Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WIndows XP computer malware / virus infection


  • This topic is locked This topic is locked
12 replies to this topic

#1 idalman64

idalman64

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Miami, FL.
  • Local time:09:00 PM

Posted 06 August 2014 - 09:32 PM

Hello, I have a Windows XP computer that apperantly is now infected with some type of malware / virus  infection. FireFox will open up multiple windows and ads when I click on anything on any web page. My  son decided to start playing pc games and he decided to join some type of networks for these games and since he did this, the problem started. I have uninstalled Steam and another game he had on the computer and I did run Malwarebytes which did find 48 items, but the problem persists and it is really driving me crazy. Any help anyone can provlde will be greatly appreciated.

 

Thank you.

Idalberto



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:00 PM

Posted 07 August 2014 - 12:21 AM

Hello 

idalman64

,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

2.

Download and run Junkware Removal Tool. ***Your Anti Virus may see this download as malicious, don't worry continue on. 

Please download Junkware Removal Tool to your desktop.

 

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
    the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next Reply.

 

3.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

 

Things to include in your next reply::

AdwCleaner log

JRT.txt

FRST.txt

Addition.txt

How is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 idalman64

idalman64
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Miami, FL.
  • Local time:09:00 PM

Posted 07 August 2014 - 10:04 PM

Hello Fireman4it, here is the log info as requested:

 

Adcleaner Log:

 

# AdwCleaner v3.303 - Report created 07/08/2014 at 22:17:09
# Updated 06/08/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Idalberto - HOMECOMPUTER
# Running from : C:\Documents and Settings\Idalberto\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Free Video Converter

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Red Sky

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Documents and Settings\Beto\Application Data\Mozilla\Firefox\Profiles\e5a5fo15.default\prefs.js ]

[ File : C:\Documents and Settings\Idalberto\Application Data\Mozilla\Firefox\Profiles\g48o80t9.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [5695 octets] - [17/09/2013 21:48:48]
AdwCleaner[R1].txt - [2217 octets] - [10/04/2014 22:06:05]
AdwCleaner[R2].txt - [2208 octets] - [12/06/2014 23:11:56]
AdwCleaner[R3].txt - [1465 octets] - [07/08/2014 22:14:14]
AdwCleaner[S0].txt - [5858 octets] - [17/09/2013 21:51:19]
AdwCleaner[S1].txt - [1958 octets] - [10/04/2014 22:09:49]
AdwCleaner[S2].txt - [2107 octets] - [12/06/2014 23:13:21]
AdwCleaner[S3].txt - [1390 octets] - [07/08/2014 22:17:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1450 octets] ##########

 

JRT text log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Microsoft Windows XP x86
Ran by Idalberto on Thu 08/07/2014 at 22:31:50.71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 08/07/2014 at 22:37:34.01
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

FIRST.txt log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:8-08-2014
Ran by Idalberto (administrator) on HOMECOMPUTER on 07-08-2014 22:53:36
Running from C:\Documents and Settings\Idalberto\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
() C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\system32\inetsrv\inetinfo.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.7.3.12\nst.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.4.0.13\nis.exe
(Palm) C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe
(Prolific Technology Inc.) C:\WINDOWS\system32\IoctlSvc.exe
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.7.3.12\nst.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.4.0.13\nis.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SlySoft, Inc.) C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(PrinterAnywhere) C:\Program Files\PrinterShare\paConsole.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Fred's Software) C:\Program Files\PrintKey2000\Printkey2000.exe
(D-Link Corporation) C:\Program Files\D-Link\SharePort Utility\Connect.exe
(Microsoft Corporation) C:\PROGRA~1\MICROS~3\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-629881417-154295765-3782477037-1005\...\Run: [AnyDVD] => C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [503296 2006-12-15] (SlySoft, Inc.)
HKU\S-1-5-21-629881417-154295765-3782477037-1005\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2008-01-22] (Nero AG)
HKU\S-1-5-21-629881417-154295765-3782477037-1005\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [204288 2006-10-18] (Microsoft Corporation)
HKU\S-1-5-21-629881417-154295765-3782477037-1005\...\Run: [PrinterShare] => C:\Program Files\PrinterShare\paConsole.exe [1126400 2014-02-11] (PrinterAnywhere)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk
ShortcutTarget: Printkey2000.lnk -> C:\Program Files\PrintKey2000\Printkey2000.exe (Fred's Software)
Startup: C:\Documents and Settings\Beto\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Documents and Settings\Doris\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Documents and Settings\Idalberto\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Documents and Settings\Idalberto\Start Menu\Programs\Startup\SharePort Utility.lnk
ShortcutTarget: SharePort Utility.lnk -> C:\Program Files\D-Link\SharePort Utility\Connect.exe (D-Link Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: No Name -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} ->  No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {71576546-354D-41c9-AAE8-31F2EC22BF0D} -  No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.com/plugin/web/SOEWebInstaller.cab
DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www.freerealms.com/gamedata/FreeRealmsInstaller.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0060-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://secure.freshdelmonte.com/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://secure.freshdelmonte.com/dana-cached/sc/JuniperSetupClient.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} -  No File
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Idalberto\Application Data\Mozilla\Firefox\Profiles\g48o80t9.default
FF SearchEngineOrder.3: Bing
FF Homepage: https://www.yahoo.com/
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF NetworkProxy: "no_proxies_on", "*.local"
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 -> C:\WINDOWS\ ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\ATT\8.3.0.34\ma\bin\npMotive.dll No File
FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
FF Plugin: @unity3d.com/UnityPlayer -> C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Idalberto\Application Data\Mozilla\Firefox\Profiles\g48o80t9.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-28]
FF Extension: D-Link Toolbar - C:\Documents and Settings\Idalberto\Application Data\Mozilla\Firefox\Profiles\g48o80t9.default\Extensions\{926a10d2-4ce7-4331-b96f-ca4e22590fac} [2012-05-18]
FF Extension: Personas Plus - C:\Documents and Settings\Idalberto\Application Data\Mozilla\Firefox\Profiles\g48o80t9.default\Extensions\personas@christopher.beard.xpi [2013-03-01]
FF Extension: NoScript - C:\Documents and Settings\Idalberto\Application Data\Mozilla\Firefox\Profiles\g48o80t9.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-06-03]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-08-01]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} [2014-08-01]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-08-01]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-21]
FF HKLM\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\Documents and Settings\All Users\Application Data\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_1.2.0.37\coFFFw
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-12-20]
FF HKLM\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.0.47\coFFPlgn
FF Extension: No Name - C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.0.47\coFFPlgn [2014-06-15]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF
FF Extension: Norton Vulnerability Protection - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF [2014-06-15]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn
FF Extension: Norton Toolbar - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn [2014-08-07]
FF HKCU\...\Firefox\Extensions: [{2B665A81-579B-381D-3488-5989CCC97176}] - C:\Program Files\ver5TheBestDeals\176.xpi

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.4.0.13\Exts\Chrome.crx [2014-07-12]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files\Norton Identity Safe\Engine\2014.7.3.12\Exts\Chrome.crx [2014-07-08]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AllShare; C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [6638080 2010-07-16] () [File not signed]
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation) [File not signed]
R2 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-05-07] (Oracle Corporation)
R2 NCO; C:\Program Files\Norton Identity Safe\Engine\2014.7.3.12\NST.exe [130104 2014-06-26] (Symantec Corporation)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.4.0.13\NIS.exe [276376 2014-06-27] (Symantec Corporation)
R2 NovacomD; C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe [61440 2011-03-15] (Palm) [File not signed]
R2 PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [75536 2012-06-17] (SANDBOXIE L.T.D)
R2 SMTPSVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2011-08-19] (Logitech Inc.)
R2 W3SVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R3 AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [26824 2006-12-15] (SlySoft, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\System32\drivers\AtihdXP3.sys [100368 2012-02-05] (Advanced Micro Devices)
R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20140801.001\BHDrvx86.sys [1101616 2014-06-06] (Symantec Corporation)
R3 cbfs3; C:\WINDOWS\System32\DRIVERS\cbfs3.sys [299024 2012-04-09] (EldoS Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 ccSet_NIS; C:\WINDOWS\system32\drivers\NIS\1504000.00D\ccSetx86.sys [127064 2014-02-20] (Symantec Corporation)
R1 ccSet_NST; C:\WINDOWS\system32\drivers\NST\7DE07030.00C\ccSetx86.sys [127064 2013-09-27] (Symantec Corporation)
S3 dsiarhwprog; C:\WINDOWS\System32\Drivers\dsiarhwprog.sys [29184 2007-02-08] (Thesycon GmbH, Germany) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-06-14] (Symantec Corporation)
R2 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [15440 2006-12-13] (Elaborate Bytes AG)
R3 ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [11984 2006-12-13] (Elaborate Bytes AG)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [109872 2014-06-14] (Symantec Corporation)
S3 FilterService; C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys [23904 2010-05-14] (Logitech Inc.)
R3 IDSxpx86; C:\Program Files\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20140806.001\IDSxpx86.sys [383120 2014-06-13] (Symantec Corporation)
R3 LEqdUsb; C:\WINDOWS\System32\Drivers\LEqdUsb.Sys [42264 2013-05-23] (Logitech, Inc.)
R3 LHidEqd; C:\WINDOWS\System32\Drivers\LHidEqd.Sys [10136 2013-05-23] (Logitech, Inc.)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20140729.004\NAVENG.SYS [93272 2014-06-14] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20140729.004\NAVEX15.SYS [1612376 2014-06-14] (Symantec Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R1 NEOFLTR_640_14811; C:\WINDOWS\system32\Drivers\NEOFLTR_640_14811.SYS [77608 2009-10-27] (Juniper Networks)
R3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2009-07-09] (VSO Software) [File not signed]
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [137488 2012-06-17] (SANDBOXIE L.T.D)
R1 SRTSP; C:\WINDOWS\System32\Drivers\NIS\1504000.00D\SRTSP.SYS [664280 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NIS\1504000.00D\SRTSPX.SYS [32344 2013-10-30] (Symantec Corporation)
R2 sxuptp; C:\WINDOWS\System32\DRIVERS\sxuptp.sys [263944 2010-05-20] (silex technology, Inc.)
R0 SymDS; C:\WINDOWS\System32\drivers\NIS\1504000.00D\SYMDS.SYS [367704 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\drivers\NIS\1504000.00D\SYMEFA.SYS [936152 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2014-06-15] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NIS\1504000.00D\Ironx86.SYS [206936 2013-10-30] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\NIS\1504000.00D\SYMTDI.SYS [423256 2014-02-17] (Symantec Corporation)
S3 catchme; \??\C:\DOCUME~1\IDALBE~1\LOCALS~1\Temp\catchme.sys [X]
S3 cpuz134; \??\C:\DOCUME~1\IDALBE~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S3 hamachi; system32\DRIVERS\hamachi.sys [X]
U5 i8042prt; C:\Windows\System32\Drivers\i8042prt.sys [52480 2008-04-14] (Microsoft Corporation)
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-07 22:53 - 2014-08-07 22:53 - 00024538 _____ () C:\Documents and Settings\Idalberto\Desktop\FRST.txt
2014-08-07 22:53 - 2014-08-07 22:53 - 00000000 ____D () C:\FRST
2014-08-07 22:52 - 2014-08-07 22:52 - 01084928 _____ (Farbar) C:\Documents and Settings\Idalberto\Desktop\frst.exe
2014-08-07 22:37 - 2014-08-07 22:37 - 00000616 _____ () C:\Documents and Settings\Idalberto\Desktop\JRT.txt
2014-08-07 22:23 - 2014-08-07 22:23 - 00001530 _____ () C:\Documents and Settings\Idalberto\Desktop\AdwCleaner[S3].txt
2014-08-07 22:13 - 2014-08-07 22:13 - 01475072 _____ () C:\Documents and Settings\Idalberto\Desktop\AdwCleaner.exe
2014-08-06 22:56 - 2014-08-06 22:55 - 03077584 ____N (Symantec Corporation) C:\Documents and Settings\Idalberto\Desktop\NPE(1).exe
2014-08-05 23:38 - 2014-08-05 23:38 - 00000000 ____D () C:\Avenger
2014-08-05 23:05 - 2014-08-07 22:53 - 00000000 ____D () C:\Documents and Settings\Idalberto\Local Settings\temp
2014-08-05 23:05 - 2014-08-07 22:20 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-08-05 23:05 - 2014-08-05 23:05 - 00017634 _____ () C:\ComboFix.txt
2014-08-05 23:05 - 2014-08-05 23:05 - 00000000 ____D () C:\Documents and Settings\Doris\Local Settings\temp
2014-08-05 23:05 - 2014-08-05 23:05 - 00000000 ____D () C:\Documents and Settings\Beto\Local Settings\temp
2014-08-05 23:05 - 2014-08-05 23:05 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-08-04 11:05 - 2014-08-04 11:05 - 00000000 ____D () C:\Program Files\B021CBBD-E38E-4F8C-8E93-6624B0597A23
2014-08-04 11:04 - 2014-08-05 22:10 - 00000000 ____D () C:\Program Files\005
2014-08-02 11:15 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2014-08-02 11:15 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2014-08-02 11:15 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2014-08-02 11:15 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2014-08-02 11:15 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2014-08-02 11:15 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2014-08-02 11:15 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2014-08-02 11:15 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2014-08-02 11:15 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2014-08-02 11:15 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2014-08-02 11:15 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2014-08-02 11:14 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2014-08-02 11:14 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2014-08-02 11:14 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2014-08-02 11:14 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2014-08-02 11:14 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2014-08-02 11:14 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2014-08-02 11:14 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2014-08-02 11:14 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2014-08-02 11:14 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2014-08-02 11:14 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
2014-08-02 11:14 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
2014-08-02 11:14 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
2014-08-02 11:14 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
2014-08-02 11:14 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
2014-08-02 11:14 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
2014-08-02 11:14 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2014-08-02 11:14 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2014-08-02 11:14 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2014-08-02 11:14 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2014-08-02 11:14 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2014-08-02 11:14 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2014-08-02 11:14 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2014-08-02 11:14 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2014-08-02 11:14 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2014-08-02 11:14 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2014-08-02 11:14 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2014-08-02 11:14 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2014-08-02 11:14 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2014-08-02 11:14 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2014-08-02 11:14 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2014-08-02 11:14 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2014-08-02 11:14 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2014-08-02 11:14 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2014-08-02 11:14 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2014-08-02 11:14 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2014-08-02 11:14 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2014-08-02 11:14 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2014-08-02 11:14 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2014-08-02 11:14 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2014-08-02 11:14 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2014-08-02 11:14 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2014-08-02 11:14 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2014-08-02 11:14 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2014-08-02 11:14 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2014-08-02 11:14 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2014-08-02 11:14 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2014-08-02 11:14 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2014-08-02 11:14 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2014-08-02 11:14 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2014-08-02 11:14 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2014-08-02 11:14 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2014-08-02 11:14 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2014-08-02 11:14 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2014-08-02 11:14 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2014-08-02 11:14 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2014-08-02 11:14 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2014-08-02 11:14 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2014-08-02 11:14 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2014-08-02 11:14 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2014-08-02 11:14 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2014-08-02 11:14 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2014-08-02 11:14 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2014-08-02 11:14 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2014-08-02 11:14 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2014-08-02 11:14 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2014-08-02 11:14 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2014-08-02 11:14 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2014-08-02 11:14 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2014-08-02 11:13 - 2014-08-02 11:14 - 00000000 ___HD () C:\WINDOWS\msdownld.tmp
2014-08-01 18:11 - 2014-08-01 18:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-25 22:20 - 2014-07-25 22:31 - 00000000 ____D () C:\Documents and Settings\Idalberto\Desktop\The Big Lebowski (1998)
2014-07-20 15:56 - 2014-07-20 17:21 - 00137728 _____ () C:\Documents and Settings\Idalberto\Desktop\Copy of Conventional closing cost estimate.xls
2014-07-13 22:38 - 2014-07-13 22:38 - 00000000 ____D () C:\Program Files\PrintKey2000
2014-07-13 22:38 - 2014-07-13 22:38 - 00000000 ____D () C:\Documents and Settings\Idalberto\Start Menu\Programs\PrintKey2000
2014-07-12 13:12 - 2014-07-12 13:12 - 00001544 _____ () C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2014-07-12 13:12 - 2014-07-12 13:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2014-07-12 13:11 - 2014-07-12 13:12 - 00000000 ____D () C:\Program Files\iTunes
2014-07-12 13:11 - 2014-07-12 13:12 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-12 13:11 - 2014-07-12 13:11 - 00000000 ____D () C:\Program Files\iPod

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-07 22:53 - 2014-08-07 22:53 - 00024538 _____ () C:\Documents and Settings\Idalberto\Desktop\FRST.txt
2014-08-07 22:53 - 2014-08-07 22:53 - 00000000 ____D () C:\FRST
2014-08-07 22:53 - 2014-08-05 23:05 - 00000000 ____D () C:\Documents and Settings\Idalberto\Local Settings\temp
2014-08-07 22:52 - 2014-08-07 22:52 - 01084928 _____ (Farbar) C:\Documents and Settings\Idalberto\Desktop\frst.exe
2014-08-07 22:49 - 2008-04-25 12:16 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-08-07 22:37 - 2014-08-07 22:37 - 00000616 _____ () C:\Documents and Settings\Idalberto\Desktop\JRT.txt
2014-08-07 22:33 - 2008-04-25 05:17 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2014-08-07 22:30 - 2014-03-14 21:29 - 00000230 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-08-07 22:30 - 2008-04-25 17:28 - 01689865 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-07 22:29 - 2010-09-25 22:07 - 02582174 _____ () C:\WINDOWS\system32\http_ss.log
2014-08-07 22:29 - 2010-09-25 22:07 - 00000074 _____ () C:\WINDOWS\system32\log.log
2014-08-07 22:29 - 2008-04-25 17:32 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-07 22:29 - 2008-04-25 05:25 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-08-07 22:29 - 2008-04-25 05:25 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-08-07 22:28 - 2009-05-26 17:01 - 00151824 _____ () C:\WINDOWS\system32\ativvaxx.cap
2014-08-07 22:27 - 2009-05-28 22:43 - 00000278 ___SH () C:\Documents and Settings\Idalberto\ntuser.ini
2014-08-07 22:27 - 2009-05-28 22:43 - 00000000 ____D () C:\Documents and Settings\Idalberto
2014-08-07 22:27 - 2009-05-26 13:33 - 00524288 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
2014-08-07 22:27 - 2008-04-25 17:32 - 00032580 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-07 22:23 - 2014-08-07 22:23 - 00001530 _____ () C:\Documents and Settings\Idalberto\Desktop\AdwCleaner[S3].txt
2014-08-07 22:20 - 2014-08-05 23:05 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-08-07 22:17 - 2013-09-17 21:48 - 00000000 ____D () C:\AdwCleaner
2014-08-07 22:13 - 2014-08-07 22:13 - 01475072 _____ () C:\Documents and Settings\Idalberto\Desktop\AdwCleaner.exe
2014-08-07 22:12 - 2013-07-21 10:36 - 00000430 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{1A9E4D16-12C5-44D5-8E2C-050C0746948A}.job
2014-08-07 22:10 - 2012-08-28 22:45 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-07 12:19 - 2014-06-15 12:27 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NST
2014-08-07 11:07 - 2010-02-23 04:30 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-08-06 23:28 - 2014-06-12 23:36 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-06 23:22 - 2012-04-04 23:41 - 00000000 ____D () C:\Documents and Settings\Idalberto\Local Settings\Application Data\NPE
2014-08-06 23:14 - 2008-04-25 12:16 - 00000211 __RSH () C:\boot.ini
2014-08-06 22:59 - 2010-11-28 13:20 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2014-08-06 22:55 - 2014-08-06 22:56 - 03077584 ____N (Symantec Corporation) C:\Documents and Settings\Idalberto\Desktop\NPE(1).exe
2014-08-06 22:41 - 2012-08-10 21:08 - 00880049 _____ () C:\WINDOWS\setupapi.log
2014-08-06 21:26 - 2011-07-13 21:03 - 00000000 ____D () C:\Documents and Settings\Idalberto\Application Data\Skype
2014-08-06 20:28 - 2014-04-20 15:09 - 00002265 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk
2014-08-05 23:38 - 2014-08-05 23:38 - 00000000 ____D () C:\Avenger
2014-08-05 23:38 - 2008-04-25 05:17 - 00000000 ____D () C:\WINDOWS\PeerNet
2014-08-05 23:05 - 2014-08-05 23:05 - 00017634 _____ () C:\ComboFix.txt
2014-08-05 23:05 - 2014-08-05 23:05 - 00000000 ____D () C:\Documents and Settings\Doris\Local Settings\temp
2014-08-05 23:05 - 2014-08-05 23:05 - 00000000 ____D () C:\Documents and Settings\Beto\Local Settings\temp
2014-08-05 23:05 - 2014-08-05 23:05 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-08-05 23:05 - 2014-06-13 00:19 - 00000000 ____D () C:\Qoobox
2014-08-05 23:02 - 2008-04-25 12:16 - 00000227 _____ () C:\WINDOWS\system.ini
2014-08-05 22:42 - 2013-09-18 23:05 - 05567674 ____R (Swearware) C:\Documents and Settings\Idalberto\Desktop\ComboFix.exe
2014-08-05 22:25 - 2008-04-25 12:16 - 00000863 _____ () C:\WINDOWS\win.ini
2014-08-05 22:21 - 2013-07-21 10:40 - 00262144 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-08-05 22:10 - 2014-08-04 11:04 - 00000000 ____D () C:\Program Files\005
2014-08-05 21:44 - 2011-08-12 18:54 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-08-04 11:05 - 2014-08-04 11:05 - 00000000 ____D () C:\Program Files\B021CBBD-E38E-4F8C-8E93-6624B0597A23
2014-08-04 07:12 - 2009-06-02 21:52 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-08-02 14:17 - 2013-05-21 23:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2014-08-02 11:20 - 2013-01-06 23:30 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-02 11:15 - 2008-04-25 17:27 - 00000000 ____D () C:\WINDOWS\system32\DirectX
2014-08-02 11:14 - 2014-08-02 11:13 - 00000000 ___HD () C:\WINDOWS\msdownld.tmp
2014-08-01 18:12 - 2014-08-01 18:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-25 22:39 - 2009-12-13 21:48 - 00000000 ____D () C:\Program Files\PeerBlock
2014-07-25 22:31 - 2014-07-25 22:20 - 00000000 ____D () C:\Documents and Settings\Idalberto\Desktop\The Big Lebowski (1998)
2014-07-25 22:15 - 2009-07-08 20:04 - 00000000 ____D () C:\Documents and Settings\Idalberto\Application Data\vlc
2014-07-25 21:34 - 2009-05-30 00:03 - 00000000 ____D () C:\Documents and Settings\Idalberto\Application Data\uTorrent
2014-07-24 23:00 - 2013-06-22 19:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CanonIJ
2014-07-24 10:52 - 2009-05-26 13:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 03:01 - 2010-06-03 21:14 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2014-07-20 17:21 - 2014-07-20 15:56 - 00137728 _____ () C:\Documents and Settings\Idalberto\Desktop\Copy of Conventional closing cost estimate.xls
2014-07-19 14:09 - 2010-09-30 23:24 - 00000000 ____D () C:\Documents and Settings\Idalberto\Local Settings\Application Data\Deployment
2014-07-13 22:38 - 2014-07-13 22:38 - 00000000 ____D () C:\Program Files\PrintKey2000
2014-07-13 22:38 - 2014-07-13 22:38 - 00000000 ____D () C:\Documents and Settings\Idalberto\Start Menu\Programs\PrintKey2000
2014-07-13 13:33 - 2014-06-15 12:42 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NIS
2014-07-13 13:31 - 2014-06-15 12:45 - 00001975 _____ () C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
2014-07-13 13:31 - 2014-06-15 12:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
2014-07-12 13:12 - 2014-07-12 13:12 - 00001544 _____ () C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2014-07-12 13:12 - 2014-07-12 13:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2014-07-12 13:12 - 2014-07-12 13:11 - 00000000 ____D () C:\Program Files\iTunes
2014-07-12 13:12 - 2014-07-12 13:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-12 13:11 - 2014-07-12 13:11 - 00000000 ____D () C:\Program Files\iPod
2014-07-12 13:11 - 2009-06-02 21:52 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-12 13:07 - 2009-05-26 21:08 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups
2014-07-12 11:36 - 2014-06-15 12:27 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Norton Identity Safe
2014-07-09 03:23 - 2013-07-23 08:36 - 00859952 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-629881417-154295765-3782477037-1005-0.dat
2014-07-09 03:23 - 2013-07-23 08:36 - 00319694 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-07-09 03:07 - 2010-02-23 23:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-07-09 03:03 - 2013-07-13 23:09 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-09 03:00 - 2009-06-01 23:44 - 93585272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-08 20:10 - 2012-05-10 23:20 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-07-08 20:10 - 2011-06-14 22:50 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-07-08 16:45 - 2014-03-14 21:29 - 00000224 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

Some content of TEMP:
====================
C:\Documents and Settings\Idalberto\Local Settings\temp\Quarantine.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

Addition.txt log

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:8-08-2014
Ran by Idalberto at 2014-08-07 22:55:15
Running from C:\Documents and Settings\Idalberto\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Sansa Media Converter (HKLM\...\{FC053571-8507-44E4-8B6D-AACEAB8CA57C}) (Version: 1.0-B4.256 - )
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Action Replay DSi Code Manager (HKLM\...\Action Replay DSi Code Manager_is1) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
allday savings (HKLM\...\B021CBBD-E38E-4F8C-8E93-6624B0597A23) (Version: 2.0.1 - allday savings) <==== ATTENTION
Amazon MP3 Downloader 1.0.15 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.15 - Amazon Services LLC)
AMD APP SDK Runtime (Version: 10.0.851.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{C4186C0D-FB9F-5D83-21FB-A737A13EFAE6}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
AnyDVD (HKLM\...\AnyDVD) (Version:  - SlySoft)
Apple Application Support (HKLM\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.009.0213.2137 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.59-090213a-076426C-Dell - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (Version: 13.30.1395.0 - Logitech) Hidden
Canon IJ Network Scan Utility (HKLM\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator EX 2.0 (HKLM\...\MP Navigator EX 2.0) (Version:  - )
Canon MP620 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series) (Version:  - )
Canon MP620 series User Registration (HKLM\...\Canon MP620 series User Registration) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center (Version: 2011.1205.2146.38999 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Core Implementation (Version: 2009.0213.2138.38808 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2009.0213.2138.38808 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2009.0213.2138.38808 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2009.0213.2138.38808 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2009.0213.2138.38808 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2011.1205.2146.38999 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2011.1205.2146.38999 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2009.0213.2138.38808 - ATI) Hidden
Catalyst Control Center Localization All (Version: 2011.1205.2146.38999 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2009.0213.2137.38808 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2009.0213.2137.38808 - ATI) Hidden
CCC Help English (Version: 2009.0213.2137.38808 - ATI) Hidden
CCC Help English (Version: 2011.1205.2145.38999 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2009.0213.2137.38808 - ATI) Hidden
CCC Help German (Version: 2009.0213.2137.38808 - ATI) Hidden
CCC Help Hungarian (Version: 2009.0213.2137.38808 - ATI) Hidden
CCC Help Italian (Version: 2009.0213.2137.38808 - ATI) Hidden
CCC Help Japanese (Version: 2009.0213.2137.38808 - ATI) Hidden
CCC Help Korean (Version: 2009.0213.2137.38808 - ATI) Hidden
CCC Help Portuguese (Version: 2009.0213.2137.38808 - ATI) Hidden
CCC Help Spanish (Version: 2009.0213.2137.38808 - ATI) Hidden
CCC Help Turkish (Version: 2009.0213.2137.38808 - ATI) Hidden
ccc-core-preinstall (Version: 2009.0213.2138.38808 - ATI) Hidden
ccc-core-static (Version: 2009.0213.2138.38808 - ATI) Hidden
ccc-utility (Version: 2009.0213.2138.38808 - ATI) Hidden
ccc-utility (Version: 2011.1205.2146.38999 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
CDCheck (HKLM\...\CDCheck) (Version:  - )
CDisplay 1.8 (HKLM\...\CDisplay_is1) (Version:  - dvd8n)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
CloneDVD2 (HKLM\...\CloneDVD2) (Version:  - Elaborate Bytes)
CloneDVDmobile (HKLM\...\CloneDVDmobile) (Version:  - SlySoft)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Consumer In-Home Service Agreement (HKLM\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version:  - Microsoft)
Dell DataSafe Online (HKLM\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0009 - Dell, Inc.)
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Driver Reset Tool (HKLM\...\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}) (Version: 1.02.0000 - Dell Inc.)
Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
Digimax Master (HKLM\...\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}) (Version: 1.0.31 - Samsung)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
DivxToDVD 0.5.2b (HKLM\...\VSO DivxToDVD_is1) (Version: 0.5.2b - VSO-Software SARL)
DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version:  - )
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
GIMP 2.6.10 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.10 - The GIMP Team)
HandBrake 0.9.8 (HKLM\...\HandBrake) (Version: 0.9.8 - )
iExplorer 3.2.3.3 (HKLM\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
Inkjet Printer/Scanner Extended Survey Program (HKLM\...\CANONIJPLM100) (Version:  - )
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
iPhone Configuration Utility (HKLM\...\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}) (Version: 2.1.0.163 - Apple Inc.)
iSEEK AnswerWorks English Runtime (HKLM\...\{9E5A03E3-6246-4920-9630-0527D5DA9B07}) (Version: 009.000.0002 - Vantage Linguistics)
iTunes (HKLM\...\{0A37EE62-9A58-420D-90CC-4E52153112EE}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (Version: 2.1.60.19 - Oracle, Inc.) Hidden
Java™ 6 Update 23 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216023FF}) (Version: 6.0.230 - Oracle)
Juniper Networks Secure Application Manager (HKLM\...\Neoteris_Secure_Application_Manager) (Version: 6.4.0.14811 - Juniper Networks)
Juniper Networks Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 2.0.2.5745 - Juniper Networks)
Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
LEGO Digital Designer (HKCU\...\New LEGO Digital Designer) (Version:  - )
Logitech Harmony Remote Software 7 (HKLM\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Logitech Harmony Remote Software 7 (Version: 7.7.0.0 - Logitech) Hidden
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS Facebook (Version: 13.30.1346.0 - Logitech) Hidden
LWS Gallery (Version: 13.30.1379.0 - Logitech) Hidden
LWS Help_main (Version: 13.30.1396.0 - Logitech) Hidden
LWS Launcher (Version: 13.30.1379.0 - Logitech) Hidden
LWS Motion Detection (Version: 13.30.1395.0 - Logitech) Hidden
LWS Pictures And Video (Version: 13.30.1395.0 - Logitech) Hidden
LWS Twitter (Version: 13.30.1346.0 - Logitech) Hidden
LWS Video Mask Maker (Version: 13.30.1379.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
LWS Webcam Software (Version: 13.30.1379.0 - Logitech) Hidden
LWS WLM Plugin (Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (Version: 13.30.1346.0 - Logitech) Hidden
MakeMKV v1.7.10 (HKLM\...\MakeMKV) (Version: v1.7.10 - GuinpinSoft inc)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Media Go (HKLM\...\{9EC63FE1-D017-460D-90B1-CCC97239AF73}) (Version: 1.5.304 - Sony)
Media Go Video Playback Engine 1.84.102.07010 (HKLM\...\{34EF7358-ABC7-8469-5FB6-C5C0146F099E}) (Version: 1.84.102.07010 - Sony)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Download Manager (HKLM\...\{654977DB-0001-0002-0001-EABD228DDE8B}) (Version: 1.2.1 - Microsoft Corporation)
Microsoft IntelliPoint 7.0 (HKLM\...\{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3}) (Version: 7.0.260.0 - Microsoft)
Microsoft IntelliType Pro 7.0 (HKLM\...\{94A065E8-455D-41C1-AF1F-F0C1AF8F50F3}) (Version: 7.0.260.0 - Microsoft)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 14 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.7 (HKLM\...\Wudf01007) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version:  - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
mkv2vob (HKLM\...\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}) (Version: 2.4.6 - 3r1c)
MobileMe Control Panel (HKLM\...\{710BF966-43C8-4216-A8EC-BC4E169FF7C1}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSRedist (Version: 1.0.0.0 - Symantec Corporation) Hidden
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB927977) (HKLM\...\{5A710547-B58E-488B-828D-CA9A25A0533C}) (Version: 6.00.3890.0 - Microsoft Corporation)
MyTomTom 3.2.0.1116 (HKLM\...\MyTomTom) (Version: 3.2.0.1116 - TomTom)
Nero 7 Ultra Edition (HKLM\...\{98EFD8F0-08DE-48DB-B922-A2EBAB711033}) (Version: 7.03.1151 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
Norton Identity Safe (HKLM\...\NST) (Version: 2014.7.3.12 - Symantec Corporation)
Norton Internet Security (HKLM\...\NIS) (Version: 21.4.0.13 - Symantec Corporation)
Novacomd (HKLM\...\{BA9A297F-0198-4EE8-90CB-F5036C180E1D}) (Version: 1.0.0.73 - Palm, Inc.)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
PlayStation®Network Downloader (HKLM\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 2.03.00126 - Sony Computer Entertainment Inc.)
PlayStation®Store (HKLM\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 3.2.11.09227 - Sony Computer Entertainment Inc.)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.1 - Dell)
PrinterShare 2.3.08 (HKLM\...\{5254CEC5-B126-4DA4-A744-F4DC51B5030D}) (Version: 2.3.8.0 - Printer Anywhere Inc.)
PrintKey2000 (HKLM\...\PrintKey2000) (Version:  - )
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - Realtek Semiconductor Corp.)
Remote Control USB Driver (HKLM\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rhapsody MP3 Download Manager (HKLM\...\{A3D44AD8-D3C9-45E4-B861-3B653C6EF620}) (Version: 1.0.4.219 - RealNetworks)
Roxio Creator Audio (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Roxio Creator DE (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden
Roxio Update Manager (Version: 6.0.0 - Roxio) Hidden
SAMSUNG PC Share Manager (HKLM\...\InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}) (Version: 4.0 - SAMSUNG)
SAMSUNG PC Share Manager (Version: 4.0 - SAMSUNG) Hidden
Samsung USB Driver (HKLM\...\{713E5AB1-2389-43A6-8313-CB4D3C44C4FA}) (Version:  - )
Sandboxie 3.72 (32-bit) (HKLM\...\Sandboxie) (Version: 3.72 - SANDBOXIE L.T.D)
Security & Shopping Advisor (HKLM\...\SecurityAndShoppingAdvisor) (Version: 1.0 - )
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
SharePort Utility (HKLM\...\SharePort Utility) (Version: 1.1.0 - D-Link Corporation)
Skins (Version: 2009.0213.2138.38808 - ATI) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SlimCleaner (HKLM\...\{EDD1A5E4-AB02-4FB9-8579-FE5BB460D8BA}) (Version: 3.0.23129 - SlimWare Utilities, Inc.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
TurboTax 2009 (HKLM\...\TurboTax 2009) (Version:  - Intuit, Inc)
TurboTax 2009 WinPerFedFormset (Version: 009.000.1925 - Intuit Inc.) Hidden
TurboTax 2009 WinPerReleaseEngine (Version: 009.000.0316 - Intuit Inc.) Hidden
TurboTax 2009 WinPerTaxSupport (Version: 009.000.0234 - Intuit Inc.) Hidden
TurboTax 2009 wrapper (Version: 009.000.0145 - Intuit Inc.) Hidden
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 1.9.18 - Tweaking.com)
Unity Web Player (HKLM\...\UnityWebPlayer) (Version: 2.5.1f5_24931 - Unity Technologies ApS)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951618-v2) (HKLM\...\KB951618-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player 1.0.0 (HKLM\...\VLC media player) (Version: 1.0.0 - VideoLAN Team)
VSO CopyToDVD 4 (HKLM\...\{870F1750-BA89-11DA-A94D-0800200C9A66}_is1) (Version: 4.0.5 - VSO Software)
WebEx Support Manager for Internet Explorer (HKLM\...\{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}) (Version: 6.5.4917 - WebEx Communications Inc.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Driver Package - Palm (WinUSB) Palm Devices  (10/09/2009 1.0.1) (HKLM\...\332CCC08910F1AE2E4D90D25DEDE87E3EF797832) (Version: 10/09/2009 1.0.1 - Palm)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Communications Platform (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 14.0.8051.1204 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows Presentation Foundation (Version: 3.0.6920.0 - Microsoft Corporation) Hidden
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WMP Tag Plus 1.2 (HKLM\...\{80C3019B-3BA4-4674-AC90-A0B402593BA5}_is1) (Version: 1.2 - BM-productions)
Wondershare Dr.Fone for iOS(Build 4.5.1.6) (HKLM\...\{A26F8BBD-EC10-4bdc-8AD8-F146825A8A63}_is1) (Version: 4.5.1.6 - Wondershare Software Co.,Ltd.)
WOT for Internet Explorer (HKLM\...\{DCAEC601-735C-41AE-B84F-D792F09FB7D1}) (Version: 12.8.2.0 - WOT Services Oy)
Xiph.Org Open Codecs 0.84.17315 (HKLM\...\Open Codecs) (Version: 0.84.17315 - Xiph.Org)
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
XviD4PSP 5.0 (HKLM\...\XviD4PSP5) (Version: 5.0.37.8 r132 - Winnydows 2007-2008 and FCP-team 2009-2010)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-629881417-154295765-3782477037-1005_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-629881417-154295765-3782477037-1005_Classes\CLSID\{5C4094D7-4213-4C40-9E33-16A2D2D69EF2}\InprocServer32 -> C:\Program Files\Sony\PlayStation Store\StoreDrmUtility.dll (Sony Computer Entertainment Inc.)
CustomCLSID: HKU\S-1-5-21-629881417-154295765-3782477037-1005_Classes\CLSID\{7ad3508e-238c-584c-9c26-b0d3417ae12f}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-629881417-154295765-3782477037-1005_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-629881417-154295765-3782477037-1005_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-629881417-154295765-3782477037-1005_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-629881417-154295765-3782477037-1005_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-629881417-154295765-3782477037-1005_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-629881417-154295765-3782477037-1005_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-629881417-154295765-3782477037-1005_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-629881417-154295765-3782477037-1005_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-629881417-154295765-3782477037-1005_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-629881417-154295765-3782477037-1005_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-629881417-154295765-3782477037-1005_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-629881417-154295765-3782477037-1005_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)

==================== Restore Points  =========================

11-05-2014 01:06:23 System Checkpoint
12-05-2014 01:37:21 System Checkpoint
13-05-2014 02:37:21 System Checkpoint
14-05-2014 02:19:08 Software Distribution Service 3.0
15-05-2014 02:37:21 System Checkpoint
16-05-2014 23:40:51 System Checkpoint
17-05-2014 02:46:38 Installed Java 7 Update 55
18-05-2014 03:30:06 System Checkpoint
19-05-2014 04:07:23 System Checkpoint
20-05-2014 05:01:40 System Checkpoint
21-05-2014 06:01:40 System Checkpoint
22-05-2014 16:12:40 System Checkpoint
23-05-2014 16:55:31 System Checkpoint
24-05-2014 17:29:01 System Checkpoint
25-05-2014 18:20:26 System Checkpoint
26-05-2014 20:00:37 System Checkpoint
27-05-2014 20:27:21 System Checkpoint
28-05-2014 21:26:16 System Checkpoint
29-05-2014 22:26:17 System Checkpoint
30-05-2014 22:46:31 System Checkpoint
31-05-2014 23:34:03 System Checkpoint
02-06-2014 00:41:50 System Checkpoint
03-06-2014 01:35:19 System Checkpoint
04-06-2014 01:57:04 System Checkpoint
05-06-2014 02:57:05 System Checkpoint
06-06-2014 03:57:03 System Checkpoint
07-06-2014 04:57:04 System Checkpoint
08-06-2014 05:57:04 System Checkpoint
09-06-2014 06:57:04 System Checkpoint
10-06-2014 07:57:08 System Checkpoint
11-06-2014 08:57:10 System Checkpoint
12-06-2014 01:04:22 Removed PrinterShare 2.3.06
12-06-2014 01:04:48 Printer Driver PrinterShare Installed
12-06-2014 01:41:05 Software Distribution Service 3.0
13-06-2014 02:59:48 Revo Uninstaller's restore point - TidyNetwork
13-06-2014 03:03:23 Revo Uninstaller's restore point - DesktopWeatherAlerts
13-06-2014 03:06:11 Revo Uninstaller's restore point - Search Protect
14-06-2014 03:36:06 System Checkpoint
15-06-2014 04:36:05 System Checkpoint
15-06-2014 16:24:43 Revo Uninstaller's restore point - Norton Internet Security
16-06-2014 17:03:42 System Checkpoint
17-06-2014 23:01:44 System Checkpoint
18-06-2014 23:03:41 System Checkpoint
20-06-2014 01:24:25 System Checkpoint
21-06-2014 04:23:47 System Checkpoint
22-06-2014 05:03:41 System Checkpoint
23-06-2014 05:57:44 System Checkpoint
24-06-2014 06:57:44 System Checkpoint
25-06-2014 07:00:00 System Checkpoint
26-06-2014 07:59:59 System Checkpoint
27-06-2014 08:59:57 System Checkpoint
28-06-2014 09:59:57 System Checkpoint
28-06-2014 16:27:17 Installed Java™ 6 Update 23
28-06-2014 16:40:36 Installed Java 7 Update 60
28-06-2014 17:05:49 Installed Java™ 6 Update 23
29-06-2014 17:41:02 System Checkpoint
30-06-2014 20:33:35 System Checkpoint
02-07-2014 00:37:18 System Checkpoint
03-07-2014 02:11:56 System Checkpoint
04-07-2014 02:38:31 System Checkpoint
05-07-2014 03:33:33 System Checkpoint
06-07-2014 04:33:48 System Checkpoint
07-07-2014 05:33:32 System Checkpoint
08-07-2014 06:33:33 System Checkpoint
09-07-2014 07:00:36 Software Distribution Service 3.0
10-07-2014 07:28:27 System Checkpoint
11-07-2014 07:45:52 System Checkpoint
12-07-2014 16:00:30 System Checkpoint
13-07-2014 16:38:11 System Checkpoint
14-07-2014 17:36:40 System Checkpoint
15-07-2014 18:36:40 System Checkpoint
16-07-2014 18:37:45 System Checkpoint
17-07-2014 19:36:41 System Checkpoint
18-07-2014 20:36:40 System Checkpoint
20-07-2014 01:59:35 System Checkpoint
21-07-2014 02:36:41 System Checkpoint
22-07-2014 03:36:41 System Checkpoint
23-07-2014 04:37:49 System Checkpoint
24-07-2014 05:36:40 System Checkpoint
24-07-2014 07:00:15 Software Distribution Service 3.0
25-07-2014 07:56:37 System Checkpoint
26-07-2014 08:44:55 System Checkpoint
27-07-2014 09:44:55 System Checkpoint
28-07-2014 23:01:10 System Checkpoint
29-07-2014 23:49:27 System Checkpoint
31-07-2014 00:49:27 System Checkpoint
01-08-2014 01:49:27 System Checkpoint
02-08-2014 01:50:32 System Checkpoint
02-08-2014 15:14:29 Installed DirectX
03-08-2014 19:41:51 System Checkpoint
04-08-2014 15:09:36 Installed LogMeIn Hamachi
05-08-2014 16:17:08 System Checkpoint
06-08-2014 02:09:09 Removed LogMeIn Hamachi
06-08-2014 02:13:34 Revo Uninstaller's restore point - OBRONA BlockAds
06-08-2014 02:19:00 Revo Uninstaller's restore point - MyPC Backup
07-08-2014 02:35:53 Revo Uninstaller's restore point - Garry's Mod
07-08-2014 02:48:25 Revo Uninstaller's restore point - Steam
07-08-2014 02:48:38 Removed Steam
07-08-2014 03:13:11 Norton_Power_Eraser_20140806231307000

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-25 12:16 - 2014-08-05 23:02 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job => C:\Program Files\Microsoft IntelliPoint\ipoint.exe
Task: C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job => C:\Program Files\Microsoft IntelliType Pro\itype.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{1A9E4D16-12C5-44D5-8E2C-050C0746948A}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2010-07-16 17:23 - 2010-07-16 17:23 - 06638080 _____ () C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
2010-05-13 14:39 - 2010-05-13 14:39 - 00672782 _____ () C:\Program Files\Samsung\SAMSUNG PC Share Manager\avformat-52.dll
2010-05-13 14:39 - 2010-05-13 14:39 - 04434958 _____ () C:\Program Files\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll
2010-05-13 14:39 - 2010-05-13 14:39 - 00069134 _____ () C:\Program Files\Samsung\SAMSUNG PC Share Manager\avutil-50.dll
2010-02-04 16:45 - 2010-02-04 16:45 - 00335360 _____ () C:\Program Files\Samsung\SAMSUNG PC Share Manager\PCAutoChapterLib.dll
2009-07-13 15:14 - 2009-07-13 15:14 - 00147456 _____ () C:\Program Files\Samsung\SAMSUNG PC Share Manager\libexpat.dll
2010-05-13 14:39 - 2010-05-13 14:39 - 00131086 _____ () C:\Program Files\Samsung\SAMSUNG PC Share Manager\swscale-0.dll
2010-01-20 10:48 - 2010-01-20 10:48 - 00057856 _____ () C:\Program Files\Samsung\SAMSUNG PC Share Manager\lang.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-06-09 15:15 - 2010-06-09 15:15 - 00417906 _____ () C:\Program Files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
2013-05-21 23:39 - 2008-01-22 13:35 - 00103808 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2010-03-16 22:04 - 2010-03-16 22:04 - 00854016 _____ () C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2010-03-16 22:04 - 2010-03-16 22:04 - 00471040 _____ () C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-02-13 01:37 - 2014-02-13 01:37 - 00284160 _____ () C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\9db6b25969876689b6c24e55cafd26bb\VistaBridgeLibrary.ni.dll
2010-05-07 18:35 - 2010-05-07 18:35 - 02143576 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2010-05-07 18:35 - 2010-05-07 18:35 - 07954776 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2010-05-07 18:36 - 2010-05-07 18:36 - 00340824 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2010-05-07 18:37 - 2010-05-07 18:37 - 00027480 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2010-05-07 18:37 - 2010-05-07 18:37 - 00126808 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2012-01-01 19:05 - 2010-05-20 23:50 - 00180224 ____N () C:\Program Files\D-Link\SharePort Utility\Svlscapi.dll
2013-02-14 16:46 - 2013-02-14 16:46 - 01044048 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/07/2014 10:31:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister   26 De\032La\032Torre\032Family\032Computer._printershare._tcp.local. SRV 0 0 13924 HomeComputer.local.

Error: (08/07/2014 10:31:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.106:5353   26 De\032La\032Torre\032Family\032Computer._printershare._tcp.local. SRV 0 0 25654 HomeComputer.local.

Error: (08/07/2014 10:31:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing:   26 De\032La\032Torre\032Family\032Computer._printershare._tcp.local. SRV 0 0 13924 HomeComputer.local.

Error: (08/07/2014 10:31:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ResolveSimultaneousProbe: 00000000 Our Record 3 lost: 57977DA9   26 De\032La\032Torre\032Family\032Computer._printershare._tcp.local. SRV 0 0 13924 HomeComputer.local.

Error: (08/07/2014 10:31:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ResolveSimultaneousProbe: 003E75A8 Pkt Record:        57977DA9   26 De\032La\032Torre\032Family\032Computer._printershare._tcp.local. SRV 0 0 25654 HomeComputer.local.

Error: (08/07/2014 10:31:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ResolveSimultaneousProbe: 00000000 Our Record 3 lost: 57977DA9   26 De\032La\032Torre\032Family\032Computer._printershare._tcp.local. SRV 0 0 13924 HomeComputer.local.

Error: (08/07/2014 10:31:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ResolveSimultaneousProbe: 003E75A8 Pkt Record:        57977DA9   26 De\032La\032Torre\032Family\032Computer._printershare._tcp.local. SRV 0 0 25654 HomeComputer.local.

Error: (08/07/2014 10:31:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ResolveSimultaneousProbe: 00000000 Our Record 2 won:  57977DA9   26 De\032La\032Torre\032Family\032Computer._printershare._tcp.local. SRV 0 0 25654 HomeComputer.local.

Error: (08/07/2014 10:31:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ResolveSimultaneousProbe: 003E75A8 Pkt Record:        57977DA9   26 De\032La\032Torre\032Family\032Computer._printershare._tcp.local. SRV 0 0 13924 HomeComputer.local.

Error: (08/07/2014 10:31:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ResolveSimultaneousProbe: 00000000 Our Record 3 lost: 57977DA9   26 De\032La\032Torre\032Family\032Computer._printershare._tcp.local. SRV 0 0 13924 HomeComputer.local.

System errors:
=============
Error: (08/07/2014 09:34:17 PM) (Source: 0) (EventID: 4) (User: )
Description:

Error: (08/07/2014 00:26:29 PM) (Source: 0) (EventID: 4) (User: )
Description:

Error: (08/07/2014 00:18:17 AM) (Source: 0) (EventID: 4) (User: )
Description:

Error: (08/06/2014 00:02:32 PM) (Source: 0) (EventID: 4) (User: )
Description:

Error: (08/06/2014 00:02:23 AM) (Source: 0) (EventID: 4) (User: )
Description:

Error: (08/05/2014 11:00:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The World Wide Web Publishing service terminated unexpectedly.  It has done this 4 time(s).

Error: (08/05/2014 11:00:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Simple Mail Transfer Protocol (SMTP) service terminated unexpectedly.  It has done this 4 time(s).

Error: (08/05/2014 11:00:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IIS Admin service terminated unexpectedly.  It has done this 4 time(s).  The following corrective action will be taken in 1 milliseconds: Run the configured recovery program.

Error: (08/05/2014 10:58:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The World Wide Web Publishing service terminated unexpectedly.  It has done this 3 time(s).

Error: (08/05/2014 10:58:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Simple Mail Transfer Protocol (SMTP) service terminated unexpectedly.  It has done this 3 time(s).

Microsoft Office Sessions:
=========================
Error: (09/21/2010 10:19:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 6Microsoft Office Outlook12.0.6539.500012.0.6425.1000310300

Error: (09/07/2010 09:20:15 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 6Microsoft Office Outlook12.0.6535.500512.0.6425.10008660

Error: (07/29/2010 11:18:33 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 6Microsoft Office Outlook12.0.6535.500512.0.6425.1000350240

Error: (06/11/2010 01:04:04 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 6Microsoft Office Outlook12.0.6514.500012.0.6425.1000519420

Error: (05/16/2010 08:45:16 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 6Microsoft Office Outlook12.0.6514.500012.0.6425.1000601540

Error: (04/18/2010 02:46:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 6Microsoft Office Outlook12.0.6514.500012.0.6425.1000540

Error: (04/09/2010 09:25:27 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 6Microsoft Office Outlook12.0.6514.500012.0.6425.1000350

Error: (04/08/2010 09:30:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 6Microsoft Office Outlook12.0.6514.500012.0.6425.10008260

Error: (04/02/2010 10:27:48 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 6Microsoft Office Outlook12.0.6514.500012.0.6425.100014560

Error: (03/23/2010 07:13:36 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: 6Microsoft Office Outlook12.0.6514.500012.0.6425.10009260

==================== Memory info ===========================

Percentage of memory in use: 32%
Total physical RAM: 3070.98 MB
Available physical RAM: 2060.42 MB
Total Pagefile: 4957.18 MB
Available Pagefile: 3892.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1938.21 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:288.25 GB) (Free:35.84 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: A42D04A3)
Partition 1: (Not Active) - (Size=71 MB) - (Type=DE)
Partition 2: (Active) - (Size=288 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=DB)

==================== End Of Log ============================

 

The computer seems to be working better now. No popups or ads are showing. Let me know what to do next.

Thank you very much for all your help.

Regards,

Idalberto



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:00 PM

Posted 08 August 2014 - 09:49 AM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Attached File  fixlist.txt   679bytes   3 downloads

 

 

How is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 idalman64

idalman64
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Miami, FL.
  • Local time:09:00 PM

Posted 11 August 2014 - 11:32 PM

Hello Fireman4it, here is the results of the fixlog.txt :

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:11-08-2014
Ran by Idalberto at 2014-08-12 00:28:25 Run:1
Running from C:\Documents and Settings\Idalberto\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
FF HKCU\...\Firefox\Extensions: [{2B665A81-579B-381D-3488-5989CCC97176}] - C:\Program Files\ver5TheBestDeals\176.xpi
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

 

 

 

 

 

 

 

 

allday savings (HKLM\...\B021CBBD-E38E-4F8C-8E93-6624B0597A23) (Version: 2.0.1 - allday savings) <==== ATTENTION
*****************

HKCU\Software\Mozilla\Firefox\Extensions\\{2B665A81-579B-381D-3488-5989CCC97176} => value deleted successfully.
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.) => Error: No automatic fix found for this entry.
MREMPR5 => Service deleted successfully.
MRENDIS5 => Service deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys" => Key deleted successfully.
allday savings (HKLM\...\B021CBBD-E38E-4F8C-8E93-6624B0597A23) (Version: 2.0.1 - allday savings) <==== ATTENTION => Error: No automatic fix found for this entry.

==== End of Fixlog ====

 

Compurter continues to be working fine. No more popups or ads showing up on both browsers. Let me know the next step at your convenience.

Thanks again for all your help.

Regards,

Idalberto



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:00 PM

Posted 12 August 2014 - 06:53 PM

Lets check for any leftovers.

 

1.

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
     
    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
     
    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.
     
    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
     
    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
     
    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and past the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

 

2.

 ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats IS checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:00 PM

Posted 15 August 2014 - 05:38 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 1-2 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 idalman64

idalman64
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Miami, FL.
  • Local time:09:00 PM

Posted 17 August 2014 - 10:14 PM

Hello Fireman4it. I was on vacation since Tuesday and I got back earlier today. My son starts school tomorrow so I will be logging off early.  I will run the last steps you sent last Tuesday tomorrow night and reply accordingly.

Sorry for not replying earlier and thanks again for following up.

Regards,

Idalberto



#9 idalman64

idalman64
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Miami, FL.
  • Local time:09:00 PM

Posted 19 August 2014 - 09:52 PM

Hello Fireman4Iit. Here is the Malwarebytes log contents:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/18/2014
Scan Time: 10:37:57 PM
Logfile: Malwarebytes log 08182014.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.19.02
Rootkit Database: v2014.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Idalberto

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 424367
Time Elapsed: 12 min, 48 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.AllDaySavings, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\B021CBBD-E38E-4F8C-8E93-6624B0597A23, Quarantined, [85e97f49017ab87ea80eb1980400926e],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.AdPeak.A, C:\Program Files\B021CBBD-E38E-4F8C-8E93-6624B0597A23, Quarantined, [8ce2a028364564d266d931adfd05b24e],

Files: 1
PUP.Optional.AdPeak.A, C:\Program Files\B021CBBD-E38E-4F8C-8E93-6624B0597A23\uninstaller.exe, Quarantined, [8ce2a028364564d266d931adfd05b24e],

Physical Sectors: 0
(No malicious items detected)

(end)

 

I tried running the ESET online scanner but it froze at 38 percent with no malicious items found. I am going to try to run it on Firefox to see if it completes and I will post the log tomorrow..

Thanks again for all your help.

REgards,

Idalberto



#10 idalman64

idalman64
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Miami, FL.
  • Local time:09:00 PM

Posted 20 August 2014 - 09:59 PM

Hello Fireman4it, here is the log results from the ESET scan. Computer seems to be running fine with no issues detected on both browsers. Let me know what steps if any are next.

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ae4815f4586d26438705ad44cacf8c62
# engine=19742
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-20 04:30:18
# local_time=2014-08-20 12:30:18 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode_1='Norton Internet Security'
# compatibility_mode=3597 16777213 100 100 0 171015603 0 0
# scanned=144772
# found=1
# cleaned=1
# scan_time=4073
sh=559F4E252BFC47C41D9E7CF5C4C89C92DC55B683 ft=1 fh=8b0bf2daf836894b vn="a variant of Win32/InstallCore.D potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Idalberto\Desktop\cnet_MetaXSetup_msi.exe"
 

Thanks again for all your help.

Regards,

Idalberto



#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:00 PM

Posted 21 August 2014 - 06:44 PM

Hello, idalman64.
Congratulations! You now appear clean! :cool:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess

 

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

  • Download OTC by OldTimer and save it to your desktop.
  • Double click OTC_Icon.jpg icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big CleanUp.jpg button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.


Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.

 

 

One of the most common questions found when cleaning malware is "how did my machine get infected?"

There are a variety of reasons, but the most common ones are that you are not practicing Safe Internet, you are not running the proper security software or that your computer's security settings are set too low.

Below I have outlined a series of categories that outline how you can increase the security of your computer to help reduce the chance of being infected again in the future.

Do not use P2P programs
Peer-to-peer or file-sharing programs (such as uTorrent, Limewire and Bitorrent) are probably the primary route of infection nowadays. These programs allow file sharing between users as the name(s) suggest.  It is almost impossible to know whether the file you’re downloading through P2P programs is safe.

It is therefore possible to be infected by downloading infected files via peer-to-peer programs and so I recommend that you do not use these programs. Should you wish to use them, they must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

In addition, P2P programs facilitate cyber crime and help distribute pirated software, movies and other illegal material.

Practice Safe Internet
Another one of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on.  Whether these things are files or sites it doesn't really matter.  If something is out to get you, and you click on it, it most likely will. 

Below are a list of simple precautions to take to keep your computer clean and running securely:

  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that.  Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean.  For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is.  The email could be from someone you know who is themselves infected with malware which is trying to infect everyone in their address book. A key thing to look out for here is: does the email sound as though it’s from the person you know? Often, the email may simply have a web link or a “Run this file to make your PC run fast” message in it.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!.  These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software.  For an example of these types of pop-ups, or Foistware, you should read this article: Foistware, And how to avoid it.
    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. Removal instructions for a lot of these "rogues" can be found here.
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message  or alert.  When you click on them, though, they instead bring you to another site that is trying to push a product on you, or will download a file to your PC without your knowledge.  You can check to see if it's a real alert by right-clicking on the window.  If there is a menu that comes up saying Add to Favorites... you know it's a fake. DO NOT click on these windows, instead close them by finding the open window on your http://en.wikipedia.org/wiki/Taskbar#Screenshots '>Taskbar, right click and chose close.
  • Do not visit pornographic websites.  I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites.  I am not saying all adult sites do this, but a lot do, as this can often form part of their funding.
  • When using an Instant Messaging program be cautious about clicking on links people send to you.  It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection.  Instead when you receive a message that contains a link you should message back to the person asking if it is legit.
  • Stay away from Warez and Crack sites! As with Peer-2-Peer programs, in addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download files from a site, and are not sure if they are legitimate, you can use tools such as BitDefender Traffic Light, Norton Safe Web, or McAfee SiteAdvisor to look up info on the site and stay protected against malicious sites. Please be sure to only choose and install one of those tool bars.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money.  By reading the agreement there is a good chance you can spot this and not install the software.
    Sometimes even legitimate programs will try to bundle extra, unwanted, software with the program you want - this is done to raise money for the program. Be sure to untick any boxes which may indicate that other programs will be downloaded.


Keep Windows up-to-date
Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure.

  • Windows XP users
    You should visit Windows Update to check for the latest updates to your system. The latest service pack (SP3) can be obtained directly from Microsoft here.
  • Windows Vista users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP2) can be obtained directly from Microsoft here.
  • Windows 7 users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP1) can be obtained directly from Microsoft here



Keep your browser secure
Most modern browsers have come on in leaps and bounds with their inbuilt, default security. The best way to keep your browser secure nowadays is simply to keep it up-to-date.

The latest versions of the three common browsers can be found below:


Use an AntiVirus Software
It is very important that your computer has an up-to-date anti-virus software on it which has a real-time agent running.  This alone can save you a lot of trouble with malware in the future. 
See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources, a couple of free Anti-Virus programs you may be interested in are Microsoft Security Essentials and Avast.

It is imperative that you update your Antivirus software at least once a week (even more if you wish).  If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.  If you use a commercial antivirus program you must make sure you keep renewing your subscription.  Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

Use a Firewall
I can not stress how important it is that you use a Firewall on your computer.  Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

All versions of Windows starting from XP have an in-built firewall. With Windows XP this firewall will protect you from incoming traffic (i.e. hackers). Starting with Windows Vista, the firewall was beefed up to also protect you against outgoing traffic (i.e. malicious programs installed on your machine should be blocked from sending data, such as your bank details and passwords, out).

In addition, if you connect to the internet via a router, this will normally have a firewall in-built.

Some people will recommend installing a different firewall (instead of the Windows’ built one), this is personal choice, but the message is to definitely have one! For a tutorial on Firewalls and a listing of some available ones see this link: Understanding and Using Firewalls

Install an Anti-Malware program
Recommended, and free, Anti-Malware programs are Malwarebytes Anti-Malware and SuperAntiSpyware.

You should regularly (perhaps once a week) scan your computer with an Anti-Malware program just as you would with an antivirus software.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.  Therefore, it is very important to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities (such as Adobe Reader and Java).  You can check these by visiting Secunia Software Inspector.

Follow this list and your potential for being infected again will reduce dramatically.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 idalman64

idalman64
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Miami, FL.
  • Local time:09:00 PM

Posted 21 August 2014 - 10:26 PM

Fireman4IT, Everything seems to be running fine. I will show this entier dialogue to my son so he can understand what can happen when you are on the internet and you are careless. I am doing most of the things you recommend and will try to incorporate any I may not be doing.

Thank you again for all you assistance.

Regards,

Idalberto



#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:00 PM

Posted 23 August 2014 - 04:26 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users