Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not sure whats wrong.. Computer running slow.. Malware detected 347 threats


  • Please log in to reply
6 replies to this topic

#1 stubby97

stubby97

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:37 AM

Posted 14 October 2014 - 04:34 PM

Do not know what to do next.. I want to clean computer.. there are 2 xp operating systems on this computer.. One on C: Drive and One on D:Drive....

 

I get a Warning Unresponsive plug-in all the time... ?????

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.67.2
Run by Owner at 14:04:31 on 2014-10-14
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1022.177 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\qttask.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com
mStart Page = about:blank
mSearch Bar = hxxp://www.google.com
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [KGShareApp] c:\program files\kodak\kodak share button app\KGShare_App.exe
uRun: [HitsBlender] "c:\program files\hitsblender\hitsblender.exe" -m
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [KodakShareButtonApp] c:\program files\kodak\kodak share button app\Listener.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "d:\program files\qttask.exe" -atboottime
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [EPSON Stylus CX4200 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series"

/O6 "USB002" /M "Stylus CX4200"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\smartm~1.lnk - c:\program

files\smartmediaconverter\SmartMediaConverterApp.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - LocalServer32 - <no file>
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: dell.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1110960978312
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {C6B95BE9-4373-4BF8-9D18-9FCEAE5563F0} -

hxxps://col0-sec.mail.live.com/mail/MailMigrationCabFileHolder.aspx?n=1864943381
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{2BA3F0B6-003E-4E48-9EC4-F2D428589507} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{5471C59A-7BE5-482E-88CD-2DFD149E5A58} : DHCPNameServer = 192.168.1.254
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\x56r215a.default\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\skypewebplugin\3.1.15602.22612\npSkypeWebPlugin.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1212152.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_152.dll
FF - plugin: d:\program files\plugins\npqtplugin.dll
FF - plugin: d:\program files\plugins\npqtplugin2.dll
FF - plugin: d:\program files\plugins\npqtplugin3.dll
FF - plugin: d:\program files\plugins\npqtplugin4.dll
FF - plugin: d:\program files\plugins\npqtplugin5.dll
FF - plugin: d:\program files\plugins\npqtplugin6.dll
FF - plugin: d:\program files\plugins\npqtplugin7.dll
FF - ExtSQL: !HIDDEN! 2012-12-25 01:33; {20a82645-c095-46ed-80e3-08825760534b};

c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-6-18 231960]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-10-14 1871160]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-10-14 968504]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2007-5-23 547744]
R3 atinewp2;ATI eHomeWonder, WDM Video CODEC;c:\windows\system32\drivers\atinewp2.sys [2009-1-27 485888]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-10-28 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-10-14 114904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2013-1-6 13024]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2009-1-27 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache

4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 cpuz134;cpuz134;\??\c:\docume~1\owner\locals~1\temp\cpuz134\cpuz134_x32.sys -->

c:\docume~1\owner\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
UnknownUnknown mbamchameleon;mbamchameleon; [x]
.
=============== Created Last 30 ================
.
2014-10-14 19:51:27    114904    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-14 19:50:05    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-10-14 08:38:42    8806800    ----a-w-    c:\documents and settings\all users\application data\microsoft\microsoft

antimalware\definition updates\{ac49e46e-2ae9-429b-856f-971ecdfc8743}\mpengine.dll
2014-10-14 08:13:56    --------    d-----w-    c:\documents and settings\owner\AppData
2014-10-14 08:13:55    --------    d-----w-    c:\documents and settings\owner\local settings\application data\cache
2014-10-14 08:13:15    --------    d-----w-    c:\documents and settings\all users\application data\HitsBlender
2014-10-14 08:13:01    --------    d-----w-    c:\documents and settings\all users\application data\ef8c90d588ad58a2
2014-10-14 08:12:54    --------    d-----w-    c:\documents and settings\all users\application data\PriceLess
2014-10-14 08:12:24    --------    d-----w-    c:\documents and settings\owner\local settings\application

data\Comodo
2014-10-14 08:11:02    --------    d-----w-    c:\documents and settings\owner\application data\SimpleFiles
2014-10-14 01:40:48    --------    d-----w-    c:\program files\common files\Symantec Shared
2014-10-13 21:48:17    --------    d-----w-    c:\documents and settings\all users\application data\Norton
2014-10-13 06:11:00    8806800    ----a-w-    c:\documents and settings\all users\application data\microsoft\microsoft

antimalware\definition updates\backup\mpengine.dll
2014-10-04 22:02:11    501912    ----a-w-    c:\windows\system32\PICSDK2.dll
2014-10-04 22:02:10    80024    ----a-w-    c:\windows\system32\PICSDK.dll
2014-10-04 22:02:10    51360    ----a-w-    c:\windows\system32\EpPicPrt.dll
2014-10-04 22:02:10    51360    ----a-w-    c:\windows\system32\EpPicMgr.dll
2014-10-04 22:02:10    108704    ----a-w-    c:\windows\system32\PICEntry.dll
2014-10-04 22:01:20    34304    ----a-w-    c:\windows\system32\E_FBCHAEA.DLL
2014-10-04 22:01:19    79679    ----a-w-    c:\windows\system32\E_FLMAEA.DLL
2014-10-04 22:01:19    64000    ----a-w-    c:\windows\system32\E_FBCBAEA.DLL
2014-10-04 22:00:31    --------    d-----w-    c:\program files\epson
2014-10-04 22:00:30    46080    ----a-w-    c:\windows\system32\escimgd.dll
2014-10-04 22:00:30    29696    ----a-w-    c:\windows\system32\escwiad.dll
2014-10-04 22:00:30    22016    ----a-w-    c:\windows\system32\esccmd.dll
2014-09-25 19:15:59    114288    ----a-w-    c:\program files\mozilla firefox\crashreporter.exe
2014-09-25 19:15:57    74864    ----a-w-    c:\program files\mozilla firefox\breakpadinjector.dll
2014-09-25 19:15:57    47216    ----a-w-    c:\program files\mozilla firefox\browser\components\browsercomps.dll
2014-09-25 19:15:57    20080    ----a-w-    c:\program files\mozilla firefox\AccessibleMarshal.dll
.
==================== Find3M  ====================
.
2014-10-01 18:20:26    54360    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 18:20:20    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-09-24 01:50:30    701104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-09-24 01:50:27    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-22 06:41:56    231568    ------w-    c:\windows\system32\MpSigStub.exe
2014-08-17 05:46:10    96680    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-08-17 05:46:06    145408    ----a-w-    c:\windows\system32\javacpl.cpl
.
============= FINISH: 14:06:24.76 ===============

 

 



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:37 AM

Posted 19 October 2014 - 09:36 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?

#3 stubby97

stubby97
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:37 AM

Posted 21 October 2014 - 12:09 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-10-2014 01
Ran by Owner (administrator) on RICKSTUBBS on 20-10-2014 21:58:28
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profiles: Owner & Terri & Administrator & Guest (Available profiles: Owner & Terri & Administrator & Guest)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Computer, Inc.) D:\Program Files\qttask.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [71216 2007-03-14] (Cyberlink Corp.)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [570664 2008-05-28] (Nero AG)
HKLM\...\Run: [LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [52256 2007-01-08] ()
HKLM\...\Run: [KodakShareButtonApp] => C:\Program Files\Kodak\KODAK Share Button App\Listener.exe [108544 2012-10-11] (Eastman Kodak Company)
HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [339968 2004-08-25] (ATI Technologies, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] => D:\Program Files\qttask.exe [155648 2013-10-29] (Apple Computer, Inc.)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Winlogon: [UIHost] C:\WINDOWS\system32\logonui.exe [514560 2008-04-13] ( (Microsoft Corporation))
HKU\S-1-5-21-2457527537-3034892722-2725093329-1006\...\Run: [KGShareApp] => C:\Program Files\Kodak\KODAK Share Button App\KGShare_App.exe [394752 2012-10-11] (Eastman Kodak Company)
HKU\S-1-5-21-2457527537-3034892722-2725093329-1006\...\Run: [HitsBlender] => "C:\Program Files\HitsBlender\hitsblender.exe" -m
HKU\S-1-5-21-2457527537-3034892722-2725093329-1007\...\Run: [QuickTime Task] => D:\Program Files\qttask.exe [155648 2013-10-29] (Apple Computer, Inc.)
HKU\S-1-5-21-2457527537-3034892722-2725093329-1007\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-2457527537-3034892722-2725093329-1007\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2008-01-22] (Nero AG)
HKU\S-1-5-21-2457527537-3034892722-2725093329-1007\...\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] => 1
HKU\S-1-5-21-2457527537-3034892722-2725093329-500\...\RunOnce: [NeroHomeFirstStart] => C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [16680 2008-01-22] (Nero AG)
HKU\S-1-5-21-2457527537-3034892722-2725093329-501\...\Run: [QuickTime Task] => D:\Program Files\qttask.exe [155648 2013-10-29] (Apple Computer, Inc.)
HKU\S-1-5-21-2457527537-3034892722-2725093329-501\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2008-01-22] (Nero AG)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAE37D566C5F3CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
SearchScopes: HKCU - {E5D0B8E4-A518-4A2E-9EF6-E3E554B5AB5B} URL = http://search.yahoo.com/search?p={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {C6B95BE9-4373-4BF8-9D18-9FCEAE5563F0} https://col0-sec.mail.live.com/mail/MailMigrationCabFileHolder.aspx?n=1864943381
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2pqjj1pm.default-1413348957578
FF Homepage: https://www.facebook.com/?ref=tn_tnmn
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin.dll (Skype)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-01-27]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll No File
CHR Plugin: (Wajam) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hchkdglnjoagfcnikmcebkjlfbcbkhnm\10.16.340.9_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Conduit Radio Plugin) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hchkdglnjoagfcnikmcebkjlfbcbkhnm\10.16.340.9_0\plugins/np-cwmp.dll No File
CHR Plugin: (Conduit Chrome Approve TB Plugin) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hchkdglnjoagfcnikmcebkjlfbcbkhnm\10.16.340.9_0\plugins/ChromeApproveTBPlugin.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hchkdglnjoagfcnikmcebkjlfbcbkhnm\10.16.340.9_0\search/plugins/npConduitNewTabPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Citrix ICA Client) - C:\Program Files\Citrix\ICA Client\npicaN.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\WINDOWS\system32\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-13]
CHR Extension: (Google Search) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-13]
CHR Extension: (PriceLess) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ohkhaeonghodjakopcmfgaldfglkgojd [2014-10-14]
CHR Extension: (Gmail) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-13]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [389120 2004-08-25] ()
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-19] (Oracle Corporation)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S2 PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-05-13] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 A3AB; C:\WINDOWS\System32\DRIVERS\A3AB.sys [547744 2007-05-23] (D-Link Corporation)
R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2004-08-10] (Microsoft Corporation)
R3 atinewp2; C:\WINDOWS\System32\DRIVERS\atinewp2.sys [485888 2004-07-27] (ATI Technologies Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 COMMONFX.DLL; C:\WINDOWS\System32\COMMONFX.DLL [98600 2007-04-18] (Creative Technology Ltd)
S3 CT20XUT.DLL; C:\WINDOWS\System32\CT20XUT.DLL [164608 2007-04-12] (Creative Technology Ltd.)
R3 CTAUDFX.DLL; C:\WINDOWS\System32\CTAUDFX.DLL [546048 2007-04-12] (Creative Technology Ltd)
S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [347128 2007-04-10] (Creative Technology Ltd)
S3 CTEAPSFX.DLL; C:\WINDOWS\System32\CTEAPSFX.DLL [168192 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPFX.DLL; C:\WINDOWS\System32\CTEDSPFX.DLL [280320 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPIO.DLL; C:\WINDOWS\System32\CTEDSPIO.DLL [128768 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPSY.DLL; C:\WINDOWS\System32\CTEDSPSY.DLL [323328 2007-04-12] (Creative Technology Ltd)
S3 CTERFXFX.DLL; C:\WINDOWS\System32\CTERFXFX.DLL [94976 2007-04-12] (Creative Technology Ltd)
S3 CTEXFIFX.DLL; C:\WINDOWS\System32\CTEXFIFX.DLL [1317632 2007-04-12] (Creative Technology Ltd.)
S3 CTHWIUT.DLL; C:\WINDOWS\System32\CTHWIUT.DLL [66816 2007-04-12] (Creative Technology Ltd.)
R3 CTSBLFX.DLL; C:\WINDOWS\System32\CTSBLFX.DLL [560384 2007-04-12] (Creative Technology Ltd)
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
R3 ha10kx2k; C:\WINDOWS\System32\drivers\ha10kx2k.sys [797992 2007-04-10] (Creative Technology Ltd)
R3 hap16v2k; C:\WINDOWS\System32\drivers\hap16v2k.sys [163112 2007-04-10] (Creative Technology Ltd)
S3 hap17v2k; C:\WINDOWS\System32\drivers\hap17v2k.sys [189736 2007-04-10] (Creative Technology Ltd)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2014-10-20] (Malwarebytes Corporation)
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2012-06-11] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2012-06-11] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 mxnic; C:\WINDOWS\System32\DRIVERS\mxnic.sys [19968 2001-08-17] (Macronix International Co., Ltd.                                               )
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13024 2013-01-06] ()
S4 cpuz134; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 21:58 - 2014-10-20 21:59 - 00017369 _____ () C:\Documents and Settings\Owner\Desktop\FRST.txt
2014-10-20 21:58 - 2014-10-20 21:58 - 00000000 ____D () C:\FRST
2014-10-20 21:57 - 2014-10-20 21:57 - 01102336 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2014-10-20 19:18 - 2014-10-20 19:18 - 00011012 _____ () C:\Documents and Settings\Owner\Desktop\HitmanPro_20141020_1917.log
2014-10-19 23:31 - 2014-10-19 23:31 - 00006944 _____ () C:\Documents and Settings\Owner\Desktop\HitmanPro_20141019_2331.log
2014-10-19 03:31 - 2014-10-19 03:31 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-10-19 03:31 - 2014-10-19 03:30 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-10-19 03:31 - 2014-10-19 03:30 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-10-19 03:30 - 2014-10-19 03:30 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-10-19 03:30 - 2014-10-19 03:30 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-10-19 03:30 - 2014-10-19 03:30 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-10-19 03:30 - 2014-10-19 03:30 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-10-18 23:52 - 2014-10-18 23:52 - 00000000 ____D () C:\Program Files\HitmanPro
2014-10-18 01:24 - 2014-10-18 01:24 - 00002276 _____ () C:\Documents and Settings\Owner\My Documents\New Database2.odb
2014-10-17 18:27 - 2014-10-17 18:27 - 00000581 _____ () C:\Documents and Settings\Owner\Desktop\JRT.txt
2014-10-17 18:14 - 2014-10-17 18:14 - 00003094 _____ () C:\WINDOWS\system32\.crusader
2014-10-17 18:01 - 2014-10-17 18:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro
2014-10-17 17:44 - 2014-10-17 17:46 - 10280824 _____ (SurfRight B.V.) C:\Documents and Settings\Owner\Desktop\HitmanPro.exe
2014-10-16 22:26 - 2014-10-16 22:26 - 01705698 _____ (Thisisu) C:\Documents and Settings\Owner\Desktop\JRT(1).exe
2014-10-16 21:59 - 2014-10-16 22:00 - 01976320 _____ () C:\Documents and Settings\Owner\Desktop\adwcleaner_4.000.exe
2014-10-14 23:24 - 2014-10-14 23:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-14 21:56 - 2014-10-14 21:56 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Old Firefox Data
2014-10-14 15:03 - 2014-10-14 15:03 - 00000049 _____ () C:\MalwarebytesScan.txt
2014-10-14 14:06 - 2014-10-18 00:46 - 00026287 _____ () C:\Documents and Settings\Owner\Desktop\attach.txt
2014-10-14 14:06 - 2014-10-18 00:46 - 00010400 _____ () C:\Documents and Settings\Owner\Desktop\dds.txt
2014-10-14 14:02 - 2014-10-14 14:02 - 00688992 ____R (Swearware) C:\Documents and Settings\Owner\Desktop\dds.com
2014-10-14 12:51 - 2014-10-20 20:55 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-14 12:50 - 2014-10-14 12:50 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-14 12:50 - 2014-10-14 12:50 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-14 12:50 - 2014-10-14 12:50 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-14 12:49 - 2014-10-14 12:49 - 00000919 _____ () C:\Documents and Settings\Owner\Desktop\Shortcut to mbam-setup.exe.lnk
2014-10-14 01:13 - 2014-10-14 01:13 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\cache
2014-10-14 01:13 - 2014-10-14 01:13 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitsBlender
2014-10-14 01:13 - 2014-10-14 01:13 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ef8c90d588ad58a2
2014-10-14 01:12 - 2014-10-14 01:12 - 00000000 ____D () C:\Documents and Settings\Terri\Local Settings\Application Data\Comodo
2014-10-14 01:12 - 2014-10-14 01:12 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google
2014-10-14 01:12 - 2014-10-14 01:12 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo
2014-10-14 01:12 - 2014-10-14 01:12 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0
2014-10-14 01:12 - 2014-10-14 01:12 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Comodo
2014-10-14 01:12 - 2014-10-14 01:12 - 00000000 ____D () C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Comodo
2014-10-14 01:12 - 2014-10-14 01:12 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Comodo
2014-10-14 01:12 - 2014-10-14 01:12 - 00000000 ____D () C:\Documents and Settings\ASPNET\Local Settings\Application Data\Comodo
2014-10-14 01:12 - 2014-10-14 01:12 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo
2014-10-14 01:11 - 2014-10-14 01:11 - 00000000 ____D () C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google
2014-10-14 01:11 - 2014-10-14 01:11 - 00000000 ____D () C:\Documents and Settings\HelpAssistant
2014-10-14 01:11 - 2014-10-14 01:11 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Google
2014-10-14 01:11 - 2014-10-14 01:11 - 00000000 ____D () C:\Documents and Settings\ASPNET\Local Settings\Application Data\Google
2014-10-14 01:11 - 2014-10-14 01:11 - 00000000 ____D () C:\Documents and Settings\ASPNET
2014-10-14 01:11 - 2014-10-14 01:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-10-13 18:40 - 2014-10-14 01:25 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-10-13 14:48 - 2014-10-13 14:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Norton
2014-10-12 21:26 - 2014-10-12 21:26 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\LimeWire
2014-10-08 13:04 - 2014-10-08 13:04 - 00000218 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\recently-used.xbel
2014-10-06 15:47 - 2014-10-06 15:47 - 00000581 _____ () C:\Documents and Settings\Owner\Desktop\Shortcut to Pro Moving Services.lnk
2014-10-04 15:02 - 2014-10-04 15:02 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\InstallShield
2014-10-04 15:02 - 2006-10-31 00:10 - 00051360 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\EpPicPrt.dll
2014-10-04 15:02 - 2006-10-31 00:10 - 00051360 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\EpPicMgr.dll
2014-10-04 15:02 - 2006-10-31 00:10 - 00000097 _____ () C:\WINDOWS\system32\PICSDK.ini
2014-10-04 15:02 - 2006-10-20 00:10 - 00501912 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\PICSDK2.dll
2014-10-04 15:02 - 2006-10-20 00:10 - 00108704 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\PICEntry.dll
2014-10-04 15:02 - 2006-10-20 00:10 - 00080024 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\PICSDK.dll
2014-10-04 15:02 - 2004-03-03 06:10 - 00073220 _____ () C:\WINDOWS\system32\EPPICPrinterDB.dat
2014-10-04 15:02 - 2004-03-03 06:10 - 00031053 _____ () C:\WINDOWS\system32\EPPICPattern131.dat
2014-10-04 15:02 - 2004-03-03 06:10 - 00029114 _____ () C:\WINDOWS\system32\EPPICPattern1.dat
2014-10-04 15:02 - 2004-03-03 06:10 - 00027417 _____ () C:\WINDOWS\system32\EPPICPattern121.dat
2014-10-04 15:02 - 2004-03-03 06:10 - 00021021 _____ () C:\WINDOWS\system32\EPPICPattern3.dat
2014-10-04 15:02 - 2004-03-03 06:10 - 00015670 _____ () C:\WINDOWS\system32\EPPICPattern5.dat
2014-10-04 15:02 - 2004-03-03 06:10 - 00013280 _____ () C:\WINDOWS\system32\EPPICPattern2.dat
2014-10-04 15:02 - 2004-03-03 06:10 - 00012669 _____ () C:\WINDOWS\system32\EPPICLocal_EN.cfg
2014-10-04 15:02 - 2004-03-03 06:10 - 00010673 _____ () C:\WINDOWS\system32\EPPICPattern4.dat
2014-10-04 15:02 - 2004-03-03 06:10 - 00006478 _____ () C:\WINDOWS\system32\EPPICLocal_PT.cfg
2014-10-04 15:02 - 2004-03-03 06:10 - 00006478 _____ () C:\WINDOWS\system32\EPPICLocal_BP.cfg
2014-10-04 15:02 - 2004-03-03 06:10 - 00006366 _____ () C:\WINDOWS\system32\EPPICLocal_FR.cfg
2014-10-04 15:02 - 2004-03-03 06:10 - 00006366 _____ () C:\WINDOWS\system32\EPPICLocal_CF.cfg
2014-10-04 15:02 - 2004-03-03 06:10 - 00006226 _____ () C:\WINDOWS\system32\EPPICLocal_ES.cfg
2014-10-04 15:02 - 2004-03-03 06:10 - 00004943 _____ () C:\WINDOWS\system32\EPPICPattern6.dat
2014-10-04 15:02 - 2004-03-03 06:10 - 00001140 _____ () C:\WINDOWS\system32\EPPICPresetData_PT.dat
2014-10-04 15:02 - 2004-03-03 06:10 - 00001140 _____ () C:\WINDOWS\system32\EPPICPresetData_BP.dat
2014-10-04 15:02 - 2004-03-03 06:10 - 00001137 _____ () C:\WINDOWS\system32\EPPICPresetData_ES.dat
2014-10-04 15:02 - 2004-03-03 06:10 - 00001130 _____ () C:\WINDOWS\system32\EPPICPresetData_FR.dat
2014-10-04 15:02 - 2004-03-03 06:10 - 00001130 _____ () C:\WINDOWS\system32\EPPICPresetData_CF.dat
2014-10-04 15:02 - 2004-03-03 06:10 - 00001104 _____ () C:\WINDOWS\system32\EPPICPresetData_EN.dat
2014-10-04 15:01 - 2014-10-04 15:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\EPSON
2014-10-04 15:01 - 2004-11-25 05:07 - 00079679 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_FLMAEA.DLL
2014-10-04 15:01 - 2003-05-21 02:27 - 00064000 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_FBCBAEA.DLL
2014-10-04 15:01 - 2000-06-07 01:01 - 00034304 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_FBCHAEA.DLL
2014-10-04 15:00 - 2014-10-04 15:01 - 00000000 ____D () C:\Program Files\epson
2014-10-04 15:00 - 2014-10-04 15:00 - 00000665 _____ () C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
2014-10-04 15:00 - 2014-10-04 15:00 - 00000031 _____ () C:\WINDOWS\EPSMTL32.TXT
2014-10-04 15:00 - 2014-10-04 15:00 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\EPSON Scan
2014-10-04 15:00 - 2005-02-25 00:00 - 00046080 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\escimgd.dll
2014-10-04 15:00 - 2005-02-25 00:00 - 00029696 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\escwiad.dll
2014-10-04 15:00 - 2005-02-25 00:00 - 00022016 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\esccmd.dll
2014-10-01 13:42 - 2014-10-01 13:44 - 00022276 _____ () C:\Documents and Settings\Owner\My Documents\RickStubbs2014Resume.odt
2014-10-01 10:42 - 2014-10-01 10:42 - 00019167 _____ () C:\Documents and Settings\Owner\My Documents\TerriPegeloResume2014.odt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 21:59 - 2013-01-28 03:16 - 00000422 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{9C0BEB84-D4D0-4B9B-896B-8E25B7646F76}.job
2014-10-20 21:59 - 2009-01-27 15:27 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Temp
2014-10-20 21:48 - 2014-07-05 16:54 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-20 21:19 - 2014-04-04 03:37 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-10-20 20:09 - 2005-01-09 18:19 - 00032034 _____ () C:\WINDOWS\SchedLgU.Txt
2014-10-20 15:31 - 2009-01-27 18:10 - 00000000 ____D () C:\Documents and Settings\Owner\Start Menu\Programs\CyberLink DVD Suite
2014-10-20 15:30 - 2014-03-27 13:03 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-10-20 15:25 - 2005-01-09 18:10 - 01640492 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-20 15:24 - 2005-01-09 18:07 - 00000000 ____D () C:\WINDOWS\Registration
2014-10-20 15:24 - 2005-01-09 10:03 - 00000237 _____ () C:\WINDOWS\wiadebug.log
2014-10-20 15:24 - 2005-01-09 10:03 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-10-20 15:23 - 2005-01-09 18:19 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-20 15:22 - 2012-12-28 19:47 - 00000178 ___SH () C:\Documents and Settings\Terri\ntuser.ini
2014-10-20 15:18 - 2012-12-28 19:47 - 00000000 ____D () C:\Documents and Settings\Terri\Local Settings\Temp
2014-10-20 14:37 - 2012-12-28 19:48 - 00000000 ____D () C:\Documents and Settings\Terri\Start Menu\Programs\CyberLink DVD Suite
2014-10-20 06:16 - 2009-01-27 15:27 - 00000178 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2014-10-19 23:32 - 2005-01-09 18:19 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-10-19 03:12 - 2014-07-06 00:17 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe
2014-10-19 03:12 - 2014-07-05 16:54 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-10-19 03:12 - 2014-07-05 16:54 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-10-19 03:05 - 2005-01-09 09:59 - 00371443 _____ () C:\WINDOWS\setupact.log
2014-10-19 03:00 - 2005-01-09 16:48 - 00012724 _____ () C:\WINDOWS\system32\wpa.dbl
2014-10-19 03:00 - 2005-01-09 09:59 - 00967544 _____ () C:\WINDOWS\setupapi.log
2014-10-19 02:44 - 2013-10-29 21:41 - 00000000 ____D () C:\AdwCleaner
2014-10-17 18:29 - 2014-07-23 17:47 - 00003112 _____ () C:\Documents and Settings\Owner\Desktop\Rkill.txt
2014-10-16 23:13 - 2014-04-09 19:20 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-10-16 21:15 - 2013-08-13 20:46 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-16 21:15 - 2005-01-09 10:00 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-16 20:57 - 2005-01-09 16:49 - 00000197 ___SH () C:\boot.ini
2014-10-16 20:57 - 2005-01-09 16:48 - 00000491 _____ () C:\WINDOWS\win.ini
2014-10-16 20:57 - 2005-01-09 16:48 - 00000246 _____ () C:\WINDOWS\system.ini
2014-10-16 16:50 - 2005-01-09 18:06 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-10-16 16:31 - 2009-01-27 16:45 - 100290944 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-14 23:36 - 2012-12-26 23:54 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-14 12:50 - 2013-10-28 09:31 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Malwarebytes
2014-10-14 12:50 - 2013-10-28 09:31 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-10-14 01:55 - 2013-02-19 22:01 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\WMTools Downloaded Files
2014-10-14 01:54 - 2005-03-14 02:26 - 00074240 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-14 01:47 - 2012-12-28 01:17 - 00000069 _____ () C:\WINDOWS\NeroDigital.ini
2014-10-14 01:26 - 2013-01-07 19:48 - 00131072 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-10-14 01:13 - 2014-07-06 23:26 - 00000532 __RSH () C:\Documents and Settings\All Users\ntuser.pol
2014-10-14 01:13 - 2009-01-27 15:27 - 00000000 ____D () C:\Documents and Settings\Owner
2014-10-14 01:12 - 2012-12-26 19:25 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Google
2014-10-13 21:57 - 2013-02-01 16:36 - 00067072 ___SH () C:\Documents and Settings\Owner\My Documents\Thumbs.db
2014-10-08 15:00 - 2014-03-27 13:03 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-10-08 13:05 - 2013-11-07 22:29 - 00000000 ____D () C:\Documents and Settings\Owner\.gconfd
2014-10-08 13:04 - 2013-01-16 04:37 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\My Practice Files
2014-10-08 12:59 - 2013-11-07 22:29 - 00000000 ____D () C:\Documents and Settings\Owner\.gconf
2014-10-04 15:00 - 2005-01-09 09:50 - 00000000 ____D () C:\WINDOWS\twain_32
2014-10-01 11:20 - 2014-08-03 21:11 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-01 11:20 - 2013-10-28 09:31 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-09-21 23:41 - 2013-01-16 20:31 - 00231568 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

Files to move or delete:
====================
C:\Documents and Settings\Owner\gnucash-2.4.13-setup.exe


Some content of TEMP:
====================
C:\Documents and Settings\Guest\Local Settings\Temp\NeroSearchTrayHook_{993C44BA-C237-4A35-A1FD-3261BD45D97C}.dll
C:\Documents and Settings\Owner\Local Settings\Temp\jre-7u71-windows-i586-iftw.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Owner\Local Settings\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-10-2014 01
Ran by Owner at 2014-10-20 21:59:50
Running from C:\Documents and Settings\Owner\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1010 - )
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5120 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.051-040825a-019641C-Dell - )
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
FileZilla Client 3.6.0.2 (HKCU\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project)
FileZilla Client 3.7.3 (HKLM\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
GnuCash 2.4.13 (HKLM\...\GnuCash_is1) (Version:  - GnuCash Development Team)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java Auto Updater (Version: 2.1.71.14 - Oracle, Inc.) Hidden
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
KODAK Share Button App (HKLM\...\{F5930CDE-2FF5-4A8D-9DBD-3177C816D4A9}) (Version: 4.05.0000.0000 - Eastman Kodak Company)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM\...\KB979904) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 33.0 (x86 en-US) (HKLM\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSN (HKLM\...\MSNINST) (Version:  - )
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB954459) (HKLM\...\{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}) (Version: 6.20.1099.0 - Microsoft Corporation)
MySQL Connector/ODBC 3.51 (HKLM\...\{6A85286D-BA0F-4318-8C30-AD74A33AAD36}) (Version: 3.51.28 - Oracle Corporation)
Nero 7 Essentials (HKLM\...\{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1033}) (Version: 7.03.1152 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
OpenOffice 4.0.1 (HKLM\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.3409.a - CyberLink Corporation)
PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version:  - )
QuickTime (HKLM\...\InstallShield_{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653}) (Version: 7.0.2 - Apple Computer, Inc.)
QuickTime (Version: 7.0.2 - Apple Computer, Inc.) Hidden
RPS CADR (Version: 9.0.54 - Radialpoint SafeCare Inc.) Hidden
RPS CRT (Version: 9.0.54 - Radialpoint SafeCare Inc.) Hidden
SAMSUNG Intelli-studio (HKLM\...\Intelli-studio) (Version:  - )
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Skype Web Plugin (HKLM\...\{69F300CB-D6BF-41DD-B7CC-983BAFF4EE15}) (Version: 3.1.15602.22612 - Skype Technologies S.A.)
Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version:  - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Easy Transfer for Windows 7 (HKLM\...\WET7Cable) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB925766 (HKLM\...\KB925766) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version:  - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
ZoneAlarm Security Toolbar  (Version: 1.8.22.0 - Check Point Software Technologies LTD) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{0713E8A8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\WINDOWS\system32\MSCOMCTL.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{20C62CA0-15DA-101B-B9A8-444553540000}\InprocServer32 -> C:\WINDOWS\system32\msmapi32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{20C62CAB-15DA-101B-B9A8-444553540000}\InprocServer32 -> C:\WINDOWS\system32\msmapi32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{2B11E9B0-9F09-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\WINDOWS\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\WINDOWS\system32\MSCOMCTL.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{30A2652A-DDF7-45e7-ACA6-3EAB26FC8A4E}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\WINDOWS\system32\MSCOMCTL.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{373FF7F4-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{41662FC2-0D57-4aff-AB27-AD2E12E7C273}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{448BB771-CFE2-47C4-BCDF-1FBF378E202C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{59245250-7A2F-11D0-9482-00A0C91110ED}\InprocServer32 -> C:\WINDOWS\system32\msbind.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{5ACBB955-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{5ACBB956-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{612A8628-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\WINDOWS\system32\MSCOMCTL.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{699DDBCC-DC7E-11D0-BCF7-00C04FC2FB86}\InprocServer32 -> C:\WINDOWS\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{6B7E63A3-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{6D835690-900B-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\WINDOWS\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{7B342DC4-139A-4a46-8A93-DB0827CCEE9C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\ooofilt.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{7FA8AE11-B3E3-4D88-AABF-255526CD1CE8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{82154420-0FBF-11d4-8313-005004526AB4}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\WINDOWS\system32\MSCOMCTL.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{99FF4677-FFC3-11D0-BD02-00C04FC2FB86}\InprocServer32 -> C:\WINDOWS\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{B66834C6-2E60-11CE-8748-524153480004}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{BB1AE0D0-634E-11CF-8996-00AA00688B10}\InprocServer32 -> C:\WINDOWS\system32\msmapi32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{BB1AE0D1-634E-11CF-8996-00AA00688B10}\InprocServer32 -> C:\WINDOWS\system32\msmapi32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\WINDOWS\system32\MSCOMCTL.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\WINDOWS\system32\MSCOMCTL.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{D2D59CD1-0A6A-4D36-AE20-47817077D57C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> C:\WINDOWS\system32\msvbvm60.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\WINDOWS\system32\MSCOMCTL.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{E5A0B632-DFBA-4549-9346-E414DA06E6F8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{EE5D1EA4-D445-4289-B2FC-55FC93693917}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\WINDOWS\system32\MSCOMCTL.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{F616B81F-7BB8-4F22-B8A5-47428D59F8AD}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2457527537-3034892722-2725093329-1006_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation)

==================== Restore Points  =========================

23-07-2014 11:50:55 Software Distribution Service 3.0
24-07-2014 04:19:19 Software Distribution Service 3.0
24-07-2014 04:36:33 Software Distribution Service 3.0
24-07-2014 17:46:02 Software Distribution Service 3.0
25-07-2014 22:49:15 Software Distribution Service 3.0
26-07-2014 23:10:08 Software Distribution Service 3.0
28-07-2014 00:27:42 System Checkpoint
28-07-2014 06:23:29 Software Distribution Service 3.0
28-07-2014 21:59:09 Software Distribution Service 3.0
29-07-2014 22:17:03 Software Distribution Service 3.0
30-07-2014 22:19:31 Software Distribution Service 3.0
31-07-2014 22:51:12 Software Distribution Service 3.0
02-08-2014 01:47:07 Software Distribution Service 3.0
03-08-2014 01:47:25 Software Distribution Service 3.0
04-08-2014 04:22:51 Software Distribution Service 3.0
04-08-2014 05:50:33 Software Distribution Service 3.0
05-08-2014 04:23:55 Software Distribution Service 3.0
06-08-2014 05:18:29 System Checkpoint
06-08-2014 09:54:59 Software Distribution Service 3.0
07-08-2014 22:04:36 Software Distribution Service 3.0
08-08-2014 23:32:27 System Checkpoint
09-08-2014 03:33:09 Software Distribution Service 3.0
09-08-2014 19:34:14 Installed StudioTax 2013
10-08-2014 19:12:34 Software Distribution Service 3.0
11-08-2014 22:51:36 System Checkpoint
12-08-2014 01:12:15 Software Distribution Service 3.0
13-08-2014 01:59:44 System Checkpoint
13-08-2014 20:46:12 Software Distribution Service 3.0
14-08-2014 20:52:04 System Checkpoint
14-08-2014 21:17:53 Software Distribution Service 3.0
15-08-2014 21:18:03 Software Distribution Service 3.0
16-08-2014 05:27:22 Software Distribution Service 3.0
16-08-2014 22:03:41 Software Distribution Service 3.0
17-08-2014 05:45:31 Removed Java 7 Update 45
17-08-2014 05:45:56 Installed Java 7 Update 67
18-08-2014 05:50:00 Software Distribution Service 3.0
19-08-2014 05:51:23 System Checkpoint
20-08-2014 03:00:13 Software Distribution Service 3.0
21-08-2014 08:58:07 System Checkpoint
22-08-2014 01:40:41 Software Distribution Service 3.0
23-08-2014 03:06:22 System Checkpoint
23-08-2014 16:05:39 Software Distribution Service 3.0
24-08-2014 03:47:24 Installed Skype Web Plugin
24-08-2014 16:05:48 Software Distribution Service 3.0
25-08-2014 04:24:51 Removed StudioTax 2013
25-08-2014 04:42:33 Configured SoundMAX
25-08-2014 04:42:47 Installed SoundMAX
25-08-2014 06:00:59 Software Distribution Service 3.0
26-08-2014 04:57:10 Software Distribution Service 3.0
27-08-2014 05:10:44 Software Distribution Service 3.0
28-08-2014 18:00:16 Software Distribution Service 3.0
29-08-2014 18:00:22 Software Distribution Service 3.0
30-08-2014 18:03:19 Software Distribution Service 3.0
31-08-2014 23:20:21 Software Distribution Service 3.0
01-09-2014 06:29:18 Software Distribution Service 3.0
01-09-2014 23:20:57 Software Distribution Service 3.0
02-09-2014 23:20:48 Software Distribution Service 3.0
03-09-2014 23:50:16 System Checkpoint
04-09-2014 19:33:34 Software Distribution Service 3.0
05-09-2014 19:37:01 Software Distribution Service 3.0
06-09-2014 19:35:10 Software Distribution Service 3.0
07-09-2014 19:47:26 Software Distribution Service 3.0
08-09-2014 06:22:40 Software Distribution Service 3.0
08-09-2014 19:40:18 Software Distribution Service 3.0
09-09-2014 19:39:39 Software Distribution Service 3.0
10-09-2014 19:43:41 Software Distribution Service 3.0
11-09-2014 19:44:36 Software Distribution Service 3.0
11-09-2014 23:25:43 Software Distribution Service 3.0
12-09-2014 19:46:19 Software Distribution Service 3.0
13-09-2014 19:44:48 Software Distribution Service 3.0
14-09-2014 20:28:01 Software Distribution Service 3.0
15-09-2014 05:54:30 Software Distribution Service 3.0
15-09-2014 19:52:48 Software Distribution Service 3.0
16-09-2014 21:28:10 System Checkpoint
17-09-2014 19:10:54 Software Distribution Service 3.0
18-09-2014 19:12:14 Software Distribution Service 3.0
19-09-2014 20:04:59 System Checkpoint
19-09-2014 20:56:32 Software Distribution Service 3.0
20-09-2014 21:33:24 System Checkpoint
21-09-2014 13:18:05 Software Distribution Service 3.0
22-09-2014 06:25:59 Software Distribution Service 3.0
23-09-2014 07:16:21 System Checkpoint
23-09-2014 17:44:46 Software Distribution Service 3.0
24-09-2014 21:00:39 Software Distribution Service 3.0
25-09-2014 23:01:13 Software Distribution Service 3.0
26-09-2014 23:10:47 Software Distribution Service 3.0
27-09-2014 23:21:03 System Checkpoint
28-09-2014 02:54:15 Software Distribution Service 3.0
29-09-2014 03:17:14 Software Distribution Service 3.0
30-09-2014 04:15:50 Software Distribution Service 3.0
01-10-2014 06:09:16 System Checkpoint
01-10-2014 13:57:37 Software Distribution Service 3.0
02-10-2014 14:11:38 Software Distribution Service 3.0
03-10-2014 15:37:09 Software Distribution Service 3.0
04-10-2014 16:44:09 Software Distribution Service 3.0
05-10-2014 18:37:53 Software Distribution Service 3.0
06-10-2014 05:59:03 Software Distribution Service 3.0
07-10-2014 07:57:31 System Checkpoint
07-10-2014 13:14:50 Software Distribution Service 3.0
08-10-2014 15:36:45 Software Distribution Service 3.0
09-10-2014 17:05:43 Software Distribution Service 3.0
10-10-2014 17:06:22 System Checkpoint
10-10-2014 18:29:13 Software Distribution Service 3.0
11-10-2014 19:45:04 Software Distribution Service 3.0
12-10-2014 23:16:12 Software Distribution Service 3.0
13-10-2014 06:10:43 Software Distribution Service 3.0
13-10-2014 21:50:26 Removed FULL-DISKfighter.
14-10-2014 08:38:30 Software Distribution Service 3.0
15-10-2014 08:41:03 System Checkpoint
15-10-2014 12:21:24 Software Distribution Service 3.0
16-10-2014 16:10:45 Software Distribution Service 3.0
16-10-2014 23:27:22 Software Distribution Service 3.0
17-10-2014 04:17:11 Restore Operation
17-10-2014 17:13:07 Software Distribution Service 3.0
18-10-2014 01:13:17 Checkpoint by HitmanPro
18-10-2014 01:14:43 Checkpoint by HitmanPro
18-10-2014 07:39:23 Checkpoint by HitmanPro
18-10-2014 18:15:12 Software Distribution Service 3.0
19-10-2014 10:29:58 Removed Java 7 Update 67
19-10-2014 10:30:22 Installed Java 7 Update 71
20-10-2014 00:05:18 Software Distribution Service 3.0
20-10-2014 06:25:19 Software Distribution Service 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-01-27 13:42 - 2004-08-10 12:00 - 00000734 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{9C0BEB84-D4D0-4B9B-896B-8E25B7646F76}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2005-01-09 16:48 - 2011-02-04 18:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll
2005-01-09 16:48 - 2013-01-01 23:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2009-01-27 13:41 - 2008-04-13 17:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2009-01-27 13:43 - 2008-04-13 17:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2005-01-09 16:48 - 2005-08-05 21:06 - 00165376 ____N () C:\WINDOWS\system32\mpg2splt.ax
2005-01-09 16:48 - 2005-08-05 22:01 - 00159744 ____N () C:\WINDOWS\system32\VBICodec.ax
2005-01-09 16:48 - 2011-10-14 18:38 - 00456192 _____ () C:\WINDOWS\system32\encdec.dll
2009-01-27 18:10 - 2007-05-13 19:54 - 00272024 ____N () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2012-11-29 14:59 - 2013-08-07 12:25 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\TEMP:pid1
AlternateDataStreams: C:\TEMP:pid2
AlternateDataStreams: C:\TEMP:rnd.dat
AlternateDataStreams: C:\TEMP:srv
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:1A4D9436
AlternateDataStreams: C:\Documents and Settings\Owner\Desktop\ESETscan.txt:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\Owner\Desktop\ESETscan.txt:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\38220059.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\38220059.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk => C:\WINDOWS\pss\Windows Search.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\WINDOWS\pss\OneNote 2010 Screen Clipper and Launcher.lnkStartup
MSCONFIG\startupreg: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA => 1
MSCONFIG\startupreg: BingDesktop =>
MSCONFIG\startupreg: CTHelper => CTHELPER.EXE
MSCONFIG\startupreg: CTxfiHlp => CTXFIHLP.EXE
MSCONFIG\startupreg: EPSON Stylus CX4200 Series => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB002" /M "Stylus CX4200"
MSCONFIG\startupreg: Free Download Manager793683.exe => "C:\DOCUME~1\Owner\LOCALS~1\Temp\Free Download Manager793683.exe" /XML="C:\DOCUME~1\Owner\LOCALS~1\Temp\3A.tmp" /ROS /STP=1:2
MSCONFIG\startupreg: fst_ca_170 =>
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: QuickTime Task => "D:\Program Files\qttask.exe" -atboottime
MSCONFIG\startupreg: WROReminder =>

========================= Accounts: ==========================

Administrator (S-1-5-21-2457527537-3034892722-2725093329-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-2457527537-3034892722-2725093329-1003 - Limited - Enabled)
Guest (S-1-5-21-2457527537-3034892722-2725093329-501 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Guest
HelpAssistant (S-1-5-21-2457527537-3034892722-2725093329-1005 - Limited - Disabled)
Owner (S-1-5-21-2457527537-3034892722-2725093329-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
SUPPORT_388945a0 (S-1-5-21-2457527537-3034892722-2725093329-1002 - Limited - Disabled)
Terri (S-1-5-21-2457527537-3034892722-2725093329-1007 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Terri

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/16/2014 08:45:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application outlook.exe, version 11.0.5510.0, faulting module kernel32.dll, version 5.1.2600.6532, fault address 0x00012fd3.
Processing media-specific event for [outlook.exe!ws!]

Error: (10/14/2014 10:03:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 32.0.3.5379, faulting module mozalloc.dll, version 32.0.3.5379, fault address 0x0000141b.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (10/14/2014 02:05:27 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 1.1.11005.0, P3 1.185.3194.0, P4 1.185.3194.0, P5 0000055520ab5885_bf8ac453d7e6a6ede5ae7fad58ec7d0e8b14a34f, P6 NIL, P7 NIL, P8 NIL, P9 avsubmit0, P10 avsubmit1.

Error: (10/14/2014 01:11:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 32.0.3.5379, faulting module mozalloc.dll, version 32.0.3.5379, fault address 0x0000141b.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (10/13/2014 08:46:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application Nss.exe, version 4.1.0.31, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/13/2014 01:04:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application moviemk.exe, version 2.1.4028.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/12/2014 09:28:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 32.0.3.5379, faulting module mozalloc.dll, version 32.0.3.5379, fault address 0x0000141b.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (10/07/2014 05:27:24 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry, P4 1.1.11005.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (10/07/2014 04:03:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application soffice.bin, version 4.0.9714.500, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/04/2014 03:01:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application deviceop.exe, version 2.3.0.1, faulting module deviceop.exe, version 2.3.0.1, fault address 0x000184b8.
Processing media-specific event for [deviceop.exe!ws!]


System errors:
=============
Error: (10/20/2014 09:19:00 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (10/20/2014 09:13:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/20/2014 09:09:02 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (10/20/2014 09:08:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 15000 milliseconds: Restart the service.

Error: (10/20/2014 09:06:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PLFlash DeviceIoControl Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/20/2014 09:05:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/20/2014 09:05:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/20/2014 03:33:52 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (10/20/2014 03:23:54 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (10/20/2014 02:27:56 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.


Microsoft Office Sessions:
=========================
Error: (10/16/2014 08:45:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: outlook.exe11.0.5510.0kernel32.dll5.1.2600.653200012fd3

Error: (10/14/2014 10:03:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe32.0.3.5379mozalloc.dll32.0.3.53790000141b

Error: (10/14/2014 02:05:27 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: avsubmitmicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)1.1.11005.01.185.3194.01.185.3194.00000055520ab5885_bf8ac453d7e6a6ede5ae7fad58ec7d0e8b14a34fNILNILNILNILNIL

Error: (10/14/2014 01:11:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe32.0.3.5379mozalloc.dll32.0.3.53790000141b

Error: (10/13/2014 08:46:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Nss.exe4.1.0.31hungapp0.0.0.000000000

Error: (10/13/2014 01:04:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: moviemk.exe2.1.4028.0hungapp0.0.0.000000000

Error: (10/12/2014 09:28:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe32.0.3.5379mozalloc.dll32.0.3.53790000141b

Error: (10/07/2014 05:27:24 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry80070490remediationremediationfailuretelemetry1.1.11005.0mpengine0unspecifiedNILNILNIL

Error: (10/07/2014 04:03:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: soffice.bin4.0.9714.500hungapp0.0.0.000000000

Error: (10/04/2014 03:01:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: deviceop.exe2.3.0.1deviceop.exe2.3.0.1000184b8


==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 3.00GHz
Percentage of memory in use: 36%
Total physical RAM: 1022.09 MB
Available physical RAM: 647.81 MB
Total Pagefile: 2458.19 MB
Available Pagefile: 2151.92 MB
Total Virtual: 2047.88 MB
Available Virtual: 1929.49 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:367.91 GB) (Free:331.23 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:367.91 GB) (Free:302.5 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 372.6 GB) (Disk ID: 14CB14CB)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Active) - (Size=367.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=4.6 GB) - (Type=DB)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: EB275B50)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Active) - (Size=367.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=4.6 GB) - (Type=DB)

==================== End Of Log ============================



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:37 AM

Posted 21 October 2014 - 09:44 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

HKU\S-1-5-21-2457527537-3034892722-2725093329-1007\...\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] => 1
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} -  No File
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll No File
CHR Plugin: (Wajam) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hchkdglnjoagfcnikmcebkjlfbcbkhnm\10.16.340.9_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Conduit Radio Plugin) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hchkdglnjoagfcnikmcebkjlfbcbkhnm\10.16.340.9_0\plugins/np-cwmp.dll No File
CHR Plugin: (Conduit Chrome Approve TB Plugin) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hchkdglnjoagfcnikmcebkjlfbcbkhnm\10.16.340.9_0\plugins/ChromeApproveTBPlugin.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hchkdglnjoagfcnikmcebkjlfbcbkhnm\10.16.340.9_0\search/plugins/npConduitNewTabPlugin.dll No File
CHR Plugin: (Citrix ICA Client) - C:\Program Files\Citrix\ICA Client\npicaN.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\WINDOWS\system32\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
S4 cpuz134; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
C:\Documents and Settings\Owner\Local Settings\Temp\jre-7u71-windows-i586-iftw.exe
AlternateDataStreams: C:\TEMP:pid1
AlternateDataStreams: C:\TEMP:pid2
AlternateDataStreams: C:\TEMP:rnd.dat
AlternateDataStreams: C:\TEMP:srv
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:1A4D9436
AlternateDataStreams: C:\Documents and Settings\Owner\Desktop\ESETscan.txt:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\Owner\Desktop\ESETscan.txt:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:37 AM

Posted 27 October 2014 - 08:40 AM

Are you still with me?

#6 stubby97

stubby97
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:37 AM

Posted 27 October 2014 - 03:14 PM

I put the fixlist.text in the FRST folder where I found the FRST.text and additional file.  Is this the right place, cause its telling me its the wrong folder



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:37 AM

Posted 28 October 2014 - 07:50 AM

The farbar too is Running from C:\Documents and Settings\Owner\Desktop
Place the file on your desktop and run the fix.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users