Results 1 to 9 of 9

Thread: PC hijacked

  1. #1
    Senior Member
    Join Date
    Jun 2008
    Posts
    101

    Unhappy PC hijacked

    Hi guys:
    I had to uninstall and reinstall my browser because it was opening too slow. I believe it was hijacked by malware.
    I use FIREFOX when going to the web. Here are my logs:
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-11-2014
    Ran by Dad (administrator) on YOUR-4DACD0EA75 on 18-11-2014 19:47:24
    Running from C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Downloads
    Loaded Profiles: MOM & Dad & UpdatusUser (Available profiles: Compaq_Administrator & MOM & lexie & Dad & UpdatusUser & Administrator)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 8
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    (Affinegy, Inc.) C:\Program Files\Time Warner Cable\TWC WiFi\AffinegyService.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Microsoft) C:\WINDOWS\arservice.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
    (Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
    (AVAYA Communication) C:\Program Files\Avaya\Avaya one-X Communicator\QosServM.exe
    (SiSoftware) C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\RpcAgentSrv.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Microsoft Corporation) C:\WINDOWS\system32\snmp.exe
    (InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    (RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
    (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
    (Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Recguard] => C:\WINDOWS\SMINST\RECGUARD.EXE [237568 2005-07-22] ()
    HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-28] (InstallShield Software Corporation)
    HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-07-28] (InstallShield Software Corporation)
    HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [202256 2010-05-31] (RealNetworks, Inc.)
    HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20065384 2011-12-05] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
    HKLM\...\Run: [DigiDo] => C:\Program Files\Time Warner Cable\TWC WiFi\TrayApp.exe [1158480 2013-02-27] (Affinegy, Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
    HKLM\...\Run: [DelaypluginInstall] => C:\Documents and Settings\All Users\Application Data\Wondershare\Video Converter Ultimate\DelayPluginI.exe
    HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
    HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjgwMTEyNTY3LVQxMy1VODUrMS1CQSsxLVhMKzEtRlA5KzYtVEI5KzItRkwrO (the data entry has 93 more characters).
    Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
    HKLM\...\Policies\Explorer: [NoCDBurning] 0
    HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\...\Run: [Media Finder] => "C:\Program Files\Media Finder\MF.exe" /opentotray
    HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\...\MountPoints2: D - D:\LaunchU3.exe -a
    HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\...\MountPoints2: {3b84fb0d-04c3-11dd-90a4-0018f341744e} - D:\LaunchU3.exe -a
    HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\...\MountPoints2: {3b84fb0e-04c3-11dd-90a4-0018f341744e} - H:\setupSNK.exe
    HKU\S-1-5-21-2250449246-3165194149-3948157566-1016\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
    HKU\S-1-5-21-2250449246-3165194149-3948157566-1016\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4825880 2014-10-23] (Piriform Ltd)
    HKU\S-1-5-21-2250449246-3165194149-3948157566-1017\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
    Startup: C:\Documents and Settings\DAD\Start Menu\Programs\Startup\Adobe Gamma.lnk
    ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (No File)
    Startup: C:\Documents and Settings\DAD\Start Menu\Programs\Startup\PinMcLnk.lnk
    ShortcutTarget: PinMcLnk.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
    Startup: C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
    Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk
    ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
    Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk
    ShortcutTarget: PinMcLnk.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
    Startup: C:\Documents and Settings\lexie\Start Menu\Programs\Startup\PinMcLnk.lnk
    ShortcutTarget: PinMcLnk.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
    Startup: C:\Documents and Settings\MOM\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3510 series.lnk
    ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3510 series.lnk -> C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
    Startup: C:\Documents and Settings\MOM\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
    Startup: C:\Documents and Settings\MOM\Start Menu\Programs\Startup\PinMcLnk.lnk
    ShortcutTarget: PinMcLnk.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
    Startup: C:\Documents and Settings\UpdatusUser\Start Menu\Programs\Startup\Pin.lnk
    ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
    Startup: C:\Documents and Settings\UpdatusUser\Start Menu\Programs\Startup\PinMcLnk.lnk
    ShortcutTarget: PinMcLnk.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
    BootExecute: autocheck autochk * sdnclean.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir...=ie&ar=msnhome
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
    HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
    HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
    HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
    HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
    HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
    HKU\S-1-5-21-2250449246-3165194149-3948157566-1016\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
    HKU\S-1-5-21-2250449246-3165194149-3948157566-1016\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKU\S-1-5-21-2250449246-3165194149-3948157566-1016\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
    HKU\S-1-5-21-2250449246-3165194149-3948157566-1016\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    HKU\S-1-5-21-2250449246-3165194149-3948157566-1016\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF6E8DB774803D001
    HKU\S-1-5-21-2250449246-3165194149-3948157566-1016\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    HKU\S-1-5-21-2250449246-3165194149-3948157566-1017\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
    HKU\S-1-5-21-2250449246-3165194149-3948157566-1017\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
    HKU\S-1-5-21-2250449246-3165194149-3948157566-1017\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
    HKU\S-1-5-21-2250449246-3165194149-3948157566-1017\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
    HKU\S-1-5-21-2250449246-3165194149-3948157566-1017\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.google.com" <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKLM -> DefaultScope value is missing.
    SearchScopes: HKU\.DEFAULT -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={4798F553-7C93-4DCC-BBC6-D3B781E18F93}&mid=5ce3a7b7122419458ab8edb14ebe45e0-20956b97e42a87a2206895cb73fb0ddfe8cc8e67&lang=en&ds=oc011&pr=sa&d=2013-05-04 22:49:17&v=15.4.0.5&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2250449246-3165194149-3948157566-1009 -> {997E830F-B711-4BBB-BE50-C5BC9B3FE989} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016 -> {47130832-F17F-4B95-A626-D153584228DC} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016 -> {9B97950D-482C-1D79-568F-FC7B9D40C785} URL = http://www.bing.com/search?q={searchTerms}&pc=Z192&form=ZGAIDF&install_date=20111126&iesrc={referrer:source}
    BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: hpWebHelper Class -> {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} -> C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (Hewlett-Packard)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    Toolbar: HKU\S-1-5-21-2250449246-3165194149-3948157566-1009 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/pr.../ieawsdc32.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab
    DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.com/wizmodules/tes...enXInstall.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab
    DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.com/books/_Players...stallAsst2.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.com/books/_Players/MathPlayer.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=928
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
    Handler: WSWSVCUchrome - No CLSID Value -
    Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\01d9hu9p.default-1403971675187
    FF Homepage: https://www.google.com/?gws_rd=ssl
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @real.com/nppl3260;version=6.0.12.732 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprjplug;version=1.0.3.732 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprphtml5videoshim;version=1.0.0.0 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpjplug;version=6.0.12.732 -> c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2250449246-3165194149-3948157566-1016: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
    FF Extension: LavaFox V2-Blue - C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\01d9hu9p.default-1403971675187\Extensions\djziggy@gmail.com [2014-11-16]
    FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-11-10]
    FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-11-10]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-12]
    FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010-05-31]

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [aacbndibbcpajfgnkdkaakeiojmmgmnk] - C:\Documents and Settings\MOM\Application Data\Media Finder\Extensions\mf_plugin_gc.crx []
    CHR HKLM\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files\Coupons.com CouponBar\chrome\Coupons.com.crx []
    CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2010-05-31]
    CHR HKLM\...\Chrome\Extension: [jpihmmhdcobmllpcnpfbhnipmhamldje] - C:\Documents and Settings\MOM\Application Data\Media Finder\Extensions\gencrawler_gc.crx [2010-05-31]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
    R2 AffinegyService; C:\Program Files\Time Warner Cable\TWC WiFi\AffinegyService.exe [592720 2013-02-27] (Affinegy, Inc.)
    R2 ARSVC; C:\WINDOWS\arservice.exe [58880 2005-08-03] (Microsoft)
    S4 GameConsoleService; C:\Program Files\WildTangent\Apps\My HP Game Console\GameConsoleService.exe [238328 2009-11-13] (WildTangent, Inc.)
    R2 iClarityQoSService; C:\Program Files\Avaya\Avaya one-X Communicator\QosServM.exe [233472 2009-03-12] (AVAYA Communication) [File not signed]
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    S4 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [49152 2006-06-21] (Hewlett-Packard Company) [File not signed]
    S4 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
    S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
    S3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [114288 2014-11-13] (Mozilla Foundation) [File not signed]
    R2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2253120 2011-10-07] (NVIDIA Corporation)
    R2 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\RpcAgentSrv.exe [98488 2008-04-10] (SiSoftware)
    R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    S4 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation) [File not signed]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AFGSp50; C:\WINDOWS\System32\Drivers\AFGSp50.sys [27072 2010-06-22] (Printing Communications Assoc., Inc. (PCAUSA))
    S1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36352 2005-03-09] (Advanced Micro Devices) [File not signed]
    S3 aracpi; C:\WINDOWS\System32\DRIVERS\aracpi.sys [22784 2005-08-03] (Microsoft Corporation)
    R3 arhidfltr; C:\WINDOWS\System32\DRIVERS\arhidfltr.sys [19200 2005-08-03] (Microsoft Corporation)
    R3 arkbcfltr; C:\WINDOWS\System32\DRIVERS\arkbcfltr.sys [5376 2005-08-03] (Microsoft Corporation)
    R3 armoucfltr; C:\WINDOWS\System32\DRIVERS\armoucfltr.sys [4992 2005-08-03] (Microsoft Corporation)
    R3 ARPolicy; C:\WINDOWS\System32\DRIVERS\arpolicy.sys [10112 2005-08-03] (Microsoft Corporation)
    R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-08-15] (AVG Technologies)
    R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2008-02-27] () [File not signed]
    S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
    S3 GTNDIS5; C:\WINDOWS\system32\GTNDIS5.SYS [15872 2003-09-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    R3 HSXHWBS2; C:\WINDOWS\System32\DRIVERS\HSXHWBS2.sys [241664 2005-12-06] (Conexant Systems, Inc.) [File not signed]
    R3 HSX_DP; C:\WINDOWS\System32\DRIVERS\HSX_DP.sys [936448 2005-12-06] (Conexant Systems, Inc.) [File not signed]
    S3 LCcfltr; C:\WINDOWS\System32\Drivers\LCcFltr.Sys [14095 2004-03-03] (Logitech, Inc.) [File not signed]
    R2 mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [12544 2005-10-05] (Conexant) [File not signed]
    S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
    S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
    R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [70912 2010-03-04] (NVIDIA Corporation)
    R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [168040 2010-04-09] (NVIDIA Corporation)
    R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13824 2010-03-04] (NVIDIA Corporation)
    S3 PalmUSBD; C:\WINDOWS\System32\drivers\PalmUSBD.sys [16694 2009-02-02] (PalmSource, Inc.)
    R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.) [File not signed]
    R3 RT61; C:\WINDOWS\System32\DRIVERS\RT61.sys [356096 2005-10-27] (Ralink Technology Inc.)
    S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
    S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2a\WNt500x86\Sandra.sys [21408 2008-03-10] (SiSoftware)
    R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [14776 2013-05-22] ()
    S3 swmidi; C:\WINDOWS\System32\drivers\swmidi.sys [54272 2001-08-17] (Microsoft Corporation) [File not signed]
    R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
    R3 winachsx; C:\WINDOWS\System32\DRIVERS\HSX_CNXT.sys [670208 2005-12-06] (Conexant Systems, Inc.) [File not signed]
    S3 AFGMp50; System32\Drivers\AFGMp50.sys [X]
    R4 AVGIDSDriverl; system32\DRIVERS\avgidsdriverlx.sys [X]
    R4 AVGIDSHX; system32\DRIVERS\avgidshx.sys [X]
    R4 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [X]
    R4 Avgrkx86; system32\DRIVERS\avgrkx86.sys [X]
    R4 Avgtdix; system32\DRIVERS\avgtdix.sys [X]
    S3 cpuz134; \??\C:\DOCUME~1\DAD~1.YOU\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
    S3 DCamUSBVeo532; System32\Drivers\ubVeo532.sys [X]
    S0 ftsata2; system32\DRIVERS\ftsata2.sys [X]
    S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
    U1 WS2IFSL; No ImagePath

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-18 19:45 - 2014-11-18 19:47 - 00000000 ____D () C:\FRST
    2014-11-18 19:42 - 2014-11-18 19:42 - 00000000 ____D () C:\RegBackup
    2014-11-18 19:41 - 2014-11-18 19:41 - 01346048 _____ (Indigo Rose Corporation) C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\uninstall.exe
    2014-11-18 19:41 - 2014-11-18 19:41 - 00325960 _____ () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\lua5.1.dll
    2014-11-18 19:41 - 2014-11-18 19:41 - 00001535 _____ () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\Tweaking.com - Registry Backup.lnk
    2014-11-18 19:41 - 2014-11-18 19:41 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Start Menu\Programs\Tweaking.com
    2014-11-18 19:41 - 2014-11-18 19:41 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\Uninstall
    2014-11-18 19:41 - 2014-11-18 19:41 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\files
    2014-11-18 19:41 - 2014-11-18 19:41 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\color_presets
    2014-11-18 17:33 - 2014-11-18 17:33 - 00000738 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
    2014-11-18 17:33 - 2014-11-18 17:33 - 00000732 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    2014-11-18 17:33 - 2014-11-18 17:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2014-11-18 17:18 - 2014-11-18 17:18 - 00000000 ____D () C:\WINDOWS\LastGood
    2014-11-18 16:23 - 2014-11-18 19:42 - 00003982 _____ () C:\WINDOWS\setupapi.log
    2014-11-18 09:51 - 2014-11-18 09:51 - 00000000 ____D () C:\Documents and Settings\MOM\Application Data\AVG2015
    2014-11-18 09:50 - 2014-11-18 09:50 - 00000000 ____D () C:\Documents and Settings\MOM\Local Settings\Application Data\Avg2015
    2014-11-15 10:21 - 2014-11-15 10:21 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\AVG2015
    2014-11-15 10:05 - 2014-11-18 17:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2015
    2014-11-15 10:05 - 2014-11-15 10:05 - 00000000 ____D () C:\Documents and Settings\lexie\Local Settings\Application Data\Avg
    2014-11-15 10:05 - 2014-11-15 10:05 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Avg
    2014-11-15 10:05 - 2014-11-15 10:05 - 00000000 ____D () C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Avg
    2014-11-15 10:00 - 2014-11-18 17:23 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Avg2015
    2014-11-15 01:15 - 2014-11-18 17:02 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d000a3e50162dd.job
    2014-11-10 22:01 - 2014-11-18 17:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2014-11-07 09:46 - 2014-11-18 17:02 - 00000632 _____ () C:\WINDOWS\Tasks\AVG_SYS_TASK_1114av_RUN.job
    2014-11-07 09:46 - 2014-11-07 09:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Avg_Update_1114av
    2014-11-04 10:21 - 2014-11-04 10:21 - 03145782 _____ () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Green speed percents.bmp
    2014-11-02 07:08 - 2014-10-18 08:55 - 00001044 _____ () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\VGGCaddy.lnk
    2014-10-19 04:15 - 2014-11-18 17:02 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfeb85a996920e.job

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-18 19:47 - 2011-07-18 00:20 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\temp
    2014-11-18 19:47 - 2009-07-30 20:31 - 00000452 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{A5BA4143-133C-40B2-AB6F-015DCEDD0290}.job
    2014-11-18 19:44 - 2012-05-17 21:51 - 00000679 _____ () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\Settings.ini
    2014-11-18 19:42 - 2005-11-14 19:58 - 00000000 ____D () C:\WINDOWS\repair
    2014-11-18 19:42 - 2005-11-14 19:58 - 00000000 ____D () C:\WINDOWS\Registration
    2014-11-18 19:38 - 2012-04-23 20:14 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2014-11-18 19:14 - 2010-01-06 10:42 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2014-11-18 18:34 - 2011-05-29 08:34 - 01609253 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-11-18 17:33 - 2010-07-13 05:42 - 00000282 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1016.job
    2014-11-18 17:33 - 2010-07-13 05:42 - 00000274 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1016.job
    2014-11-18 17:23 - 2013-09-24 00:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
    2014-11-18 17:03 - 2014-01-29 18:34 - 00000480 _____ () C:\WINDOWS\Tasks\AVG_REG_0214c.job
    2014-11-18 17:03 - 2013-12-10 09:32 - 00000480 _____ () C:\WINDOWS\Tasks\AVG_REG_1113a.job
    2014-11-18 17:02 - 2014-08-29 07:03 - 00000632 _____ () C:\WINDOWS\Tasks\AVG_SYS_TASK_0814av_RUN.job
    2014-11-18 17:02 - 2014-08-28 08:14 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
    2014-11-18 17:02 - 2014-04-18 17:46 - 00000626 _____ () C:\WINDOWS\Tasks\AVG_SYS_TASK_0414b_RUN.job
    2014-11-18 17:02 - 2013-12-10 09:32 - 00000462 _____ () C:\WINDOWS\Tasks\AVG_SYS_TASK_DELETE.job
    2014-11-18 17:02 - 2013-09-24 09:28 - 00000342 _____ () C:\WINDOWS\Tasks\SmartDefragUpdate.job
    2014-11-18 17:02 - 2013-01-28 09:23 - 00000408 _____ () C:\WINDOWS\Tasks\ROC_REG_JAN.job
    2014-11-18 17:02 - 2011-05-29 11:09 - 00000159 _____ () C:\WINDOWS\wiadebug.log
    2014-11-18 17:02 - 2011-05-29 11:08 - 00000050 _____ () C:\WINDOWS\wiaservc.log
    2014-11-18 17:02 - 2011-05-29 11:07 - 00032524 _____ () C:\WINDOWS\SchedLgU.Txt
    2014-11-18 17:02 - 2010-12-17 15:46 - 00000278 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1015.job
    2014-11-18 17:02 - 2010-07-31 11:31 - 00000308 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1007.job
    2014-11-18 17:02 - 2010-06-12 07:50 - 00000274 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1009.job
    2014-11-18 17:02 - 2010-05-31 16:40 - 00000276 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1014.job
    2014-11-18 17:02 - 2010-01-06 10:42 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-11-18 17:01 - 2009-10-12 07:11 - 00000642 _____ () C:\WINDOWS\system32\QosServ.log
    2014-11-18 17:01 - 2005-08-30 22:17 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-11-18 16:47 - 2009-10-12 07:49 - 00393216 _____ () C:\WINDOWS\system32\config\VPN.evt
    2014-11-18 16:47 - 2009-07-30 19:20 - 00000178 ___SH () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\ntuser.ini
    2014-11-18 15:47 - 2009-07-30 19:20 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75
    2014-11-18 14:00 - 2013-04-15 09:33 - 00000456 _____ () C:\WINDOWS\Tasks\At4.job
    2014-11-18 10:33 - 2013-04-15 09:33 - 00000456 _____ () C:\WINDOWS\Tasks\At3.job
    2014-11-18 10:13 - 2008-04-12 12:27 - 00000000 ____D () C:\Program Files\CCleaner
    2014-11-18 10:10 - 2013-04-15 09:33 - 00000456 _____ () C:\WINDOWS\Tasks\At1.job
    2014-11-18 09:53 - 2008-01-31 18:11 - 00000178 ___SH () C:\Documents and Settings\MOM\ntuser.ini
    2014-11-18 09:51 - 2011-07-18 22:42 - 00000000 ____D () C:\Documents and Settings\MOM\Local Settings\temp
    2014-11-17 20:40 - 2013-04-15 09:33 - 00000456 _____ () C:\WINDOWS\Tasks\At2.job
    2014-11-16 14:54 - 2012-02-01 21:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Driver Genius Professional Edition
    2014-11-15 13:55 - 2011-11-20 20:41 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Google
    2014-11-15 13:55 - 2009-07-30 19:24 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Mozilla
    2014-11-15 10:47 - 2013-09-24 00:15 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Avg2014
    2014-11-15 10:22 - 2009-02-16 18:06 - 00000000 ____D () C:\Program Files\AVG
    2014-11-15 10:21 - 2013-09-24 00:19 - 00000000 ___HD () C:\$AVG
    2014-11-15 09:26 - 2011-08-28 20:47 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt
    2014-11-15 01:43 - 2010-05-31 16:40 - 00000284 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1014.job
    2014-11-14 11:34 - 2011-05-30 01:06 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\WMTools Downloaded Files
    2014-11-14 08:52 - 2013-12-06 09:52 - 00020480 _____ () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-11-13 14:15 - 2011-05-18 11:54 - 00000000 ___RD () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Resumes
    2014-11-13 11:59 - 2010-12-17 15:46 - 00000286 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1015.job
    2014-11-12 20:07 - 2010-07-31 11:31 - 00000316 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1007.job
    2014-11-12 17:20 - 2008-07-21 19:36 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    2014-11-12 03:18 - 2008-02-11 20:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2014-11-12 03:13 - 2013-08-13 22:26 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-11-12 03:05 - 2008-02-01 08:56 - 100445232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2014-11-12 00:30 - 2014-08-28 08:14 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
    2014-11-11 15:38 - 2012-04-23 20:14 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2014-11-11 15:38 - 2011-05-18 11:16 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2014-11-09 23:15 - 2011-12-14 19:15 - 00000000 ____D () C:\Program Files\Mahjongg - Ancient Mayas
    2014-11-08 15:00 - 2014-03-22 05:09 - 00000212 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    2014-11-05 07:17 - 2010-06-06 21:31 - 00000282 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1009.job
    2014-11-04 10:21 - 2011-12-24 18:30 - 00432640 __SHC () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Thumbs.db
    2014-11-03 10:22 - 2014-10-01 23:05 - 00000000 ____D () C:\Katstown Solutions
    2014-11-02 07:12 - 2013-10-03 23:44 - 00002315 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
    2014-11-02 07:05 - 2005-08-30 22:07 - 00703420 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2014-10-31 23:30 - 2014-08-28 08:14 - 00000446 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
    2014-10-26 06:00 - 2011-07-24 00:00 - 00000000 ____D () C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\HpUpdate
    2014-10-21 07:53 - 2012-05-02 17:59 - 01397728 _____ (Tweaking.com) C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\TweakingRegistryBackup.exe

    Files to move or delete:
    ====================
    C:\Windows\Tasks\At1.job
    C:\Windows\Tasks\At2.job
    C:\Windows\Tasks\At3.job
    C:\Windows\Tasks\At4.job


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End Of Log ============================

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-11-2014
    Ran by Dad at 2014-11-18 19:48:33
    Running from C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)


    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
    Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.0.626 - Adobe Systems, Inc.)
    Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
    Amazon Music Importer (HKLM\...\com.amazon.music.uploader) (Version: 2.0.1 - Amazon Services LLC)
    Amazon Music Importer (Version: 2.0.1 - Amazon Services LLC) Hidden
    Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - )
    Avaya one-X Communicator (HKLM\...\{EE827DAC-71E4-4E98-805C-66E2CBF41513}) (Version: 1.0.0.84 - Avaya Inc.)
    Belarc Advisor 7.2 (HKLM\...\Belarc Advisor) (Version: - )
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    Budget Sheet Manager V4.0 (HKLM\...\Budget Sheet Manager V4.0) (Version: - )
    BufferChm (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
    Cisco AnyConnect VPN Client (HKLM\...\{68D47332-A69E-4B72-83B7-D34AE73B0CE8}) (Version: 2.2.0128 - Cisco Systems, Inc.)
    Coby Media Manager (HKLM\...\{9A4F58EC-AA61-4382-81B3-80971396F851}) (Version: 1.0.4313 - Coby)
    CP_AtenaShokunin1Config (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    CP_CalendarTemplates1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    cp_LightScribeConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    cp_OnlineProjectsConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    CP_Package_Basic1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    CP_Package_Variety1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    CP_Package_Variety2 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    CP_Package_Variety3 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    CP_Panorama1Config (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    cp_PosterPrintConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    cp_UpdateProjectsConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation)
    CueTour (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    Data Fax SoftModem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: - )
    Destinations (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    DJ3510FWUpdateAlert (Version: 1.00.0000 - HP) Hidden
    eCalc Scientific (v1.5) (HKLM\...\{A3960197-74C2-4362-B816-11AB39E9C84D}_is1) (Version: - eCalc.com)
    Free NaturalReader (HKLM\...\{1F2DF2C6-08F7-40BD-8E85-D16CB436E7F0}) (Version: 9.0 - NaturalSoft Limited)
    FullDPAppQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Talk Plugin (HKLM\...\{37C5A56A-00EA-347B-B7A1-5628BED56702}) (Version: 1.8.0.0 - Google)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    HandBrake 0.9.9.1 (HKLM\...\HandBrake) (Version: 0.9.9.1 - )
    High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
    HP Boot Optimizer (HKLM\...\{1341D838-719C-4A05-B50F-49420CA1B4BB}) (Version: 3.0.0 - Hewlett-Packard)
    HP Deskjet 3510 series Basic Device Software (HKLM\...\{9F1F6E90-519F-4217-9A4B-466632D5CCCB}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Deskjet 3510 series Help (HKLM\...\{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}) (Version: 28.0.0 - Hewlett Packard)
    HP Deskjet 3510 series Product Improvement Study (HKLM\...\{1006DA78-79A1-43AD-BEB9-7CDCDAEFD588}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP DVD Play 2.1 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: - )
    HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
    HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
    HP Imaging Device Functions 7.0 (HKLM\...\HP Imaging Device Functions) (Version: 7.0 - HP)
    HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
    HP Photosmart Premier Software 6.5 (HKLM\...\HP Photo & Imaging) (Version: 6.5 - HP)
    HP Support Overview (HKLM\...\{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1) (Version: 1.0.0 - Hewlett-Packard Company)
    HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
    HP Web Helper (HKLM\...\{DAAD5187-62C5-4AD6-A526-803C18C4944D}) (Version: - )
    HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
    HPPhotoSmartExpress (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden
    InstantShareAlert (Version: 1.00.0000 - HP) Hidden
    InstantShareDevices (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
    Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
    Kats Calculators (HKU\S-1-5-21-2250449246-3165194149-3948157566-1016\...\0992c2e475ab8f1e) (Version: 2.0.0.8 - Katstown Solutions)
    Kats Wind and Putting Calculators (HKLM\...\{F1F55522-3481-510E-4481-002E73EC7444}) (Version: 9.0.21022.8 - Katstown Solutions)
    LightScribe 1.4.105.1 (Version: 1.4.105.1 - http://www.lightscribe.com) Hidden
    Mahjongg - Ancient Mayas (HKLM\...\{2E6F5711-0A88-460A-B4C8-EB64573BF7E9}_is1) (Version: - cerasus.media GmbH)
    MasterCook Deluxe 9 (HKLM\...\InstallShield_{99B366B0-76B6-4DBA-95A3-A730015A7D01}) (Version: 9.0.000 - ValuSoft)
    MasterCook Deluxe 9 (Version: 9.0.000 - ValuSoft) Hidden
    Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Hotfix (KB953295) (HKLM\...\KB953295) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM\...\KB979904) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Away Mode (HKLM\...\AwayMode160) (Version: 6.0.0160.0 - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
    Move Networks Media Player for Internet Explorer (HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\...\Move Networks Player - IE) (Version: - )
    Mozilla Firefox 33.1.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
    MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    My HP Games (HKLM\...\WildTangent compaq Master Uninstall) (Version: HPCMPQ1404 - WildTangent)
    MyBudgetPlanner (HKLM\...\{12FC1931-EC4C-4884-93EA-7744B238A5B9}) (Version: - )
    NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9713 - NVIDIA Corporation)
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
    NVIDIA nView 135.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 135.95 - NVIDIA Corporation)
    NVIDIA Update 1.5.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.5.20 - NVIDIA Corporation)
    OptionalContentQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    Palm (HKLM\...\{32EF6F81-583E-4127-918D-D3768A8957C4}) (Version: 4.1.0420 - Palm, Inc.)
    PC-Doctor 5 for Windows (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4060.15 - PC-Doctor, Inc.)
    PhotoGallery (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    Python 2.2 pywin32 extensions (build 203) (HKLM\...\pywin32-py2.2) (Version: - )
    Python 2.2.3 (HKLM\...\Python 2.2.3) (Version: 2.2.3 - PythonLabs at Zope Corporation)
    Quicken 2006 (HKLM\...\{2818095F-FB6C-42C8-827E-0A406CC9AFF5}) (Version: 15.1.4.5 - Intuit)
    QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
    RandMap (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    RealPlayer (HKLM\...\RealPlayer 12.0) (Version: - RealNetworks)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6526 - Realtek Semiconductor Corp.)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Shop'NCook Pro version 4.0.17 (HKLM\...\{C8797726-5DE1-4609-9335-D5D1BA0C28B6}_is1) (Version: 4.0.17 - Rufenacht Innovative)
    SiSoftware Sandra Lite XII.SP2a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1) (Version: 14.20.2008.4 - SiSoftware)
    SkinsHP1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    SlideShow (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    SlideShowMusic (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    Sonic Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Sonic Solutions)
    Sonic MyDVD Plus (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.2.0 - Sonic Solutions)
    Sonic RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.6 - Sonic Solutions)
    Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.6 - Sonic Solutions)
    Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.6 - Sonic Solutions)
    Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
    Sonic_PrimoSDK (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
    swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    TWC WiFi (HKLM\...\TWC WiFi_is1) (Version: - )
    Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
    Unload (Version: 7.0.0 - Hewlett-Packard) Hidden
    Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version: - Microsoft Corporation)
    Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
    Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Live installer (HKLM\...\{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}) (Version: 12.0.1471.1025 - Microsoft Corporation)
    Windows Live Messenger (HKLM\...\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}) (Version: 8.5.1302.1018 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
    Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
    Windows Movie Maker 6.1 (HKLM\...\{3CC29C1A-B5FE-457B-8F22-32A2winmovie}}_is1) (Version: - win-movie-maker-free)
    Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version: - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version: - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version: - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB908246 (HKLM\...\KB908246) (Version: - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB925766 (HKLM\...\KB925766) (Version: - Microsoft Corporation)
    Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version: - Microsoft Corporation)
    Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
    Wireless-G PCI Adapter (HKLM\...\{88742616-A6E9-4C7E-9665-B625799541FB}) (Version: - )
    Yahoo! Toolbar (HKLM\...\Yahoo! Toolbar) (Version: - )
    YTD Video Downloader 4.7.4 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.7.4 - GreenTree Applications SRL) <==== ATTENTION

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{0944D16C-D0E3-4389-982A-A085595A9EB3}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
    CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Google\Update\1.3.25.5 (the data entry has 19 more characters).
    CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{3831331E-0D00-4716-871D-68F3B11D23C9}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
    CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{3DCD2BC5-8478-48AE-891F-90C8B2F19F56}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
    CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
    CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
    CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{52C01A76-19D1-4A50-AE8A-38FFBCCF9182}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
    CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{5954EA75-9BE9-461A-BD34-CEA3A861FF19}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
    CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{762EC429-1A4C-4AB8-844A-9A552E1241DA}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
    CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Local Settings\Application Data\Google\Update\1.3.24.1 (the data entry has 20 more characters).
    CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{A506EF88-9EEB-4522-BFE1-A8E886A64D80}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
    CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{A5704C37-40C9-49EF-904B-97E5F5F9B1C5}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
    CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{B87799AF-2CD8-4DAA-93CF-65F002035369}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
    CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{BBC73C94-336B-43CC-B52C-31EB9FA34013}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
    CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{C406F816-317C-4F7D-81CB-BA93CA7B70D5}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
    CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{D502D4A3-03D5-4EAE-A14E-69606CA63430}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()
    CustomCLSID: HKU\S-1-5-21-2250449246-3165194149-3948157566-1016_Classes\CLSID\{EC22770D-3332-4C56-8A8D-3E560475F655}\InprocServer32 -> C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\U3\0000162B537354FA\1F30627F-0195-44d4-8C24-1999F3C02C50\Exec\skin.ocx ()

    ==================== Restore Points =========================

    21-08-2014 10:25:29 System Checkpoint
    22-08-2014 11:25:23 System Checkpoint
    23-08-2014 12:25:20 System Checkpoint
    24-08-2014 13:25:18 System Checkpoint
    25-08-2014 13:25:36 System Checkpoint
    26-08-2014 16:19:33 System Checkpoint
    27-08-2014 17:04:40 System Checkpoint
    28-08-2014 18:04:44 System Checkpoint
    29-08-2014 18:33:56 System Checkpoint
    30-08-2014 18:36:08 System Checkpoint
    31-08-2014 19:36:07 System Checkpoint
    01-09-2014 20:36:11 System Checkpoint
    02-09-2014 20:38:35 System Checkpoint
    03-09-2014 21:13:13 System Checkpoint
    04-09-2014 22:14:16 System Checkpoint
    05-09-2014 23:13:05 System Checkpoint
    06-09-2014 23:51:44 System Checkpoint
    07-09-2014 23:54:11 System Checkpoint
    09-09-2014 00:54:06 System Checkpoint
    10-09-2014 01:55:10 System Checkpoint
    11-09-2014 02:12:43 System Checkpoint
    12-09-2014 03:09:19 System Checkpoint
    12-09-2014 04:41:17 Software Distribution Service 3.0
    13-09-2014 05:29:02 System Checkpoint
    14-09-2014 06:09:22 System Checkpoint
    15-09-2014 06:39:02 System Checkpoint
    16-09-2014 07:39:03 System Checkpoint
    17-09-2014 08:39:04 System Checkpoint
    18-09-2014 09:39:05 System Checkpoint
    19-09-2014 10:39:05 System Checkpoint
    20-09-2014 11:39:04 System Checkpoint
    21-09-2014 12:11:30 System Checkpoint
    22-09-2014 13:11:29 System Checkpoint
    23-09-2014 15:47:55 System Checkpoint
    24-09-2014 17:06:24 System Checkpoint
    25-09-2014 17:09:59 System Checkpoint
    26-09-2014 18:03:56 System Checkpoint
    27-09-2014 19:03:57 System Checkpoint
    28-09-2014 19:16:38 System Checkpoint
    29-09-2014 20:03:55 System Checkpoint
    30-09-2014 20:41:52 System Checkpoint
    01-10-2014 20:42:12 System Checkpoint
    02-10-2014 21:42:13 System Checkpoint
    03-10-2014 21:45:29 System Checkpoint
    04-10-2014 22:01:17 System Checkpoint
    06-10-2014 04:40:03 System Checkpoint
    07-10-2014 06:03:22 System Checkpoint
    08-10-2014 06:53:01 System Checkpoint
    09-10-2014 13:51:02 System Checkpoint
    10-10-2014 17:47:08 System Checkpoint
    11-10-2014 18:40:16 System Checkpoint
    12-10-2014 19:40:17 System Checkpoint
    13-10-2014 20:14:51 System Checkpoint
    14-10-2014 21:14:43 System Checkpoint
    15-10-2014 22:14:39 System Checkpoint
    16-10-2014 07:00:07 Software Distribution Service 3.0
    17-10-2014 06:23:43 Removed Java 7 Update 67
    18-10-2014 07:16:41 System Checkpoint
    19-10-2014 08:13:31 System Checkpoint
    20-10-2014 08:14:12 System Checkpoint
    21-10-2014 08:58:19 System Checkpoint
    22-10-2014 09:58:22 System Checkpoint
    23-10-2014 10:58:18 System Checkpoint
    24-10-2014 13:00:45 System Checkpoint
    25-10-2014 13:17:19 System Checkpoint
    26-10-2014 13:58:19 System Checkpoint
    27-10-2014 14:58:22 System Checkpoint
    28-10-2014 16:39:10 System Checkpoint
    29-10-2014 17:11:01 System Checkpoint
    30-10-2014 17:15:59 System Checkpoint
    31-10-2014 17:56:06 System Checkpoint
    01-11-2014 18:55:44 System Checkpoint
    02-11-2014 19:03:15 System Checkpoint
    03-11-2014 20:03:22 System Checkpoint
    04-11-2014 21:03:04 System Checkpoint
    05-11-2014 22:03:00 System Checkpoint
    06-11-2014 23:03:17 System Checkpoint
    08-11-2014 00:25:16 System Checkpoint
    09-11-2014 00:25:58 System Checkpoint
    10-11-2014 01:25:52 System Checkpoint
    11-11-2014 02:34:04 System Checkpoint
    12-11-2014 02:44:28 System Checkpoint
    12-11-2014 09:05:38 Software Distribution Service 3.0
    13-11-2014 09:09:53 System Checkpoint
    14-11-2014 10:09:42 System Checkpoint
    15-11-2014 11:09:52 System Checkpoint
    15-11-2014 16:04:20 Installed AVG 2015
    15-11-2014 16:06:38 Installed AVG 2015
    15-11-2014 19:55:17 Removed Google Talk Plugin
    15-11-2014 19:57:47 Removed Visual Studio 2012 x86 Redistributables
    16-11-2014 20:36:46 System Checkpoint
    17-11-2014 21:28:21 System Checkpoint
    18-11-2014 23:17:34 Removed AVG 2015
    18-11-2014 23:19:25 Removed AVG 2015

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2004-08-10 05:00 - 2011-07-18 22:38 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============


    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    Task: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe
    Task: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe
    Task: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe
    Task: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe
    Task: C:\WINDOWS\Tasks\AVG_REG_0214c.job => C:\Documents and Settings\All Users\Application Data\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe
    Task: C:\WINDOWS\Tasks\AVG_REG_1113a.job => C:\Documents and Settings\All Users\Application Data\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe
    Task: C:\WINDOWS\Tasks\AVG_SYS_TASK_0414b_RUN.job => C:\Documents and Settings\All Users\Application Data\Avg_Update_0414b\AVG-Secure-Search-Update_0414b.exe
    Task: C:\WINDOWS\Tasks\AVG_SYS_TASK_0814av_RUN.job => C:\Documents and Settings\All Users\Application Data\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe
    Task: C:\WINDOWS\Tasks\AVG_SYS_TASK_1114av_RUN.job => C:\Documents and Settings\All Users\Application Data\Avg_Update_1114av\AVG-Secure-Search-Update_1114av.exe
    Task: C:\WINDOWS\Tasks\AVG_SYS_TASK_DELETE.job => C:\Documents and Settings\All Users\Application Data\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe
    Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfeb85a996920e.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d000a3e50162dd.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1009.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1014.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1015.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2250449246-3165194149-3948157566-1016.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1009.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1014.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1015.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2250449246-3165194149-3948157566-1016.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\WINDOWS\Tasks\ReclaimerResumeInstall_Dad.job => C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Application Data\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
    Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
    Task: C:\WINDOWS\Tasks\ROC_REG_JAN.job => C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign\ROC.exe
    Task: C:\WINDOWS\Tasks\ROC_REG_JAN_DELETE.job => C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign\ROC.exe
    Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
    Task: C:\WINDOWS\Tasks\SmartDefragUpdate.job => C:\_OTL\MovedFiles\09242013_010637\C_Program Files\IObit\Smart Defrag 2\AutoUpdate.exe
    Task: C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job => C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{A5BA4143-133C-40B2-AB6F-015DCEDD0290}.job => C:\WINDOWS\system32\msfeedssync.exe

    ==================== Loaded Modules (whitelisted) =============

    2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2004-08-09 22:00 - 2011-02-04 17:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll
    2004-08-09 22:00 - 2013-01-02 00:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
    2004-08-09 22:00 - 2008-04-13 18:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
    2004-08-09 22:00 - 2008-04-13 18:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
    2014-08-28 08:13 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2014-08-28 08:13 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
    2014-08-28 08:13 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2014-08-28 08:13 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
    2014-08-28 08:13 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2014-11-18 17:33 - 2014-11-13 20:42 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:581B0446
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:6F1F66C0
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BED8A204
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:F085C8A1

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\WINDOWS\pss\Secunia PSI Tray.lnkCommon Startup
    MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    MSCONFIG\startupreg: AVG_TRAY => C:\Program Files\AVG\AVG10\avgtray.exe
    MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    MSCONFIG\startupreg: HPDJ Taskbar Utility => C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
    MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-2250449246-3165194149-3948157566-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
    ASPNET (S-1-5-21-2250449246-3165194149-3948157566-1018 - Limited - Enabled)
    Compaq_Administrator (S-1-5-21-2250449246-3165194149-3948157566-1007 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Compaq_Administrator
    Dad (S-1-5-21-2250449246-3165194149-3948157566-1016 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Dad.YOUR-4DACD0EA75
    Guest (S-1-5-21-2250449246-3165194149-3948157566-501 - Limited - Disabled)
    HelpAssistant (S-1-5-21-2250449246-3165194149-3948157566-1006 - Limited - Disabled)
    lexie (S-1-5-21-2250449246-3165194149-3948157566-1015 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\lexie
    MOM (S-1-5-21-2250449246-3165194149-3948157566-1009 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\MOM
    SUPPORT_388945a0 (S-1-5-21-2250449246-3165194149-3948157566-1002 - Limited - Disabled)
    SUPPORT_fddfa904 (S-1-5-21-2250449246-3165194149-3948157566-1005 - Limited - Disabled)
    UpdatusUser (S-1-5-21-2250449246-3165194149-3948157566-1017 - Limited - Enabled) => %SystemDrive%\Documents and Settings\UpdatusUser

    ==================== Faulty Device Manager Devices =============

    Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
    Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
    Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Manufacturer: Cisco Systems
    Service: vpnva
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/18/2014 07:42:24 PM) (Source: COM+) (EventID: 4691) (User: )
    Description: The run-time environment was unable to initialize for transactions required to support transactional components. Make sure that MS-DTC is running. (DtcGetTransactionManagerEx(): hr = 0x8004d027)

    Error: (11/18/2014 07:42:24 PM) (Source: MSDTC Client) (EventID: 4427) (User: )
    Description: Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215, Pid: 2948
    No Callstack,
    CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

    Error: (11/17/2014 06:47:11 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application plugin-container.exe, version 33.1.0.5423, faulting module mozalloc.dll, version 33.1.0.5423, fault address 0x00001425.
    Processing media-specific event for [plugin-container.exe!ws!]

    Error: (11/15/2014 10:20:34 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application avgui.exe, version 14.0.0.4765, faulting module avgui.exe, version 14.0.0.4765, fault address 0x002196ba.
    Processing media-specific event for [avgui.exe!ws!]

    Error: (11/10/2014 08:40:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application firefox.exe, version 33.0.3.5422, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (11/04/2014 08:24:24 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application plugin-container.exe, version 33.0.2.5413, faulting module mozalloc.dll, version 33.0.2.5413, fault address 0x00001425.
    Processing media-specific event for [plugin-container.exe!ws!]

    Error: (11/04/2014 08:24:02 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application firefox.exe, version 33.0.2.5413, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (11/01/2014 06:22:46 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application plugin-container.exe, version 33.0.2.5413, faulting module mozalloc.dll, version 33.0.2.5413, fault address 0x00001425.
    Processing media-specific event for [plugin-container.exe!ws!]

    Error: (11/01/2014 06:22:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application firefox.exe, version 33.0.2.5413, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (11/01/2014 05:38:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application firefox.exe, version 33.0.2.5413, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


    System errors:
    =============
    Error: (11/18/2014 05:03:09 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    ftsata2

    Error: (11/18/2014 05:03:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
    %%1053

    Error: (11/18/2014 05:03:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

    Error: (11/18/2014 05:01:25 PM) (Source: Dhcp) (EventID: 1002) (User: )
    Description: The IP address lease 192.168.0.4 for the Network Card with network address 001C10E3BFC0 has been
    denied by the DHCP server 192.168.223.1 (The DHCP Server sent a DHCPNACK message).

    Error: (11/18/2014 10:30:28 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.

    Error: (11/18/2014 10:29:58 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    ftsata2

    Error: (11/18/2014 10:29:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
    %%1053

    Error: (11/18/2014 10:29:53 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

    Error: (11/18/2014 10:13:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The AVGIDSAgent service terminated unexpectedly. It has done this 1 time(s).

    Error: (11/18/2014 09:59:51 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.


    Microsoft Office Sessions:
    =========================
    Error: (06/11/2010 07:01:40 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: 6Microsoft Office Outlook12.0.6514.500012.0.6425.100000

    Error: (01/29/2010 11:04:30 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: 0Microsoft Office Word12.0.6504.500012.0.6425.1000304903120

    Error: (09/07/2009 01:51:02 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: 0Microsoft Office Word12.0.6504.500012.0.6215.1000440


    ==================== Memory info ===========================

    Processor: AMD Athlon(tm) 64 Processor 3500+
    Percentage of memory in use: 81%
    Total physical RAM: 702.48 MB
    Available physical RAM: 126.67 MB
    Total Pagefile: 1335.42 MB
    Available Pagefile: 690.44 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1944.92 MB

    ==================== Drives ================================

    Drive c: (PRESARIO) (Fixed) (Total:140.47 GB) (Free:57.19 GB) NTFS ==>[Drive with boot components (Windows XP)]
    Drive e: (PRESARIO_RP) (Fixed) (Total:8.56 GB) (Free:0.58 GB) FAT32 ==>[Drive with boot components (Windows XP)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 149.1 GB) (Disk ID: DB5CA2A0)
    Partition 1: (Active) - (Size=140.5 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=8.6 GB) - (Type=0C)

    ==================== End Of Log ============================

    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2014-11-18 19:53:31
    -----------------------------
    19:53:31.750 OS Version: Windows 5.1.2600 Service Pack 3
    19:53:31.750 Number of processors: 1 586 0x4F02
    19:53:31.750 ComputerName: YOUR-4DACD0EA75 UserName: Dad
    19:53:32.125 Initialize success
    19:53:32.218 VM: initialized successfully
    19:53:32.218 VM: Amd CPU virtualization not supported
    19:57:34.093 AVAST engine defs: 14111802
    20:49:24.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0
    20:49:24.828 Disk 0 Vendor: ST316081 3.AH Size: 152627MB BusType: 3
    20:49:25.062 Disk 0 MBR read successfully
    20:49:25.062 Disk 0 MBR scan
    20:49:26.218 Disk 0 unknown MBR code
    20:49:26.234 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 143839 MB offset 63
    20:49:26.265 Disk 0 unknown boot code
    20:49:27.218 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 8777 MB offset 294599970
    20:49:27.562 Disk 0 statistics 287/0/0 @ 0.90 MB/s
    20:49:27.578 Scan finished successfully
    20:50:16.453 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\MBR.dat"
    20:50:16.546 The log file has been saved successfully to "C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop\aswMBR.txt"

  2. #2
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,935

    Default

    YTD Video Downloader 4.7.4
    Please remove the above through your add/remove programs list, then reboot.

    ~~~~~~~~~~~~

    Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

    Proceed with the reset once done.

    ~~~~~~~~~~~~~~~~~~~

    Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

    start
    CloseProcesses:
    HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
    HKU\S-1-5-21-2250449246-3165194149-3948157566-1017\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.google.com" <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKLM -> DefaultScope value is missing.
    SearchScopes: HKU\.DEFAULT -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={4798F553-7C93-4DCC-BBC6-D3B781E18F93}&mid=5ce3a7b7122419458ab8edb14ebe45e0-20956b97e42a87a2206895cb73fb0ddfe8cc8e67&lang=en&ds=oc011&pr=sa&d=2013-05-04 22:49:17&v=15.4.0.5&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
    CHR HKLM\...\Chrome\Extension: [aacbndibbcpajfgnkdkaakeiojmmgmnk] - C:\Documents and Settings\MOM\Application Data\Media Finder\Extensions\mf_plugin_gc.crx []
    CHR HKLM\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files\Coupons.com CouponBar\chrome\Coupons.com.crx []
    CHR HKLM\...\Chrome\Extension: [jpihmmhdcobmllpcnpfbhnipmhamldje] - C:\Documents and Settings\MOM\Application Data\Media Finder\Extensions\gencrawler_gc.crx [2010-05-31]
    C:\Windows\Tasks\At1.job
    C:\Windows\Tasks\At2.job
    C:\Windows\Tasks\At3.job
    C:\Windows\Tasks\At4.job
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:581B0446
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:6F1F66C0
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BED8A204
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:F085C8A1
    EmptyTemp:
    Hosts:
    End
    Open FRST/FRST64 and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
    ~~~~~~~~~~~~~~~~`

    Malwarebytes Anti-Rootkit

    Download Malwarebytes Anti-Rootkit to your desktop.
    • Double-click the icon to start the tool.
    • It will ask you where to extract it, then it will start.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Click in the introduction screen "next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"



    Please post:
    Fixlog.txt
    Malwarebytes Anti-Rootkit log
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Senior Member
    Join Date
    Jun 2008
    Posts
    101

    Default

    Guess we're good. Here's the logs:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 17-11-2014
    Ran by Dad at 2014-11-21 15:46:19 Run:2
    Running from C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop
    Loaded Profile: Dad (Available profiles: Compaq_Administrator & MOM & lexie & Dad & UpdatusUser & Administrator)
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    start
    CloseProcesses:
    HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
    HKU\S-1-5-21-2250449246-3165194149-3948157566-1017\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.google.com" <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKLM -> DefaultScope value is missing.
    SearchScopes: HKU\.DEFAULT -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={4798F553-7C93-4DCC-BBC6-D3B781E18F93}&mid=5ce3a7b7122419458ab8edb14ebe45e0-20956b97e42a87a2206895cb73fb0ddfe8cc8e67&lang=en&ds=oc011&pr=sa&d=2013-05-04 22:49:17&v=15.4.0.5&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
    CHR HKLM\...\Chrome\Extension: [aacbndibbcpajfgnkdkaakeiojmmgmnk] - C:\Documents and Settings\MOM\Application Data\Media Finder\Extensions\mf_plugin_gc.crx []
    CHR HKLM\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files\Coupons.com CouponBar\chrome\Coupons.com.crx []
    CHR HKLM\...\Chrome\Extension: [jpihmmhdcobmllpcnpfbhnipmhamldje] - C:\Documents and Settings\MOM\Application Data\Media Finder\Extensions\gencrawler_gc.crx [2010-05-31]
    C:\Windows\Tasks\At1.job
    C:\Windows\Tasks\At2.job
    C:\Windows\Tasks\At3.job
    C:\Windows\Tasks\At4.job
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:581B0446
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:6F1F66C0
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BED8A204
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:F085C8A1
    EmptyTemp:
    Hosts:
    End
    *****************

    Processes closed successfully.
    HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.

    "HKU\S-1-5-21-2250449246-3165194149-3948157566-1009\Software\Microsoft\Internet Explorer\Main -> Listing permissions failed. Key not found.
    HKU\S-1-5-21-2250449246-3165194149-3948157566-1017\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.

    "HKU\S-1-5-21-2250449246-3165194149-3948157566-1017\Software\Microsoft\Internet Explorer\Main -> Listing permissions failed. Key not found.
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully.
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    "HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully.
    "HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key not found.
    C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml => Moved successfully.
    "HKLM\SOFTWARE\Google\Chrome\Extensions\aacbndibbcpajfgnkdkaakeiojmmgmnk" => Key deleted successfully.
    "C:\Documents and Settings\MOM\Application Data\Media Finder\Extensions\mf_plugin_gc.crx" => File/Directory not found.
    "HKLM\SOFTWARE\Google\Chrome\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf" => Key deleted successfully.
    "C:\Program Files\Coupons.com CouponBar\chrome\Coupons.com.crx" => File/Directory not found.
    "HKLM\SOFTWARE\Google\Chrome\Extensions\jpihmmhdcobmllpcnpfbhnipmhamldje" => Key deleted successfully.
    "C:\Documents and Settings\MOM\Application Data\Media Finder\Extensions\gencrawler_gc.crx" => File/Directory not found.
    C:\Windows\Tasks\At1.job => Moved successfully.
    C:\Windows\Tasks\At2.job => Moved successfully.
    C:\Windows\Tasks\At3.job => Moved successfully.
    C:\Windows\Tasks\At4.job => Moved successfully.
    C:\Documents and Settings\All Users\Application Data\TEMP => ":581B0446" ADS removed successfully.
    C:\Documents and Settings\All Users\Application Data\TEMP => ":5C321E34" ADS removed successfully.
    C:\Documents and Settings\All Users\Application Data\TEMP => ":6F1F66C0" ADS removed successfully.
    C:\Documents and Settings\All Users\Application Data\TEMP => ":8CE646EE" ADS removed successfully.
    C:\Documents and Settings\All Users\Application Data\TEMP => ":BED8A204" ADS removed successfully.
    C:\Documents and Settings\All Users\Application Data\TEMP => ":F085C8A1" ADS removed successfully.
    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.
    EmptyTemp: => Removed 27.1 MB temporary data.


    The system needed a reboot.

    ==== End of Fixlog ====

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.08.2.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
    CPU speed: 2.204000 GHz
    Memory total: 736608256, free: 92344320

    Downloaded database version: v2014.11.21.11
    Downloaded database version: v2014.11.21.01
    =======================================
    Initializing...
    ------------ Kernel report ------------
    11/21/2014 16:20:11
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntkrnlpa.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    ACPI.sys
    \WINDOWS\system32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    ohci1394.sys
    \WINDOWS\system32\DRIVERS\1394BUS.SYS
    pciide.sys
    \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    viaide.sys
    intelide.sys
    MountMgr.sys
    ftdisk.sys
    dmload.sys
    dmio.sys
    PartMgr.sys
    VolSnap.sys
    atapi.sys
    nvgts.sys
    \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
    disk.sys
    \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    fltmgr.sys
    sr.sys
    PxHelp20.sys
    KSecDD.sys
    WudfPf.sys
    Ntfs.sys
    NDIS.sys
    SmartDefragDriver.sys
    Mup.sys
    \SystemRoot\system32\DRIVERS\tunmp.sys
    \SystemRoot\system32\DRIVERS\processr.sys
    \SystemRoot\system32\DRIVERS\nv4_mini.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\system32\DRIVERS\usbohci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\imapi.sys
    \SystemRoot\system32\drivers\pfc.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\redbook.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\RT61.sys
    \SystemRoot\system32\DRIVERS\HSXHWBS2.sys
    \SystemRoot\system32\DRIVERS\HSX_DP.sys
    \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
    \SystemRoot\System32\Drivers\Modem.SYS
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\nvnetbus.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\arkbcfltr.sys
    \SystemRoot\system32\DRIVERS\arpolicy.sys
    \SystemRoot\system32\DRIVERS\audstub.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\psched.sys
    \SystemRoot\system32\DRIVERS\msgpc.sys
    \SystemRoot\system32\DRIVERS\ptilink.sys
    \SystemRoot\system32\DRIVERS\raspti.sys
    \SystemRoot\system32\DRIVERS\rdpdr.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\update.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\NVENETFD.sys
    \SystemRoot\system32\DRIVERS\NVNRM.SYS
    \SystemRoot\system32\drivers\RtkHDAud.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \??\C:\WINDOWS\system32\drivers\avgtpx86.sys
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \SystemRoot\system32\DRIVERS\tcpip.sys
    \SystemRoot\system32\DRIVERS\tcpip6.sys
    \SystemRoot\system32\DRIVERS\netbt.sys
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\System32\Drivers\Fips.SYS
    \SystemRoot\system32\DRIVERS\ipnat.sys
    \SystemRoot\system32\drivers\ip6fw.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\arhidfltr.sys
    \SystemRoot\System32\Drivers\BANTExt.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\armoucfltr.sys
    \SystemRoot\system32\DRIVERS\usbscan.sys
    \SystemRoot\system32\DRIVERS\usbprint.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\System32\Drivers\Fastfat.SYS
    \SystemRoot\System32\Drivers\dump_diskdump.sys
    \SystemRoot\System32\Drivers\dump_nvgts.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\nv4_disp.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\system32\DRIVERS\mrxdav.sys
    \SystemRoot\System32\Drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    \SystemRoot\system32\DRIVERS\srv.sys
    \SystemRoot\System32\Drivers\Cdfs.SYS
    \SystemRoot\System32\Drivers\TDTCP.SYS
    \SystemRoot\System32\Drivers\RDPWD.SYS
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
    \WINDOWS\system32\ntdll.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff83462ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Scsi\nvgts1Port2Path0Target0Lun0\
    Lower Device Object: 0xffffffff8336aa38
    Lower Device Driver Name: \Driver\nvgts\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff83462ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff83462890, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff83462ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff83431920, DeviceName: \Device\00000073\, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff8336aa38, DeviceName: \Device\Scsi\nvgts1Port2Path0Target0Lun0\, DriverName: \Driver\nvgts\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    File "C:\WINDOWS\system32\drivers\103C_HP_CPC_RE473AA-ABA SR2020NX NA680_YC_0Pres_QCNH634_E64NAemREA3_48_INAOS_SASUSTek Computer INC._V1.05_B3.00_T060630_WXP2_L409_M447_J40_7AMD_8Athlon 64_92.2_#070103_N_Z14F12F20_G10DE0241.MRK" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\103C_HP_CPC_RE473AA-ABA SR2020NX NA680_YC_0Pres_QCNH634_E64NAemREA3_48_INAOS_SASUSTek Computer INC._V1.05_B3.00_T060630_WXP2_L409_M447_J40_7AMD_8Athlon 64_92.2_#070103_N_Z14F12F20_G10DE0241.MRK" is compressed (flags = 1)
    File "C:\WINDOWS\system32\drivers\HSFProf.cty" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\HSFProf.cty" is compressed (flags = 1)
    File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\cxthsfs2.cty" is compressed (flags = 1)
    File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\gm.dls" is compressed (flags = 1)
    File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\gmreadme.txt" is compressed (flags = 1)
    File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\netwlan5.img" is compressed (flags = 1)
    File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\ativmc20.cod" is compressed (flags = 1)
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: DB5CA2A0

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 294583842
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 294599970 Numsec = 17976735

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 160041885696 bytes
    Sector size: 512 bytes

    Done!
    File "C:\Documents and Settings\Dad.YOUR-4DACD0EA75\IETldCache\index.dat" is compressed (flags = 1)
    Scan finished

  4. #4
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,935

    Default

    Please follow the link below and instructions to see which version of Java you have on the machine.
    https://www.java.com/en/download/installed.jsp


    ********
    Download Malwarebytes' Anti-Malware to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"







    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Dections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • When the scan is finished and the log pops up...select Copy to Clipboard
    • Please paste the log back into this thread for review
    • Exit Malwarebytes


    ***************************************

    What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
    Most reliable and thorough.
    The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
    This scanner can take quite a bit of time to run, depending of course how full your computer is.


    Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
    • Note:
      For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
    • Click the blue Run ESET Online Scanner button
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
    • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
    • Click on Advanced Settings
    • Make sure that the option Remove found threats is unticked.
    • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

    • Click Start
    • Wait for the scan to finish
    • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
    • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
    • Close the ESET online scan.


    *************************************
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #5
    Senior Member
    Join Date
    Jun 2008
    Posts
    101

    Default

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 11/22/2014
    Scan Time: 1:22:22 PM
    Logfile:
    Administrator: Yes

    Version: 2.00.3.1025
    Malware Database: v2014.11.22.11
    Rootkit Database: v2014.11.21.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: Dad

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 575299
    Time Elapsed: 44 min, 23 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)


    C:\AdwCleaner\Backup\C\Documents and Settings\DAD.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\prefs_23_09_2013_01_58_20.js JS/SecurityDisabler.A.Gen potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Backup\C\Documents and Settings\DAD.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\prefs_24_09_2013_23_24_34.js JS/SecurityDisabler.A.Gen potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Documents and Settings\DAD.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\37fti8ke.default\user.js.vir JS/SecurityDisabler.A.Gen potentially unwanted application deleted - quarantined
    C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\solid-install\InstallManagerX.exe Win32/InstallMonetizer.AZ potentially unwanted application deleted - quarantined
    E:\I386\APPS\APP17286\src\CompaqPresario_Spring06.exe a variant of Win32/AdInstaller potentially unwanted application deleted - quarantined
    E:\I386\APPS\APP17286\src\HPPavillion_Spring06.exe a variant of Win32/AdInstaller potentially unwanted application deleted - quarantined

  6. #6
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,935

    Default

    Looks good just 1 file to remove

    Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

    start
    CloseProcesses:
    C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\solid-install\InstallManagerX.exe
    End
    Open FRST/FRST64 and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


    Ready to remove tools and quarantine folders?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #7
    Senior Member
    Join Date
    Jun 2008
    Posts
    101

    Default

    Oh Wow. I removed some of the tools I had to download already!
    I added an anti-virus program (AVAST) but the stupid thing added links to Amazon and E-bay to my browser!
    Do I have to uninstall and reinstall the browser again to get rid of those links?

    here's the fixit log:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-11-2014
    Ran by Dad at 2014-11-23 09:22:26 Run:4
    Running from C:\Documents and Settings\Dad.YOUR-4DACD0EA75\Desktop
    Loaded Profiles: Dad & UpdatusUser (Available profiles: Compaq_Administrator & MOM & lexie & Dad & UpdatusUser & Administrator)
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    start
    CloseProcesses:
    C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\solid-install\InstallManagerX.exe
    End
    *****************

    Processes closed successfully.
    "C:\Documents and Settings\Dad.YOUR-4DACD0EA75\My Documents\solid-install\InstallManagerX.exe" => File/Directory not found.


    The system needed a reboot.

    ==== End of Fixlog ====

  8. #8
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,935

    Default

    I added an anti-virus program (AVAST) but the stupid thing added links to Amazon and E-bay to my browser
    Have you run another tool and this showed up?

    I haven't heard of this coming in Avast before.
    First, look through your add/remove programs list for items you don't want and can be removed this way.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  9. #9
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,935

    Default

    Glad we could help.

    Since this issue appears resolved ... this Topic is closed.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •