings\LocalService\ntuser.ini
2015-04-10 15:55 - 2008-12-31 12:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\McAfee
2015-04-08 16:13 - 2011-10-21 15:05 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-04-08 15:07 - 2008-12-31 14:05 - 00000000 ___SD () C:\Documents and Settings\Bert Delgado\UserData
2015-04-08 14:47 - 2008-12-31 11:39 - 00000803 _____ () C:\Documents and Settings\Bert Delgado\Start Menu\Programs\Internet Explorer.lnk
2015-04-08 14:47 - 2008-12-31 11:39 - 00000000 ___RD () C:\Documents and Settings\Bert Delgado\Start Menu\Programs\Accessories
2015-04-08 14:46 - 2008-12-31 05:58 - 00000000 ____D () C:\WINDOWS\Help
2015-04-08 14:44 - 2015-02-03 14:19 - 00001355 _____ () C:\WINDOWS\imsins.BAK
2015-04-08 14:44 - 2014-03-25 12:41 - 00000000 ____D () C:\WINDOWS\ie8updates
2015-04-08 14:43 - 2015-02-03 14:26 - 00021426 _____ () C:\WINDOWS\updspapi.log
2015-04-08 14:43 - 2008-12-31 05:58 - 00000000 ____D () C:\WINDOWS\Media
2015-04-08 14:33 - 2003-03-31 08:00 - 00000655 _____ () C:\WINDOWS\win.ini
2015-04-08 14:33 - 2003-03-31 08:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-04-08 14:25 - 2009-01-06 08:27 - 00000000 ____D () C:\WINDOWS\pss
2015-04-08 14:23 - 2008-12-31 06:01 - 03915056 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-04-08 14:18 - 2015-02-03 14:01 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\WinZip
2015-04-08 14:18 - 2011-10-19 13:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\WinZip
2015-04-08 14:06 - 2013-12-18 17:35 - 00000000 ____D () C:\Program Files\iYogi Support Dock
2015-04-01 13:54 - 2015-02-03 13:25 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\AVAST Software
2015-04-01 13:54 - 2015-02-03 13:24 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2015-04-01 13:51 - 2010-01-03 11:30 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\Temp
2015-04-01 13:32 - 2015-02-03 13:03 - 00000000 ____D () C:\Qoobox
2015-04-01 13:32 - 2009-01-05 14:06 - 00000000 ____D () C:\PhSp_CS2_UE_Upg
2015-04-01 13:31 - 2013-02-13 12:27 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\McAfee
2015-04-01 13:31 - 2012-02-22 12:14 - 00000000 ____D () C:\Documents and Settings\UpdatusUser\Application Data\Adobe
2015-04-01 13:31 - 2010-09-03 14:39 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\HP
2015-04-01 13:31 - 2010-02-15 17:23 - 00000000 ____D () C:\Intel
2015-04-01 13:31 - 2009-12-11 13:29 - 00000000 ____D () C:\FW_UP_DW552G
2015-04-01 13:31 - 2009-12-09 22:23 - 00000000 ____D () C:\FW_UP_DW
2015-04-01 13:31 - 2009-01-19 12:10 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Ipswitch
2015-04-01 13:31 - 2008-12-31 11:23 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-04-01 13:30 - 2010-09-03 15:14 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\My Documents\My Scans
2015-04-01 13:30 - 2009-01-26 09:29 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\Nero
2015-04-01 13:30 - 2008-12-31 15:58 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\Thunderbird
2015-04-01 13:30 - 2008-12-31 12:49 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\My Documents\CCWin
2015-04-01 13:29 - 2008-12-31 15:54 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\Mozilla
2015-04-01 13:27 - 2010-01-03 11:30 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\Google
2015-04-01 13:27 - 2009-03-06 10:08 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Desktop\ICONS
2015-04-01 13:27 - 2009-01-01 14:57 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\Ahead
2015-04-01 13:27 - 2008-12-31 18:00 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\Corel
2015-04-01 13:25 - 2011-05-05 19:24 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\PocketWizard
2015-04-01 13:25 - 2011-01-17 21:22 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\X-Rite
2015-04-01 13:25 - 2009-01-06 15:02 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\Sun
2015-04-01 13:25 - 2009-01-02 15:15 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\Skype
2015-04-01 13:25 - 2008-12-31 15:58 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\Thunderbird
2015-04-01 13:24 - 2011-02-25 16:51 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\iYogi Optimize
2015-04-01 13:24 - 2009-06-04 12:30 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\Nero
2015-04-01 13:24 - 2009-05-08 09:51 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\onOne Software
2015-04-01 13:24 - 2009-03-15 14:51 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\HP
2015-04-01 13:24 - 2009-03-15 10:28 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\Image Zone Express
2015-04-01 13:24 - 2009-01-05 12:43 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\Ipswitch
2015-04-01 13:24 - 2009-01-01 15:33 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\Intuit
2015-04-01 13:24 - 2008-12-31 15:54 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\Mozilla
2015-04-01 13:24 - 2008-12-31 14:49 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\Corel
2015-04-01 13:22 - 2010-07-16 19:39 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2015-04-01 13:16 - 2011-11-11 16:59 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\advfn
2015-04-01 13:16 - 2010-06-11 13:04 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\Aura4You
2015-04-01 13:16 - 2010-06-11 12:30 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\Aura YouTube Downloader
2015-04-01 13:16 - 2009-01-11 15:03 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\Backup MyPC
2015-04-01 13:16 - 2008-12-31 13:10 - 00000000 ____D () C:\Documents and Settings\Bert Delgado\Application Data\Adobe
2015-04-01 13:10 - 2008-12-31 11:13 - 00000000 __SHD () C:\Documents and Settings\All Users\DRM
2015-04-01 13:09 - 2009-01-02 15:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2015-04-01 13:08 - 2013-07-10 10:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\iyogi-scc-51DD70F9
2015-04-01 13:08 - 2013-07-10 10:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\iyogi-scc-51DD6C36
2015-04-01 13:08 - 2010-07-16 19:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Motive
2015-04-01 13:08 - 2010-01-28 14:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2015-04-01 13:08 - 2009-01-05 12:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Ipswitch
2015-04-01 13:08 - 2009-01-01 14:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Nero
2015-04-01 13:08 - 2008-12-31 15:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Logishrd
2015-04-01 13:08 - 2008-12-31 14:38 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Macrovision
2015-04-01 13:07 - 2010-03-16 11:59 - 00000000 ____D () C:\ATI
2015-04-01 13:07 - 2009-05-07 14:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\FLEXnet
2015-04-01 13:07 - 2009-01-01 17:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
2015-04-01 13:07 - 2008-12-31 14:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Corel
2015-04-01 13:07 - 2008-12-31 14:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Intuit
2015-04-01 13:05 - 2015-02-03 12:48 - 00000000 ____D () C:\AdwCleaner
==================== Files in the root of some directories =======
2010-09-19 16:14 - 2010-10-13 12:26 - 0000132 ____C () C:\Documents and Settings\Bert Delgado\Application Data\Adobe BMP Format CS5 Prefs
2010-08-24 11:18 - 2010-09-19 17:03 - 0000132 ____C () C:\Documents and Settings\Bert Delgado\Application Data\Adobe GIF Format CS5 Prefs
2010-10-20 20:28 - 2010-10-22 10:40 - 0000132 ____C () C:\Documents and Settings\Bert Delgado\Application Data\Adobe PNG Format CS5 Prefs
2010-10-08 19:15 - 2011-06-02 14:42 - 0001118 ____C () C:\Documents and Settings\Bert Delgado\Application Data\ConvAPIPlugin.log
2009-01-04 12:52 - 2009-01-04 12:52 - 0000085 ____C () C:\Documents and Settings\Bert Delgado\Application Data\default.pls
2009-01-26 09:29 - 2013-12-21 10:51 - 0000180 ____C () C:\Documents and Settings\Bert Delgado\Application Data\default.rss
2009-05-17 11:35 - 2009-05-17 11:35 - 0000000 ____C () C:\Documents and Settings\Bert Delgado\Application Data\downloads.m3u
2015-04-01 13:25 - 2015-04-01 13:25 - 0008572 _____ () C:\Documents and Settings\Bert Delgado\Application Data\HELP_DECRYPT.HTML
2015-04-01 13:25 - 2015-04-01 13:25 - 0045592 _____ () C:\Documents and Settings\Bert Delgado\Application Data\HELP_DECRYPT.PNG
2015-04-01 13:25 - 2015-04-01 13:25 - 0004226 _____ () C:\Documents and Settings\Bert Delgado\Application Data\HELP_DECRYPT.TXT
2015-04-01 13:25 - 2015-04-01 13:25 - 0000276 _____ () C:\Documents and Settings\Bert Delgado\Application Data\HELP_DECRYPT.URL
2009-07-26 09:13 - 2009-07-26 09:13 - 0000000 ____C () C:\Documents and Settings\Bert Delgado\Application Data\IVOPEN.$$$
2009-01-01 12:05 - 2009-01-01 12:05 - 0012358 ____C () C:\Documents and Settings\Bert Delgado\Application Data\PFP120JCM.{PB
2009-01-01 12:05 - 2009-01-01 12:05 - 0061678 ____C () C:\Documents and Settings\Bert Delgado\Application Data\PFP120JPR.{PB
2014-09-29 11:50 - 2014-09-29 11:50 - 0000043 _____ () C:\Documents and Settings\Bert Delgado\Application Data\WB.CFG
2015-04-08 15:07 - 2015-04-08 15:07 - 0023040 _____ () C:\Documents and Settings\Bert Delgado\Application Data\~uTorrentPartFile_4985C65.dat
2015-04-10 15:56 - 2015-04-10 15:56 - 0000480 ____H () C:\Documents and Settings\Bert Delgado\Application Data\麽鎒駓覜
2015-04-01 11:45 - 2015-04-01 11:45 - 0000032 _____ () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\bnjrqrcrev.png
2015-04-01 11:45 - 2015-04-01 11:45 - 0408600 _____ () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\cvzhqkiqij.dat
2009-11-06 15:55 - 2014-09-29 11:42 - 0108544 ____C () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-11-05 16:28 - 2009-11-05 16:28 - 0000135 ____C () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\fusioncache.dat
2015-04-01 13:30 - 2015-04-01 13:30 - 0008572 _____ () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\HELP_DECRYPT.HTML
2015-04-01 13:30 - 2015-04-01 13:30 - 0045592 _____ () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\HELP_DECRYPT.PNG
2015-04-01 13:30 - 2015-04-01 13:30 - 0004226 _____ () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\HELP_DECRYPT.TXT
2015-04-01 13:30 - 2015-04-01 13:30 - 0000276 _____ () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\HELP_DECRYPT.URL
2015-04-01 11:47 - 2015-04-01 11:47 - 0000000 _____ () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\osuxguttxq.png
2008-02-05 14:28 - 2008-02-05 14:28 - 0000336 ____N () C:\Documents and Settings\Bert Delgado\Local Settings\Application Data\setup.txt
2014-01-17 10:07 - 2014-04-19 09:38 - 0000000 ____C () C:\Documents and Settings\All Users\Drwtsn32.log~~Drwtsn32.log~~.txt
2015-04-01 13:10 - 2015-04-01 13:10 - 0008572 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.HTML
2015-04-01 13:10 - 2015-04-01 13:10 - 0045592 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.PNG
2015-04-01 13:10 - 2015-04-01 13:10 - 0004226 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.TXT
2015-04-01 13:10 - 2015-04-01 13:10 - 0000276 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.URL
Files to move or delete:
====================
C:\Documents and Settings\Bert Delgado\Application DatadMb.dat
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
ADDITION.txt
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-04-2015 01
Ran by Bert Delgado at 2015-04-28 12:56:36
Running from C:\Documents and Settings\Bert Delgado\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2052111302-1844823847-839522115-500 - Administrator - Enabled)
ASPNET (S-1-5-21-2052111302-1844823847-839522115-1005 - Limited - Enabled)
Bert Delgado (S-1-5-21-2052111302-1844823847-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Bert Delgado
Guest (S-1-5-21-2052111302-1844823847-839522115-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-2052111302-1844823847-839522115-1000 - Limited - Disabled)
McAfeeMVSUser (S-1-5-21-2052111302-1844823847-839522115-1004 - Limited - Enabled)
SUPPORT_388945a0 (S-1-5-21-2052111302-1844823847-839522115-1002 - Limited - Disabled)
UpdatusUser (S-1-5-21-2052111302-1844823847-839522115-1008 - Limited - Enabled) => %SystemDrive%\Documents and Settings\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 8.1.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader 9.3.3 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.3 - Adobe Systems Incorporated)
AnyDVD (HKLM\...\AnyDVD) (Version: 7.5.9.0 - SlySoft)
Apple Application Support (HKLM\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{1829AFBC-19F5-B1FE-73B1-30FF9DA49062}) (Version: 3.0.786.0 - ATI Technologies, Inc.)
ATT-RC Self Support Tool (HKLM\...\ATT-RC) (Version: - )
Bonjour (HKLM\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
CloneCD (HKLM\...\CloneCD) (Version: - SlySoft)
CloneDVD2 (HKLM\...\CloneDVD2) (Version: 2.9.3.0 - Elaborate Bytes)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DDC Driver 1.5 (HKLM\...\DDC Driver_is1) (Version: - )
Defraggler (HKLM\...\Defraggler) (Version: 2.07 - Piriform)
Diamond Drivers 6.3 XP Installation (HKLM\...\{F29242D3-F00D-4A32-904D-5C7F191B766E}) (Version: 6.30.0000 - Diamond Multimedia)
DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version: - )
Freemake Video Converter version 4.1.4 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HP Officejet 6700 Basic Device Software (HKLM\...\{6B7C73A0-07C7-4C06-A13C-48108D39CF03}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet 6700 Help (HKLM\...\{50DA41E2-0701-43E2-A8BB-FAA0CB64B28B}) (Version: 140.0.2.2 - Hewlett Packard)
hp print screen utility (HKLM\...\hp print screen utility) (Version: - )
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (Version: 140.0.213.000 - Hewlett-Packard) Hidden
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.20001.0 - IDT)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
InstallIQ Updater (HKLM\...\{294A2E0E-3A0B-4D1F-8282-11DEF2040227}) (Version: 1.4.2.0 - W3i, LLC)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - )
Intel(R) Network Connections 14.8.43.0 (HKLM\...\{11107A2A-AD44-4BC8-ABB5-E88E63BCA785}) (Version: 14.8.43.0 - Intel)
Intellihance Pro 4.0 (HKLM\...\{32C7FDDF-8D18-4B29-B81A-CDA512093274}) (Version: 4.0 - onOne Software)
Ipswitch WS_FTP Professional 2007 (HKLM\...\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}) (Version: 11.0.0.0 - Ipswitch)
iSEEK AnswerWorks English Runtime (HKLM\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Logitech Vid (HKLM\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Macromedia Flash Player (HKLM\...\{0456ebd7-5f67-4ab6-852e-63781e3f389c}) (Version: 7.0.19.0 - Macromedia, Inc.)
McAfee Browser Protection Service (HKLM\...\McAfeeBrowserProtection) (Version: 5.2.1.114 - McAfee, Inc.) <==== ATTENTION
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30730 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30730 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 22.0 - Mozilla)
MSVCSetup (Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB925673) (HKLM\...\{FE9126DB-5F84-495A-BB46-3C724F1C2D08}) (Version: 6.00.3888.0 - Microsoft Corporation)
Nero 9 (HKLM\...\{c600e295-bd29-48f7-8656-36659fef96a5}) (Version: - Nero AG)
NetZero For Riverdeep (HKLM\...\{B09603CB-1737-48A6-8A53-F7B043CFCF40}) (Version: 1.0.2 - NetZero, Inc.)
Nmap 5.51 (HKLM\...\Nmap) (Version: - )
Nuance PDF Create! 5 (HKLM\...\{851DE017-C00B-4A50-B413-4C05740AF56E}) (Version: 5.20.3200 - Nuance Communications, Inc)
NVIDIA Graphics Driver 295.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 295.73 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.12.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.12.0 - NVIDIA Corporation)
NVIDIA nView 136.18 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.18 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0209 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0209 - NVIDIA Corporation)
NVIDIA Update 1.7.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.7.11 - NVIDIA Corporation)
PCI SoftV92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: - )
QBIDPServiceInstall (HKLM\...\{C639494E-FAF1-47FB-9EB3-AA296040F456}) (Version: 1.23.4003 - Intuit, Inc.)
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Remote Control USB Driver (HKLM\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
Scansoft PDF Create (Version: - ) Hidden
SDK (Version: 1.40.002 - Portrait Displays, Inc.) Hidden
ShareIns (Version: 1.00.0000 - Hewlett-Packard) Hidden
Smart FLV Converter Pro 3.3.2.46 (HKLM\...\Smart FLV Converter Pro_is1) (Version: 3.3.2.46 - SmartSoft, Ltd.)
Sorenson Squeeze 4.3 (Version: 4.3.1 - Sorenson Media) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version: - )
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
UninstallDeviceDll 1.1 (HKLM\...\UninstallDeviceDll_is1) (Version: - X-Rite)
update (Version: 2.00.0000 - Your Company Name) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
Window Washer (HKLM\...\Window Washer) (Version: - )
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E6}) (Version: 19.0.11294 - WinZip Computing, S.L. )
WordPerfect Office X5 SDK (HKLM\...\{F90E8ACF-2DCD-48CD-BEDE-278390E16B49}) (Version: 15.0.0.410 - Corel Corporation)
XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden
Xvid 1.1.3 final uninstall (HKLM\...\Xvid_is1) (Version: 1.1 - Xvid team (Koepi))
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{0DA49AC1-FBD9-4F26-89C4-42074DE9F500}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{12630C47-7373-4463-8C38-EF1F45D08BB8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{149EE4A0-EE69-11D2-AC32-006008E3F0A2}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{149EE4A0-EE69-11D2-AC32-006008E3F0A2}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{149EE4A1-EE69-11D2-AC32-006008E3F0A2}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{149EE4A1-EE69-11D2-AC32-006008E3F0A2}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{164A4365-064D-494D-92C8-9303A5080157}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{188047CE-0F0A-11D7-8331-00C04FA03755}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{1C43DF3D-E1C6-473E-9627-D7638EF63690}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{1D67C047-F016-11D6-831E-00C04FA03755}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{1E8640C7-545F-4E6A-83F4-D92706C99E00}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{209DAEB8-0F02-11D7-8331-00C04FA03755}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{227B4731-1051-4FF3-969F-94A8644D1863}\InprocServer32 -> C:\Documents and Settings\All Users\Application Data\{DAAC48D9-7CDE-44F3-8A98-4C1BDFAACBA7}\xrWCtmg2 (the data entry has 12 more characters).
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{28B8F788-271C-4618-9F55-4B1B40E6DF16}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{28DC33AE-D0A8-40A7-A9EA-5F6598207496}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{2CE29E35-35AA-455F-894F-F70BE74DB639}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{2E0C66AC-5A87-4AFF-AC9F-93B33D43E4ED}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{3597288E-FF31-49C2-A58A-EA88F3CEDD42}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{3B33746E-C60D-4213-9438-B36424338150}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{3B52D512-935F-11D6-82D4-00C04FA03755}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{3E1A2BBD-5707-4646-B268-518B997DC94D}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{4054F903-7C40-43D0-8ACE-3F5D73A9890C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{43F73EA1-92AE-11D6-82D3-00C04FA03755}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{49EB4C90-AE3D-4846-A719-F775FFEE600A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{57B98049-D96F-471B-942B-6B05CB2CFE0A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{5AA15E20-EE68-11D2-AC32-006008E3F0A2}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{61B7A221-D11F-4702-B5C0-79C492A726B9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{6357BCA7-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{6357BCBC-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{6600B26A-CCCE-4EF9-870E-DAB97E489CDF}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{660AF3D0-0EC6-4285-8447-B286B724687B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{75C8163F-59DF-4C9D-BC00-D0419B2CED5B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{763F9014-A89C-11D6-82E7-00C04FA03755}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{78547CB6-2D08-47F4-A1EB-AF576A33E433}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{7D11ED93-A77D-41FA-8EA5-5B39BC29E7F9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{7DEBC7E0-FA1F-11D2-AC32-006008E3F0A2}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{7DEBC7E4-FA1F-11D2-AC32-006008E3F0A2}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{7DEBC7E6-FA1F-11D2-AC32-006008E3F0A2}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{7DEBC7E7-FA1F-11D2-AC32-006008E3F0A2}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{7DEBC7E9-FA1F-11D2-AC32-006008E3F0A2}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{80C297AB-A0CB-4CE4-A5F1-36EB810BE047}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{887A7C26-B4AF-4F22-BE5E-20C00D340C74}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{92DA540D-FCC0-442C-8F82-7F6C1DBD66C8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{A0C20550-9476-407C-BFB0-3C84C2639AE6}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{A13FAF1A-6069-40A4-AD5F-110EFA282490}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{A1EED615-F007-4D40-9C06-A3CCD3CB68E1}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{A4C43001-108F-48E8-B2FF-F174977EDF03}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{A50DA40C-59F7-40A6-B2D1-748493584E9C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{A545EB9B-B12D-4BA6-8110-1D61A3566A93}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{A61F01A5-CD25-4780-A3B9-041172CD6450}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{AB40E4E0-0F0C-11D7-8331-00C04FA03755}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{AD74B184-E73A-4565-A38C-1329A29C7260}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{AF04C884-2C5F-430F-97ED-6E127F47046C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{AF478991-F6B0-40E8-856B-E80BE0677AFC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{B2565128-0F22-11D7-8331-00C04FA03755}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{B2F7AF3C-0CA7-4EAE-BBBF-A748FBC500DD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{B416D295-53BA-4E16-8D54-B80281643A8A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{B53B7736-61FA-4EF3-8989-B83C80979D89}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{B9BF9DA9-1746-4C14-B53C-1826F81EAE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{BD73860F-5142-44C9-B7C4-26CD2AB55477}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{BE1B5231-A3E2-11D6-82E3-00C04FA03755}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{BE1B5233-A3E2-11D6-82E3-00C04FA03755}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{BE1B5235-A3E2-11D6-82E3-00C04FA03755}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{C0010C26-F44B-4BE2-9D65-04D3934C5E46}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{C11BCF07-4F91-4748-956E-2B4FFC9401C5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{C2775C61-2C1C-4D50-A5E6-4814620116CD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{C3DB9DF7-64EC-46EC-86C4-27668ABA9777}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{D75FA101-6942-47DF-88DF-353F30D35682}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{D79AC66C-BDB2-4028-B79A-F1465F8FBB56}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{DCDA65F9-134B-4333-BCA0-809306CB2F55}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{DD7731C5-1E16-4087-A57F-FEDCFBD8EB2B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{DEF0B543-775C-4963-A116-DF304EE2C4DA}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{DFD4C164-AE18-11D6-82EC-00C04FA03755}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{E5A0FEE6-087B-4E48-BE06-5E1A1EF5E116}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{E851CFC8-5724-406D-9B36-11A44E72EA11}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{EE469827-4ED9-443B-9FB0-EFA81FEA6646}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{F0905939-16C0-4D2E-8F4F-73A4BEDEBE73}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{F1523FBD-0E09-4E8F-A952-B053B118FAAE}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{F21AC7C7-D6F5-11D6-8306-00C04FA03755}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2052111302-1844823847-839522115-1003_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> No File Path
==================== Restore Points =========================
03-02-2015 13:04:04 ComboFix created restore point
03-02-2015 13:24:57 avast! antivirus system restore point
03-02-2015 14:02:18 Software Distribution Service 3.0
03-02-2015 14:18:48 Software Distribution Service 3.0
03-02-2015 17:17:12 Software Distribution Service 3.0
03-02-2015 17:51:01 Software Distribution Service 3.0
06-02-2015 16:18:16 System Checkpoint
18-03-2015 10:30:56 System Checkpoint
19-03-2015 14:22:51 System Checkpoint
30-03-2015 11:15:47 System Checkpoint
01-04-2015 13:49:05 avast! antivirus system restore point
10-04-2015 16:16:39 Installed Windows XP Wdf01009.
11-04-2015 10:41:12 Removed HP Update.
13-04-2015 12:22:07 System Checkpoint
15-04-2015 08:43:54 System Checkpoint
20-04-2015 11:51:47 Revo Uninstaller Pro's restore point - Bitdefender Total Security 2015
20-04-2015 11:59:05 Revo Uninstaller Pro's restore point - 60-Second Virus Scanner
20-04-2015 12:02:54 Revo Uninstaller Pro's restore point - 60-Second Virus Scanner
26-04-2015 11:39:08 System Checkpoint
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2003-03-31 08:00 - 2015-04-08 14:01 - 00001512 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
212.83.162.102 www.google-analytics.com (http://www.google-analytics.com).
212.83.162.102 google-analytics.com.
212.83.162.102 connect.facebook.net.
162.247.13.78 www.google-analytics.com (http://www.google-analytics.com).
162.247.13.78 google-analytics.com.
162.247.13.78 connect.facebook.net.
89.163.213.174 www.google-analytics.com (http://www.google-analytics.com).
89.163.213.174 google-analytics.com.
89.163.213.174 connect.facebook.net.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2009-01-05 12:57 - 2006-06-22 14:38 - 00311296 ____N () C:\Program Files\Ipswitch\WS_FTP Professional\ipspgp.dll
2009-01-05 12:57 - 2006-06-22 14:37 - 00163840 ____N () C:\Program Files\Ipswitch\WS_FTP Professional\wsftplib.dll
2009-01-05 12:57 - 2006-06-22 14:38 - 00073728 ____N () C:\Program Files\Ipswitch\WS_FTP Professional\wsfirscr.dll
2009-01-05 12:57 - 2006-06-22 14:39 - 00049152 ____N () C:\Program Files\Ipswitch\WS_FTP Professional\wshosts.dll
2015-04-20 12:27 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-04-20 12:27 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-04-20 12:27 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2003-03-31 08:00 - 2008-04-14 06:42 - 00386048 ____N () C:\WINDOWS\System32\qdvd.dll
2011-11-12 10:47 - 2007-11-26 15:47 - 00038216 _____ () C:\Program Files\Webroot\Washer\Languages\English.dll
2007-06-05 14:20 - 2007-06-05 14:20 - 00177704 ____N () C:\WINDOWS\system32\PSIService.exe
2015-04-20 12:27 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-04-20 12:27 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-07-31 11:39 - 2015-02-03 13:49 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:FED912DB
AlternateDataStreams: C:\Documents and Settings\Bert Delgado\Local Settings:init
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com (http://www.008k.com)
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com (http://www.00hq.com)
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com (http://www.0scan.com)
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com (http://www.1-2005-search.com)
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com (http://www.1-domains-registrations.com)
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com (http://www.1000gratisproben.com)
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com (http://www.1001namen.com)
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com (http://www.100sexlinks.com)
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com (http://www.10sek.com)
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info (http://www.123fporn.info)
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com (http://www.123haustiereundmehr.com)
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com (http://www.123moviedownload.com)
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com (http://www.123simsen.com)
There are 7866 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2052111302-1844823847-839522115-1003\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-2052111302-1844823847-839522115-1008\Control Panel\Desktop\\Wallpaper -> (None)
DNS Servers: 8.8.8.8
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ColorMunki Gamma.lnk => C:\WINDOWS\pss\ColorMunki Gamma.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ColorMunkiPhotoTray.exe.lnk => C:\WINDOWS\pss\ColorMunkiPhotoTray.exe.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk => C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logo Calibration Loader.lnk => C:\WINDOWS\pss\Logo Calibration Loader.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PKZIP Attachments Status.lnk => C:\WINDOWS\pss\PKZIP Attachments Status.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ProfileReminder.lnk => C:\WINDOWS\pss\ProfileReminder.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\WINDOWS\pss\QuickBooks_Standard_21.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk => C:\WINDOWS\pss\Windows Search.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Bert Delgado^Start Menu^Programs^Startup^HELP_DECRYPT.HTML => C:\WINDOWS\pss\HELP_DECRYPT.HTMLStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Bert Delgado^Start Menu^Programs^Startup^HELP_DECRYPT.PNG => C:\WINDOWS\pss\HELP_DECRYPT.PNGStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Bert Delgado^Start Menu^Programs^Startup^HELP_DECRYPT.TXT => C:\WINDOWS\pss\HELP_DECRYPT.TXTStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Bert Delgado^Start Menu^Programs^Startup^HELP_DECRYPT.URL => C:\WINDOWS\pss\HELP_DECRYPT.URLStartup
MSCONFIG\startupreg: Adobe ARM => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSCONFIG\startupreg: Adobe Reader Speed Launcher => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
MSCONFIG\startupreg: AnyDVD => C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: CloneCDTray => "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: igfxpers => C:\WINDOWS\system32\igfxpers.exe
MSCONFIG\startupreg: igfxtray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: Logitech Vid => "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: MVS Splash => C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
MSCONFIG\startupreg: PDF5 Registry Controller => C:\Program Files\Nuance\PDF Create 5\RegistryController.exe
MSCONFIG\startupreg: PDFHook => C:\Program Files\Nuance\PDF Create 5\pdfcreate5hook.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: SDTray =>
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: Startup Manager => C:\Program Files\iYogi SupportDock\Optimize\startupmanager.exe
MSCONFIG\startupreg: SunJavaUpdateSched => C:\Program Files\Common Files\Java\Java Update\jusched.exe
MSCONFIG\startupreg: SysTrayApp => %ProgramFiles%\IDT\WDM\sttray.exe
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\BERTDE~1\LOCALS~1\temp\radBB622.tmp.exe] => Enabled:radBB622.tmp
StandardProfile\AuthorizedApplications: [C:\DOCUME~1\BERTDE~1\LOCALS~1\temp\rad14CAA.tmp.exe] => Enabled:rad14CAA.tmp
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\rundll32.exe] => Enabled:rundll32
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/28/2015 00:25:30 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
Error: (04/28/2015 00:25:30 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
Error: (04/28/2015 00:25:30 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
Error: (04/28/2015 00:25:30 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
Error: (04/27/2015 00:27:00 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
Error: (04/27/2015 00:27:00 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
Error: (04/27/2015 00:27:00 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
Error: (04/27/2015 00:27:00 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
Error: (04/26/2015 00:41:17 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
Error: (04/26/2015 00:41:17 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
System errors:
=============
Error: (04/28/2015 00:26:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053
Error: (04/28/2015 00:26:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
Error: (04/28/2015 00:26:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Quiknowledge Client Service service failed to start due to the following error:
%%3
Error: (04/28/2015 00:26:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Bitdefender 60-Second Virus Scanner Service service failed to start due to the following error:
%%2
Error: (04/28/2015 00:26:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Java Quick Starter service failed to start due to the following error:
%%2
Error: (04/28/2015 00:26:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Bomgar Support Customer Client [1232383495] service failed to start due to the following error:
%%3
Error: (04/28/2015 00:26:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The adfs service failed to start due to the following error:
%%2
Error: (04/27/2015 00:27:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053
Error: (04/27/2015 00:27:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
Error: (04/27/2015 00:27:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Quiknowledge Client Service service failed to start due to the following error:
%%3
Microsoft Office Sessions:
=========================
Error: (05/11/2010 11:52:43 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.6504.500012.0.6425.1000130
Error: (02/11/2009 10:20:55 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 0Microsoft Office Word12.0.4518.101412.0.4518.10147160
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
Percentage of memory in use: 31%
Total physical RAM: 3325.63 MB
Available physical RAM: 2267.76 MB
Total Pagefile: 5209.38 MB
Available Pagefile: 4265.81 MB
Total Virtual: 2047.88 MB
Available Virtual: 1933.52 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:100.76 GB) (Free:76.42 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:99.6 GB) (Free:99.37 GB) NTFS
Drive e: () (Fixed) (Total:97.73 GB) (Free:97.62 GB) NTFS
==================== MBR & Partition Table ==================
=================================================
=======
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: D591D591)
Partition 1: (Active) - (Size=100.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=197.3 GB) - (Type=05)
==================== End Of Log ============================
I do not believe that the computer had any malware prevention.