Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

incredibly slow computer - can't find malware [Closed]


  • This topic is locked This topic is locked

#1
Lee07666

Lee07666

    Member

  • Member
  • PipPip
  • 34 posts

vostro 200, windows xp.

i know it's old, i know it's not supported anymore, and when i can afford it i'll buy a new one!

in the meantime, just within the last week, my pc has been moving at an unbearably slow pace. opening files, folder, and especially when opening new tabs in chrome (delays in typed text appearing and then pulling up the new url).

i can't find malware. hope you can help me!

 

OTL:

 

OTL logfile created on: 8/25/2014 10:22:16 PM - Run 7
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Aliza\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 44.04% Memory free
3.84 Gb Paging File | 2.50 Gb Available in Paging File | 65.09% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 21.30 Gb Free Space | 14.30% Space Free | Partition Type: NTFS
 
Computer Name: FAMILY | User Name: Aliza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Aliza\My Documents\Downloads\OTL (1).exe (OldTimer Tools)
PRC - C:\Documents and Settings\Aliza\desktop\HiJackThis.exe (Trend Micro Inc.)
PRC - C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - c:\Program Files\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell Network Assistant\hnm_svc.exe (SingleClick Systems)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
MOD - C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.143\ppgooglenaclpluginchrome.dll ()
MOD - C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
MOD - C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll ()
MOD - C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libGLESv2.dll ()
MOD - C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libEGL.dll ()
MOD - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
MOD - C:\Program Files\Flip Video\FlipShare\Core.dll ()
MOD - C:\Program Files\Flip Video\FlipShare\qca2.dll ()
MOD - C:\Program Files\Flip Video\FlipShare\QtGui4.dll ()
MOD - C:\Program Files\Flip Video\FlipShare\QtCore4.dll ()
MOD - C:\Program Files\Flip Video\FlipShare\QtXml4.dll ()
MOD - C:\Program Files\Flip Video\FlipShare\QtSql4.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\WINDOWS\system32\Primomonnt.dll ()
MOD - C:\WINDOWS\system32\qcap.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\ddmon.dll ()
MOD - C:\WINDOWS\system32\cpwmon2k.dll ()
MOD - C:\WINDOWS\system32\DLAAPI_W.DLL ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
SRV - (npggsvc) -- C:\WINDOWS\system32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (sprtsvc_dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (LinksysUpdater) -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
SRV - (DellAMBrokerService) -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe ()
SRV - (hnmsvc) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe (SingleClick Systems)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (szkgfs) -- system32\drivers\szkgfs.sys File not found
DRV - (szkg5) -- system32\DRIVERS\szkg.sys File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (NVIDIAHWAccess) -- C:\Documents and Settings\Aliza\Application Data\NVIDIA\HWAccess.sys File not found
DRV - (mbr) -- C:\DOCUME~1\Aliza\LOCALS~1\Temp\mbr.sys File not found
DRV - (lbrtfdc) --  File not found
DRV - (is3srv) -- system32\drivers\is3srv.sys File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOCUME~1\Aliza\LOCALS~1\Temp\catchme.sys File not found
DRV - (aktbdow) -- System32\drivers\qiov.sys File not found
DRV - (Avgdiskx) -- C:\WINDOWS\system32\drivers\avgdiskx.sys (AVG Technologies CZ, s.r.o.)
DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (Power Software Ltd)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriverl) -- C:\WINDOWS\system32\drivers\avgidsdriverlx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdserd) -- C:\WINDOWS\system32\drivers\sscdserd.sys (MCCI Corporation)
DRV - (sscdbus) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (evserial) -- C:\WINDOWS\system32\drivers\evserial.sys (ELTIMA Software)
DRV - (VSBC) -- C:\WINDOWS\system32\drivers\evsbc.sys (ELTIMA Software)
DRV - (tbhsd) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (datunidr) -- C:\WINDOWS\system32\drivers\datunidr.sys (Gteko Ltd.)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Packet) -- C:\WINDOWS\system32\drivers\packet.sys (SingleClick Systems)
DRV - (PTproct) -- C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys (Gteko Ltd.)
DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (P1131VID) -- C:\WINDOWS\system32\drivers\P1131Vid.sys (Creative Technology Ltd.)
DRV - (TIEHDUSB) -- C:\WINDOWS\system32\drivers\tiehdusb.sys (Texas Instruments Incorporated)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080415
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080415
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=OIE8HP&PC=B8MC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {933F3547-731C-4CA9-B7F0-99F219C69580}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{933F3547-731C-4CA9-B7F0-99F219C69580}: "URL" = https://search.yahoo...p={searchTerms}
IE - HKCU\..\SearchScopes\{99E9600A-FD81-4DD5-BB3A-910315EF4A26}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo!"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...ogle Search&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..extensions.enabledAddons: %7B21b88860-5e00-44dd-bdac-fca1f791837e%7D:0.2.0.10
FF - prefs.js..extensions.enabledAddons: %7BDAC3F861-B30D-40dd-9166-F4E75327FAC7%7D:1.3.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..keyword.URL: "https://search.yahoo...type=282369&p="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Aliza\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/npmozax:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Documents and Settings\Aliza\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Aliza\Application Data\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Aliza\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Aliza\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/03/30 21:57:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/08/11 12:50:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/08/14 18:23:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Aliza\Application Data\Move Networks [2009/12/02 19:56:47 | 000,000,000 | ---D | M]
 
[2012/03/11 12:13:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aliza\Application Data\Mozilla\Extensions
[2014/08/16 12:49:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\extensions
[2009/04/26 14:23:15 | 000,000,000 | ---D | M] (InstantAction.com Game Launcher) -- C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\extensions\[email protected]
[2008/08/06 20:34:18 | 000,000,000 | ---D | M] (RealArcade V3 Plugin) -- C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\extensions\[email protected]
[2012/06/19 17:06:16 | 000,000,000 | ---D | M] ("ArcadeWeb") -- C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\extensions\[email protected]
[2014/07/24 19:56:07 | 002,168,615 | ---- | M] () (No name found) -- C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\extensions\[email protected]
[2014/08/11 12:49:22 | 000,226,542 | ---- | M] () (No name found) -- C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\extensions\[email protected]
[2012/11/06 12:19:24 | 000,214,034 | ---- | M] () (No name found) -- C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\extensions\[email protected]
[2012/09/19 11:16:23 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2011/06/12 14:39:35 | 000,023,046 | ---- | M] () (No name found) -- C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\extensions\{21b88860-5e00-44dd-bdac-fca1f791837e}.xpi
[2014/07/23 19:56:08 | 000,150,579 | ---- | M] () (No name found) -- C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi
[2014/07/23 19:54:06 | 000,008,074 | ---- | M] () -- C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\searchplugins\yahoo_ff.xml
[2014/08/11 12:50:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/08/11 12:50:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/03/30 21:57:48 | 000,000,000 | ---D | M] (RealDownloader) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2013/03/30 21:55:13 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: 
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.143\pdf.dll
CHR - plugin: Widevine Media Optimizer (Enabled) = C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\Application\plugins\npwidevinemediaoptimizer.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Aliza\Application Data\Move Networks\plugins\npqmp071505000011.dll
CHR - plugin: Citrix Online Web Deployment Plugin 1.0.0.104 (Enabled) = C:\Documents and Settings\Aliza\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Documents and Settings\Aliza\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Aliza\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit)  (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll
CHR - plugin: Dynamic Web TWAIN Plugin Trial (Enabled) = C:\WINDOWS\system32\dynamsoft\dynamicwebtwain\NPDynamicWebTwainTrial.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: RealDownloader = C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2013/07/24 20:51:15 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Gaming support for ArcadeWeb) - {9F531FB1-7C1F-4E1A-8C0C-E8D6177130E2} - C:\Documents and Settings\Aliza\Local Settings\Application Data\ArcadeWeb\arcadeweb32.dll (Arcade Web LLC)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Easy Dock]  File not found
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Easy Dock] C:\Documents and Settings\Aliza\My Documents\RCA easyRip\EZDock.exe File not found
O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\Aliza\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_ED68D1E178F10B5D80C7265BE712D9C5] C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart File not found
O4 - HKCU..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108831
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} http://www.blackberr...re/AxLoader.cab (AxLoaderPassword Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1266631313843 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.135 167.206.245.136
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81749764-0BDE-48AC-86FD-B10569284C3E}: DhcpNameServer = 167.206.245.135 167.206.245.136
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/12 14:04:00 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/25 22:07:16 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Aliza\Desktop\HiJackThis.exe
[2014/08/24 01:01:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PowerISO
[2014/08/24 01:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2014/08/22 15:54:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aliza\My Documents\OneNote Notebooks
[2014/08/18 19:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aliza\Local Settings\Application Data\Adobe
[2014/08/16 12:43:33 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\WINDOWS\System32\sqlite3.dll
[2014/08/16 12:39:03 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/08/13 23:46:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aliza\Application Data\AVG2014
[2014/08/13 23:44:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aliza\Application Data\TuneUp Software
[2014/08/13 23:44:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2014/08/13 23:43:58 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014/08/13 23:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2014/08/13 23:43:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2014/08/13 23:41:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2014/08/13 23:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aliza\Local Settings\Application Data\Avg2014
[2014/08/13 23:41:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2014/08/13 23:41:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aliza\Local Settings\Application Data\MFAData
[27 C:\Documents and Settings\Aliza\My Documents\*.tmp files -> C:\Documents and Settings\Aliza\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Aliza\*.tmp files -> C:\Documents and Settings\Aliza\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/25 22:11:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/08/25 22:08:29 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Aliza\Desktop\dds.scr
[2014/08/25 22:07:16 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Aliza\Desktop\HiJackThis.exe
[2014/08/25 21:55:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/25 21:55:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/25 21:31:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3534371746-1935322057-1064774181-1006UA.job
[2014/08/25 21:08:17 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3534371746-1935322057-1064774181-1006UA.job
[2014/08/25 01:31:01 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3534371746-1935322057-1064774181-1006Core.job
[2014/08/24 23:47:41 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3534371746-1935322057-1064774181-1006.job
[2014/08/24 23:47:36 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3534371746-1935322057-1064774181-1006.job
[2014/08/24 23:45:22 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3534371746-1935322057-1064774181-1006.job
[2014/08/24 23:45:22 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3534371746-1935322057-1064774181-1006.job
[2014/08/24 23:45:07 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3534371746-1935322057-1064774181-1007.job
[2014/08/24 23:44:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/08/24 23:44:54 | 2136,129,536 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/24 17:41:45 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/08/24 15:08:00 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3534371746-1935322057-1064774181-1006Core.job
[2014/08/24 14:01:03 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2014/08/24 01:01:40 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PowerISO.lnk
[2014/08/24 00:54:17 | 000,000,083 | ---- | M] () -- C:\WINDOWS\wwp.INI
[2014/08/23 21:49:01 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3534371746-1935322057-1064774181-1006.job
[2014/08/22 22:15:01 | 000,000,326 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3534371746-1935322057-1064774181-1006.job
[2014/08/22 19:57:02 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3534371746-1935322057-1064774181-1006.job
[2014/08/22 15:54:43 | 000,000,947 | ---- | M] () -- C:\Documents and Settings\Aliza\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2014/08/20 15:43:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3534371746-1935322057-1064774181-1007.job
[2014/08/19 18:05:27 | 001,990,441 | ---- | M] () -- C:\Documents and Settings\Aliza\My Documents\Avishua Driving School Cert.JPG
[2014/08/19 18:01:06 | 000,705,847 | ---- | M] () -- C:\Documents and Settings\Aliza\My Documents\Scan0021.jpg
[2014/08/18 20:57:01 | 000,740,527 | ---- | M] () -- C:\Documents and Settings\Aliza\My Documents\Scan0019.jpg
[2014/08/18 20:57:01 | 000,488,141 | ---- | M] () -- C:\Documents and Settings\Aliza\My Documents\Scan0020.jpg
[2014/08/18 20:39:47 | 000,979,815 | ---- | M] () -- C:\Documents and Settings\Aliza\My Documents\BHA1.pdf
[2014/08/18 20:34:03 | 000,316,288 | ---- | M] () -- C:\Documents and Settings\Aliza\My Documents\BHA_Cover.jpg
[2014/08/17 22:57:17 | 000,308,468 | ---- | M] () -- C:\Documents and Settings\Aliza\My Documents\Scan0018.jpg
[2014/08/17 20:56:02 | 000,284,523 | ---- | M] () -- C:\Documents and Settings\Aliza\My Documents\Scan0017.jpg
[2014/08/17 15:12:35 | 000,460,047 | ---- | M] () -- C:\Documents and Settings\Aliza\My Documents\Scan0016.jpg
[2014/08/16 17:40:36 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Aliza\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/08/16 13:17:06 | 000,117,136 | ---- | M] () -- C:\Documents and Settings\Aliza\My Documents\NJGLOVE_ScanReport.pdf
[2014/08/15 15:38:53 | 000,399,524 | ---- | M] () -- C:\Documents and Settings\Aliza\My Documents\Scan0015.jpg
[2014/08/15 15:38:53 | 000,280,288 | ---- | M] () -- C:\Documents and Settings\Aliza\My Documents\Scan0014.jpg
[2014/08/14 23:11:34 | 000,164,323 | ---- | M] () -- C:\Documents and Settings\Aliza\My Documents\Scan0013.jpg
[2014/08/14 19:01:08 | 000,002,302 | ---- | M] () -- C:\Documents and Settings\Aliza\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/08/14 19:01:05 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Aliza\Desktop\Google Chrome.lnk
[2014/08/14 08:59:55 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
[2014/08/13 20:39:48 | 000,298,530 | ---- | M] () -- C:\Documents and Settings\Aliza\My Documents\Scan0012.jpg
[2014/08/13 10:44:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/08/12 23:22:39 | 000,292,304 | ---- | M] () -- C:\Documents and Settings\Aliza\My Documents\Scan0011.jpg
[2014/08/12 23:22:39 | 000,273,467 | ---- | M] () -- C:\Documents and Settings\Aliza\My Documents\Scan0010.jpg
[2014/08/10 23:09:19 | 000,188,141 | ---- | M] () -- C:\Documents and Settings\Aliza\My Documents\Scan0009.jpg
[2014/08/10 23:07:03 | 000,244,493 | ---- | M] () -- C:\Documents and Settings\Aliza\My Documents\Scan0008.jpg
[2014/08/06 17:08:04 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Aliza\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/08/06 13:45:56 | 000,534,482 | ---- | M] () -- C:\Documents and Settings\Aliza\My Documents\hootenanny.jpg
[2014/08/05 22:08:33 | 000,294,619 | ---- | M] () -- C:\Documents and Settings\Aliza\My Documents\Red Sky.jpg
[2014/08/05 22:06:51 | 000,380,275 | ---- | M] () -- C:\Documents and Settings\Aliza\My Documents\Scan0007.jpg
[2014/08/05 22:01:54 | 000,309,059 | ---- | M] () -- C:\Documents and Settings\Aliza\My Documents\Scan0006.jpg
[27 C:\Documents and Settings\Aliza\My Documents\*.tmp files -> C:\Documents and Settings\Aliza\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Aliza\*.tmp files -> C:\Documents and Settings\Aliza\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/08/25 22:08:28 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Aliza\Desktop\dds.scr
[2014/08/24 01:01:40 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PowerISO.lnk
[2014/08/22 15:54:43 | 000,000,947 | ---- | C] () -- C:\Documents and Settings\Aliza\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2014/08/19 18:05:26 | 001,990,441 | ---- | C] () -- C:\Documents and Settings\Aliza\My Documents\Avishua Driving School Cert.JPG
[2014/08/19 18:01:05 | 000,705,847 | ---- | C] () -- C:\Documents and Settings\Aliza\My Documents\Scan0021.jpg
[2014/08/18 20:57:01 | 000,740,527 | ---- | C] () -- C:\Documents and Settings\Aliza\My Documents\Scan0019.jpg
[2014/08/18 20:57:01 | 000,488,141 | ---- | C] () -- C:\Documents and Settings\Aliza\My Documents\Scan0020.jpg
[2014/08/18 20:39:19 | 000,979,815 | ---- | C] () -- C:\Documents and Settings\Aliza\My Documents\BHA1.pdf
[2014/08/18 20:20:23 | 000,316,288 | ---- | C] () -- C:\Documents and Settings\Aliza\My Documents\BHA_Cover.jpg
[2014/08/17 22:57:16 | 000,308,468 | ---- | C] () -- C:\Documents and Settings\Aliza\My Documents\Scan0018.jpg
[2014/08/17 20:56:01 | 000,284,523 | ---- | C] () -- C:\Documents and Settings\Aliza\My Documents\Scan0017.jpg
[2014/08/17 15:12:35 | 000,460,047 | ---- | C] () -- C:\Documents and Settings\Aliza\My Documents\Scan0016.jpg
[2014/08/16 13:17:16 | 000,117,136 | ---- | C] () -- C:\Documents and Settings\Aliza\My Documents\NJGLOVE_ScanReport.pdf
[2014/08/15 15:38:53 | 000,399,524 | ---- | C] () -- C:\Documents and Settings\Aliza\My Documents\Scan0015.jpg
[2014/08/15 15:38:53 | 000,280,288 | ---- | C] () -- C:\Documents and Settings\Aliza\My Documents\Scan0014.jpg
[2014/08/14 23:11:34 | 000,164,323 | ---- | C] () -- C:\Documents and Settings\Aliza\My Documents\Scan0013.jpg
[2014/08/13 23:44:49 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
[2014/08/13 20:39:42 | 000,298,530 | ---- | C] () -- C:\Documents and Settings\Aliza\My Documents\Scan0012.jpg
[2014/08/12 23:22:39 | 000,292,304 | ---- | C] () -- C:\Documents and Settings\Aliza\My Documents\Scan0011.jpg
[2014/08/12 23:22:38 | 000,273,467 | ---- | C] () -- C:\Documents and Settings\Aliza\My Documents\Scan0010.jpg
[2014/08/10 23:09:18 | 000,188,141 | ---- | C] () -- C:\Documents and Settings\Aliza\My Documents\Scan0009.jpg
[2014/08/10 23:07:03 | 000,244,493 | ---- | C] () -- C:\Documents and Settings\Aliza\My Documents\Scan0008.jpg
[2014/08/06 13:46:11 | 000,534,482 | ---- | C] () -- C:\Documents and Settings\Aliza\My Documents\hootenanny.jpg
[2014/08/05 22:08:30 | 000,294,619 | ---- | C] () -- C:\Documents and Settings\Aliza\My Documents\Red Sky.jpg
[2014/08/05 22:06:51 | 000,380,275 | ---- | C] () -- C:\Documents and Settings\Aliza\My Documents\Scan0007.jpg
[2014/08/05 22:01:54 | 000,309,059 | ---- | C] () -- C:\Documents and Settings\Aliza\My Documents\Scan0006.jpg
[2014/07/22 18:33:06 | 000,029,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2013/10/08 19:28:21 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2013/01/12 21:52:27 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Aliza\Local Settings\Application Data\PUTTY.RND
[2012/01/06 15:12:12 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\Aliza\jagex_cl_runescape_LIVE.dat
[2011/07/13 20:41:40 | 000,072,080 | ---- | C] () -- C:\Documents and Settings\Aliza\g2mdlhlpx.exe
[2010/11/23 00:14:59 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Aliza\jagex_runescape_preferences2.dat
[2010/03/29 23:20:53 | 000,001,143 | ---- | C] () -- C:\Documents and Settings\Aliza\hpothb07.dat
[2010/03/29 23:20:52 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\Aliza\hpothb07.tif
[2009/08/28 10:12:36 | 000,006,991 | ---- | C] () -- C:\Documents and Settings\Aliza\Application Data\PrimoPDFSet.xml
[2009/06/21 22:03:44 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\Aliza\pool.bin
[2009/05/31 13:24:07 | 000,000,024 | -H-- | C] () -- C:\Documents and Settings\Aliza\presets.ini
[2009/03/27 09:12:50 | 012,058,624 | ---- | C] () -- C:\Documents and Settings\Aliza\ntuser.bak
[2008/09/28 01:40:29 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\Aliza\jagex_runescape_preferences.dat
[2008/06/11 15:18:45 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\Aliza\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/28 22:30:14 | 000,001,292 | ---- | C] () -- C:\Documents and Settings\Aliza\Local Settings\Application Data\FASTWiz.html
[2008/05/28 21:51:26 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Aliza\Local Settings\Application Data\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2013/06/14 20:26:40 | 000,002,048 | ---- | M] () -- C:\RECYCLER\S-1-5-18\$df9a53f7eed1859284a2f3edd8c07d49\@
[2013/07/24 20:05:25 | 000,000,000 | ---D | M] -- C:\RECYCLER\S-1-5-18\$df9a53f7eed1859284a2f3edd8c07d49\U
[2004/08/10 14:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\WINDOWS\system32\shell32.dll -- [2012/06/08 10:26:20 | 008,462,848 | ---- | M] (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/07/18 12:05:06 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2009/05/22 20:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\Affilorama
[2014/08/13 23:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\AVG2014
[2011/12/10 17:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2008/10/17 12:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\deskPDF
[2011/11/21 10:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\E0C69
[2009/10/08 15:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\eBookPro6
[2008/06/20 01:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\Eltima Software
[2014/07/10 18:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\FileZilla
[2013/11/28 12:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\FreeVideoConverter
[2009/04/26 14:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\GarageGames
[2010/07/18 12:20:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\GeoVid
[2008/06/06 17:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\GetRightToGo
[2008/05/04 18:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\GlarySoft
[2014/02/13 22:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\IDM
[2009/05/24 16:29:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\ijjigame
[2010/06/06 21:19:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\ImgBurn
[2011/06/13 19:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\IObit
[2008/07/23 21:38:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\Linksys
[2012/12/09 16:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\LocalLow
[2010/06/24 10:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\MOVAVI
[2010/04/27 15:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\NCH Swift Sound
[2012/06/27 21:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\Notepad++
[2012/05/15 18:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\PowerISO
[2010/07/18 13:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\Publish Providers
[2008/05/25 14:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\QQ Games Plugin
[2011/05/29 12:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\Research In Motion
[2011/04/12 22:25:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\Rovio
[2010/01/18 19:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\SmartDraw
[2010/07/18 13:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\Sony
[2013/04/15 13:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\SystemRequirementsLab
[2013/04/10 22:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\TeamViewer
[2012/09/15 22:33:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\TightVNC
[2008/06/06 20:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\Tunebite
[2014/08/13 23:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\TuneUp Software
[2012/05/18 14:14:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\Unity
[2010/07/18 12:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\VisiFly
[2011/07/21 22:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\webex
[2011/06/10 19:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\Wuala
[2014/08/16 12:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2008/11/07 01:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVSVideoBurner
[2012/03/11 14:34:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2014/08/13 23:41:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/06/12 14:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2008/08/06 18:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameTap
[2011/05/26 23:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2014/07/18 17:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2009/07/26 17:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ijjigame
[2011/06/11 00:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2008/07/23 21:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
[2014/08/25 18:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/05/04 15:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/10/15 18:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2008/06/06 20:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2011/12/10 17:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2014/07/22 18:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RogueKiller
[2012/02/19 21:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2008/04/15 01:31:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SingleClick Systems
[2010/07/18 14:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2011/06/09 19:45:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2008/04/15 01:32:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/11/20 23:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/04/09 22:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/09/14 21:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/05/06 21:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2010/06/02 19:13:28 | 000,010,225 | -H-- | M] ()(C:\Documents and Settings\Aliza\My Documents\???.kolachai.hebrewname.docx) -- C:\Documents and Settings\Aliza\My Documents\קול.kolachai.hebrewname.docx
[2010/06/02 19:13:28 | 000,010,225 | -H-- | C] ()(C:\Documents and Settings\Aliza\My Documents\???.kolachai.hebrewname.docx) -- C:\Documents and Settings\Aliza\My Documents\קול.kolachai.hebrewname.docx
[2007/06/19 22:56:49 | 000,139,776 | -H-- | C] ()(C:\Documents and Settings\Aliza\My Documents\??? ?????2.doc) -- C:\Documents and Settings\Aliza\My Documents\מתי היגיע2.doc
[2007/06/19 22:56:49 | 000,131,072 | -H-- | C] ()(C:\Documents and Settings\Aliza\My Documents\??? ??????.doc) -- C:\Documents and Settings\Aliza\My Documents\מתי היגיעו.doc
[2007/06/19 22:56:49 | 000,024,064 | -H-- | C] ()(C:\Documents and Settings\Aliza\My Documents\???? 1.doc) -- C:\Documents and Settings\Aliza\My Documents\עמוד 1.doc
[2007/06/19 22:54:11 | 000,090,624 | -H-- | C] ()(C:\Documents and Settings\Aliza\My Documents\4??? ?????1.doc) -- C:\Documents and Settings\Aliza\My Documents\4מתי היגיע1.doc
[2007/06/19 22:54:11 | 000,052,224 | -H-- | C] ()(C:\Documents and Settings\Aliza\My Documents\3??? ?????1.doc) -- C:\Documents and Settings\Aliza\My Documents\3מתי היגיע1.doc
[2007/06/19 22:54:11 | 000,028,672 | -H-- | C] ()(C:\Documents and Settings\Aliza\My Documents\5??? ?????1.doc) -- C:\Documents and Settings\Aliza\My Documents\5מתי היגיע1.doc
[2007/06/11 20:33:54 | 000,024,064 | -H-- | M] ()(C:\Documents and Settings\Aliza\My Documents\???? 1.doc) -- C:\Documents and Settings\Aliza\My Documents\עמוד 1.doc
[2007/06/11 20:26:51 | 000,028,672 | -H-- | M] ()(C:\Documents and Settings\Aliza\My Documents\5??? ?????1.doc) -- C:\Documents and Settings\Aliza\My Documents\5מתי היגיע1.doc
[2007/06/11 20:17:29 | 000,090,624 | -H-- | M] ()(C:\Documents and Settings\Aliza\My Documents\4??? ?????1.doc) -- C:\Documents and Settings\Aliza\My Documents\4מתי היגיע1.doc
[2007/06/11 19:13:24 | 000,052,224 | -H-- | M] ()(C:\Documents and Settings\Aliza\My Documents\3??? ?????1.doc) -- C:\Documents and Settings\Aliza\My Documents\3מתי היגיע1.doc
[2007/06/11 18:46:22 | 000,139,776 | -H-- | M] ()(C:\Documents and Settings\Aliza\My Documents\??? ?????2.doc) -- C:\Documents and Settings\Aliza\My Documents\מתי היגיע2.doc
[2007/06/11 18:33:36 | 000,131,072 | -H-- | M] ()(C:\Documents and Settings\Aliza\My Documents\??? ??????.doc) -- C:\Documents and Settings\Aliza\My Documents\מתי היגיעו.doc
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A11F741D
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794
 
< End of report >
 


 
 

  • 0

Advertisements


#2
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi Lee07666  :)

 

I'm 23red, and it'll be my pleasure to assist you with your malware issues.  I am currently reviewing your log.  In the meantime, I'd be grateful if you would note the following:

 

•  Please make sure to carefully read every post completely before doing anything.
 
•  If you're not sure, or if something unexpected happens do not continue! Stop and ask!  It is not a problem.
 
•  Please do not run any other scans or other software on your computer unless asked as it may make this repair more difficult.
 
•  Please stick with me until all malware is gone from your system.  Malware removal is not an instant process, just because you no longer see any symptoms it does not necessarily mean your system is completely clear.

 

•  Please copy/paste to Notepad and save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.

 

Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.

 

•  As I am currently in training, I will be helping you under the supervision of our Expert Teachers.   As such, there will likely be a delay between posts.   I do my best to respond as quick as I can.  I, like everyone else here am also a volunteer and sometimes life keeps me busy  ;)

 

•  Thank you for your understanding and I appreciate your patience.

 

Please allow some time to go through the log you posted.  I'll post back as soon as possible with instructions for you.

 

 


  • 0

#3
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi Lee07666 :)

There are quite a bit of remnants in there.  What I'd like to do before we proceed is take a look with a tool that looks more in depth.

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

 

When you return please post:

 

1.  FRST.txt
2.  Addition.txt


  • 0

#4
Lee07666

Lee07666

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:26-08-2014
Ran by Aliza (administrator) on FAMILY on 28-08-2014 08:38:08
Running from C:\Documents and Settings\Aliza\desktop
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 6
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
(SingleClick Systems) C:\Program Files\Dell Network Assistant\hnm_svc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Google Inc.) C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Google Inc.) C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16132608 2007-06-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [HPDJ Taskbar Utility] => C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [188416 2003-03-09] (HP)
HKLM\...\Run: [dellsupportcenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM\...\Run: [Easy Dock] => [X]
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5187088 2014-08-11] (AVG Technologies CZ, s.r.o.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-21-3534371746-1935322057-1064774181-1006\...\Run: [GoogleDriveSync] => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-3534371746-1935322057-1064774181-1006\...\Run: [Google Update] => C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2011-01-20] (Google Inc.)
HKU\S-1-5-21-3534371746-1935322057-1064774181-1006\...\Run: [Facebook Update] => C:\Documents and Settings\Aliza\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [138096 2012-12-23] (Facebook Inc.)
HKU\S-1-5-21-3534371746-1935322057-1064774181-1006\...\Run: [Easy Dock] => C:\Documents and Settings\Aliza\My Documents\RCA easyRip\EZDock.exe
HKU\S-1-5-21-3534371746-1935322057-1064774181-1006\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3534371746-1935322057-1064774181-1006\...\Run: [GoogleChromeAutoLaunch_ED68D1E178F10B5D80C7265BE712D9C5] => C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\Application\chrome.exe [860488 2014-08-06] (Google Inc.)
HKU\S-1-5-21-3534371746-1935322057-1064774181-1006\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-3534371746-1935322057-1064774181-1006\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21445248 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3534371746-1935322057-1064774181-1006\...\Run: [Xvid] => C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
Startup: C:\Documents and Settings\Aliza\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=OIE8HP&PC=B8MC
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.c...spx?tb_id=60027
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60027
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
SearchScopes: HKCU - DefaultScope {933F3547-731C-4CA9-B7F0-99F219C69580} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKCU - {933F3547-731C-4CA9-B7F0-99F219C69580} URL = https://search.yahoo...p={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Gaming support for ArcadeWeb -> {9F531FB1-7C1F-4E1A-8C0C-E8D6177130E2} -> C:\Documents and Settings\Aliza\Local Settings\Application Data\ArcadeWeb\arcadeweb32.dll No File
Toolbar: HKLM - StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll No File
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {F2CF5485-4E02-4F68-819C-B92DE9277049} -  No File
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.71.0.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab
DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} http://www.blackberr...re/AxLoader.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...101/CTSUEng.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15111/CTPID.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 167.206.245.135 167.206.245.136
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll No File
FF Plugin: @java.com/DTPlugin,version=10.15.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @movenetworks.com/Quantum Media Player -> C:\Documents and Settings\Aliza\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF Plugin: @real.com/nppl3260;version=16.0.1.18 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.1.18 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Aliza\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 -> C:\Documents and Settings\Aliza\Application Data\Facebook\npfbplugin_1_0_3.dll No File
FF Plugin HKCU: @movenetworks.com/Quantum Media Player -> C:\Documents and Settings\Aliza\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\Aliza\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npmozax.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\searchplugins\yahoo_ff.xml
FF Extension: ArcadeWeb - C:\Documents and Settings\Aliza\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] [2012-06-19]
FF Extension: InstantAction.com Game Launcher - C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\Extensions\[email protected] [2009-04-26]
FF Extension: RealArcade V3 Plugin - C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\Extensions\[email protected] [2008-08-06]
FF Extension: ArcadeWeb - C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\Extensions\[email protected] [2012-06-19]
FF Extension: Firebug - C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\Extensions\[email protected] [2011-06-11]
FF Extension: Firefox Old Version Update Hotfix - C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\Extensions\[email protected] [2014-08-11]
FF Extension: PutLockerDownloader - C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\Extensions\[email protected] [2012-11-06]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-09-19]
FF Extension: kaboodle - C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\Extensions\{21b88860-5e00-44dd-bdac-fca1f791837e}.xpi [2011-06-11]
FF Extension: SearchStatus - C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\Extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi [2011-06-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-05-30]
FF HKLM\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-03-30]
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Documents and Settings\Aliza\Application Data\Move Networks
FF Extension: Move Media Player - C:\Documents and Settings\Aliza\Application Data\Move Networks [2008-09-08]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSearchKeyword: Default -> google
CHR DefaultSearchProvider: Default -> google2
CHR DefaultSearchURL: Default -> https://www.google.c...q={searchTerms}
CHR DefaultSuggestURL: Default -> 
CHR CustomProfile: C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-05]
CHR Extension: (RealDownloader) - C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-03-30]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\Aliza\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-03-06]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3244048 2014-08-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-11] (AVG Technologies CZ, s.r.o.)
S3 DellAMBrokerService; C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe [76016 2007-10-11] ()
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2008-10-09] (Macrovision Europe Ltd.) [File not signed]
R2 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [455944 2010-05-14] ()
S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1838592 2008-04-15] (Google) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2014-08-27] (SurfRight B.V.)
R2 hnmsvc; C:\Program Files\Dell Network Assistant\hnm_svc.exe [112176 2007-05-25] (SingleClick Systems)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 LinksysUpdater; C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [204800 2008-01-15] () [File not signed]
S3 npggsvc; C:\WINDOWS\system32\GameMon.des [2870429 2009-04-26] (INCA Internet Co., Ltd.) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-14] (SupportSoft, Inc.)
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [190232 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R2 datunidr; C:\WINDOWS\System32\DRIVERS\datunidr.sys [5376 2007-08-23] (Gteko Ltd.)
S3 evserial; C:\WINDOWS\System32\DRIVERS\evserial.sys [53888 2008-05-19] (ELTIMA Software)
S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51024 2003-03-09] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16080 2003-03-09] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21456 2003-03-09] (HP)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 P1131VID; C:\WINDOWS\System32\DRIVERS\P1131Vid.sys [91241 2004-03-26] (Creative Technology Ltd.)
R2 Packet; C:\WINDOWS\System32\DRIVERS\packet.sys [12672 2006-12-18] (SingleClick Systems) [File not signed]
S3 PTproct; C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [116320 2014-06-27] (Power Software Ltd)
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
S3 tbhsd; C:\WINDOWS\System32\drivers\tbhsd.sys [27936 2008-02-20] (RapidSolution Software AG)
S3 TIEHDUSB; C:\WINDOWS\System32\drivers\tiehdusb.sys [49536 2004-02-04] (Texas Instruments Incorporated) [File not signed]
S3 VSBC; C:\WINDOWS\System32\DRIVERS\evsbc.sys [27904 2008-05-19] (ELTIMA Software)
S0 aktbdow; System32\drivers\qiov.sys [X]
U5 AppMgmt; C:\WINDOWS\system32\svchost.exe [14336 2008-04-13] (Microsoft Corporation)
S3 catchme; \??\C:\DOCUME~1\Aliza\LOCALS~1\Temp\catchme.sys [X]
S0 is3srv; system32\drivers\is3srv.sys [X]
S3 NVIDIAHWAccess; \??\C:\Documents and Settings\Aliza\Application Data\NVIDIA\HWAccess.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [79232 2008-04-13] (Microsoft Corporation)
S0 szkg5; system32\DRIVERS\szkg.sys [X]
S0 szkgfs; system32\drivers\szkgfs.sys [X]
U3 TlntSvr; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-28 08:38 - 2014-08-28 08:38 - 00026570 _____ () C:\Documents and Settings\Aliza\desktop\FRST.txt
2014-08-28 08:37 - 2014-08-28 08:38 - 00000000 ____D () C:\FRST
2014-08-28 08:35 - 2014-08-28 08:35 - 01095168 _____ (Farbar) C:\Documents and Settings\Aliza\desktop\FRST.exe
2014-08-27 19:06 - 2014-08-27 19:06 - 00001610 _____ () C:\Documents and Settings\All Users\desktop\HitmanPro.lnk
2014-08-27 19:05 - 2014-08-27 19:06 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-27 19:05 - 2014-08-27 19:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
2014-08-26 20:37 - 2014-08-27 21:33 - 00001686 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-26 20:13 - 2014-08-26 20:13 - 00015972 _____ () C:\Documents and Settings\Aliza\desktop\HitmanPro_20140826_2013.log
2014-08-26 19:45 - 2014-08-26 19:45 - 00001066 _____ () C:\Documents and Settings\Aliza\desktop\malwarebytes.txt
2014-08-26 19:13 - 2014-08-26 19:13 - 00005136 _____ () C:\Documents and Settings\Aliza\desktop\RKreport_SCN_08262014_191019.log
2014-08-26 18:49 - 2014-08-26 18:49 - 00000682 _____ () C:\Documents and Settings\All Users\desktop\CCleaner.lnk
2014-08-26 18:46 - 2014-08-26 18:46 - 00000000 _____ () C:\Documents and Settings\Aliza\defogger_reenable
2014-08-25 22:38 - 2014-08-25 22:38 - 00121106 _____ () C:\Documents and Settings\Aliza\desktop\OTL.Txt
2014-08-25 22:15 - 2014-08-25 22:15 - 00024649 _____ () C:\Documents and Settings\Aliza\desktop\Attach.txt
2014-08-25 22:15 - 2014-08-25 22:15 - 00015581 _____ () C:\Documents and Settings\Aliza\desktop\DDS.txt
2014-08-25 22:08 - 2014-08-25 22:08 - 00625664 _____ () C:\Documents and Settings\Aliza\desktop\dds.scr
2014-08-25 22:08 - 2014-08-25 22:08 - 00011822 _____ () C:\Documents and Settings\Aliza\desktop\hijackthis.log
2014-08-25 22:07 - 2014-08-25 22:07 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\Aliza\desktop\HiJackThis.exe
2014-08-24 01:01 - 2014-08-24 01:01 - 00000682 _____ () C:\Documents and Settings\All Users\desktop\PowerISO.lnk
2014-08-24 01:01 - 2014-08-24 01:01 - 00000000 ____D () C:\Program Files\PowerISO
2014-08-24 01:01 - 2014-08-24 01:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\PowerISO
2014-08-22 15:54 - 2014-08-22 15:54 - 00000000 ____D () C:\Documents and Settings\Aliza\My Documents\OneNote Notebooks
2014-08-18 19:21 - 2014-08-18 19:21 - 00000000 ____D () C:\Documents and Settings\Aliza\Local Settings\Application Data\Adobe
2014-08-16 12:43 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-08-16 12:39 - 2014-08-16 12:49 - 00000000 ____D () C:\AdwCleaner
2014-08-14 08:59 - 2014-08-14 08:59 - 00000000 ____D () C:\Documents and Settings\Default User\Application Data\TuneUp Software
2014-08-13 23:46 - 2014-08-13 23:46 - 00000000 ____D () C:\Documents and Settings\Aliza\Application Data\AVG2014
2014-08-13 23:44 - 2014-08-14 08:59 - 00000702 _____ () C:\Documents and Settings\All Users\desktop\AVG 2014.lnk
2014-08-13 23:44 - 2014-08-14 08:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-08-13 23:44 - 2014-08-13 23:44 - 00000000 ____D () C:\Documents and Settings\Aliza\Application Data\TuneUp Software
2014-08-13 23:43 - 2014-08-16 12:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-08-13 23:43 - 2014-08-13 23:43 - 00000000 ___HD () C:\$AVG
2014-08-13 23:43 - 2014-08-13 23:43 - 00000000 ____D () C:\Program Files\AVG
2014-08-13 23:41 - 2014-08-27 18:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-08-13 23:41 - 2014-08-13 23:48 - 00000000 ____D () C:\Documents and Settings\Aliza\Local Settings\Application Data\Avg2014
2014-08-13 23:41 - 2014-08-13 23:41 - 00000000 ____D () C:\Documents and Settings\Aliza\Local Settings\Application Data\MFAData
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-28 08:39 - 2011-07-02 20:09 - 00000000 ____D () C:\Documents and Settings\Aliza\Local Settings\temp
2014-08-28 08:38 - 2014-08-28 08:38 - 00026570 _____ () C:\Documents and Settings\Aliza\desktop\FRST.txt
2014-08-28 08:38 - 2014-08-28 08:37 - 00000000 ____D () C:\FRST
2014-08-28 08:37 - 2009-04-07 11:56 - 00000000 ____D () C:\Documents and Settings\Aliza\Application Data\Skype
2014-08-28 08:35 - 2014-08-28 08:35 - 01095168 _____ (Farbar) C:\Documents and Settings\Aliza\desktop\FRST.exe
2014-08-28 08:31 - 2012-11-30 16:34 - 00000978 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3534371746-1935322057-1064774181-1006UA.job
2014-08-28 08:11 - 2012-04-12 12:47 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-28 07:55 - 2011-11-20 13:56 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-28 06:08 - 2012-12-23 16:03 - 00000998 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3534371746-1935322057-1064774181-1006UA.job
2014-08-28 01:31 - 2012-11-30 16:34 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3534371746-1935322057-1064774181-1006Core.job
2014-08-28 00:08 - 2004-08-10 14:08 - 00032558 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-27 21:55 - 2010-02-07 19:28 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-27 21:37 - 2014-03-21 20:08 - 00000300 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3534371746-1935322057-1064774181-1006.job
2014-08-27 21:37 - 2013-03-30 22:15 - 00000308 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3534371746-1935322057-1064774181-1006.job
2014-08-27 21:36 - 2004-08-10 13:59 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-08-27 21:35 - 2013-03-30 22:16 - 00000278 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3534371746-1935322057-1064774181-1006.job
2014-08-27 21:35 - 2011-07-04 13:13 - 00000278 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3534371746-1935322057-1064774181-1006.job
2014-08-27 21:35 - 2010-08-29 11:43 - 00000282 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3534371746-1935322057-1064774181-1007.job
2014-08-27 21:35 - 2004-08-10 14:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-27 21:35 - 2004-08-10 13:59 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-08-27 21:33 - 2014-08-26 20:37 - 00001686 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-27 21:33 - 2008-04-26 16:08 - 00000178 ___SH () C:\Documents and Settings\Aliza\ntuser.ini
2014-08-27 21:33 - 2008-04-26 16:08 - 00000000 ____D () C:\Documents and Settings\Aliza
2014-08-27 20:18 - 2009-07-11 20:17 - 00000000 ____D () C:\Documents and Settings\Aliza\desktop\AVISHUA
2014-08-27 19:06 - 2014-08-27 19:06 - 00001610 _____ () C:\Documents and Settings\All Users\desktop\HitmanPro.lnk
2014-08-27 19:06 - 2014-08-27 19:05 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-27 19:06 - 2014-08-27 19:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
2014-08-27 18:01 - 2014-08-13 23:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-08-27 15:43 - 2011-11-23 13:47 - 00000290 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3534371746-1935322057-1064774181-1007.job
2014-08-27 15:08 - 2012-12-23 16:03 - 00000976 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3534371746-1935322057-1064774181-1006Core.job
2014-08-26 20:20 - 2014-07-22 19:34 - 00581829 _____ () C:\Documents and Settings\Aliza\desktop\MGlogs.zip
2014-08-26 20:20 - 2013-07-24 20:26 - 00581829 _____ () C:\MGlogs.zip
2014-08-26 20:20 - 2011-06-09 20:09 - 00000000 ____D () C:\MGtools
2014-08-26 20:20 - 2004-08-10 13:51 - 00002206 ____H () C:\WINDOWS\system32\wpa.dbl
2014-08-26 20:13 - 2014-08-26 20:13 - 00015972 _____ () C:\Documents and Settings\Aliza\desktop\HitmanPro_20140826_2013.log
2014-08-26 20:13 - 2014-07-18 17:31 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro
2014-08-26 19:45 - 2014-08-26 19:45 - 00001066 _____ () C:\Documents and Settings\Aliza\desktop\malwarebytes.txt
2014-08-26 19:13 - 2014-08-26 19:13 - 00005136 _____ () C:\Documents and Settings\Aliza\desktop\RKreport_SCN_08262014_191019.log
2014-08-26 19:13 - 2014-07-22 18:44 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-26 19:02 - 2014-07-22 18:33 - 00033512 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-08-26 18:55 - 2009-11-23 11:22 - 00000000 ____D () C:\Documents and Settings\Aliza\Application Data\TeamViewer
2014-08-26 18:52 - 2010-05-03 15:08 - 00000000 ____D () C:\WINDOWS\Minidump
2014-08-26 18:49 - 2014-08-26 18:49 - 00000682 _____ () C:\Documents and Settings\All Users\desktop\CCleaner.lnk
2014-08-26 18:49 - 2008-05-04 17:46 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-26 18:46 - 2014-08-26 18:46 - 00000000 _____ () C:\Documents and Settings\Aliza\defogger_reenable
2014-08-26 00:12 - 2008-08-15 10:05 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-08-25 22:38 - 2014-08-25 22:38 - 00121106 _____ () C:\Documents and Settings\Aliza\desktop\OTL.Txt
2014-08-25 22:15 - 2014-08-25 22:15 - 00024649 _____ () C:\Documents and Settings\Aliza\desktop\Attach.txt
2014-08-25 22:15 - 2014-08-25 22:15 - 00015581 _____ () C:\Documents and Settings\Aliza\desktop\DDS.txt
2014-08-25 22:08 - 2014-08-25 22:08 - 00625664 _____ () C:\Documents and Settings\Aliza\desktop\dds.scr
2014-08-25 22:08 - 2014-08-25 22:08 - 00011822 _____ () C:\Documents and Settings\Aliza\desktop\hijackthis.log
2014-08-25 22:07 - 2014-08-25 22:07 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\Aliza\desktop\HiJackThis.exe
2014-08-24 23:50 - 2008-04-26 16:08 - 00000000 ____D () C:\Documents and Settings\Aliza\Local Settings\Application Data\Google
2014-08-24 23:50 - 2008-04-15 01:30 - 00000000 ____D () C:\Program Files\Google
2014-08-24 23:47 - 2012-09-26 14:55 - 00000000 ___RD () C:\Documents and Settings\Aliza\My Documents\Google Drive
2014-08-24 23:46 - 2012-01-28 20:14 - 00000000 ____D () C:\Documents and Settings\Aliza\desktop\Aliza
2014-08-24 23:28 - 2012-05-02 20:09 - 00000000 ____D () C:\Documents and Settings\Aliza\Application Data\vlc
2014-08-24 19:31 - 2012-08-16 03:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2712808$
2014-08-24 14:01 - 2014-03-09 12:04 - 00002265 _____ () C:\Documents and Settings\All Users\desktop\Skype.lnk
2014-08-24 01:01 - 2014-08-24 01:01 - 00000682 _____ () C:\Documents and Settings\All Users\desktop\PowerISO.lnk
2014-08-24 01:01 - 2014-08-24 01:01 - 00000000 ____D () C:\Program Files\PowerISO
2014-08-24 01:01 - 2014-08-24 01:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\PowerISO
2014-08-24 00:54 - 2011-05-24 10:13 - 00000083 ____C () C:\WINDOWS\wwp.INI
2014-08-23 21:49 - 2011-07-04 13:13 - 00000286 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3534371746-1935322057-1064774181-1006.job
2014-08-22 22:15 - 2013-03-30 22:15 - 00000326 _____ () C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3534371746-1935322057-1064774181-1006.job
2014-08-22 19:57 - 2013-03-30 22:16 - 00000286 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3534371746-1935322057-1064774181-1006.job
2014-08-22 19:25 - 2011-01-15 20:29 - 00000000 ____D () C:\Documents and Settings\Aliza\desktop\CRAFTS
2014-08-22 15:54 - 2014-08-22 15:54 - 00000000 ____D () C:\Documents and Settings\Aliza\My Documents\OneNote Notebooks
2014-08-18 19:21 - 2014-08-18 19:21 - 00000000 ____D () C:\Documents and Settings\Aliza\Local Settings\Application Data\Adobe
2014-08-16 17:40 - 2008-04-26 16:08 - 00000803 _____ () C:\Documents and Settings\Aliza\Start Menu\Programs\Internet Explorer.lnk
2014-08-16 17:40 - 2008-04-26 16:08 - 00000000 ____D () C:\Documents and Settings\Aliza\Start Menu\Programs\Accessories
2014-08-16 17:15 - 2004-08-10 13:52 - 00000000 ____D () C:\WINDOWS\Help
2014-08-16 17:12 - 2009-09-28 19:08 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-08-16 17:09 - 2004-08-10 13:52 - 00000000 ____D () C:\WINDOWS\Media
2014-08-16 12:53 - 2014-08-13 23:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-08-16 12:49 - 2014-08-16 12:39 - 00000000 ____D () C:\AdwCleaner
2014-08-14 19:01 - 2011-06-30 15:58 - 00002284 _____ () C:\Documents and Settings\Aliza\desktop\Google Chrome.lnk
2014-08-14 18:28 - 2012-04-12 12:47 - 00699568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-08-14 18:28 - 2011-05-21 21:54 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-08-14 18:15 - 2014-07-24 18:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-14 18:15 - 2012-09-19 11:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-14 08:59 - 2014-08-14 08:59 - 00000000 ____D () C:\Documents and Settings\Default User\Application Data\TuneUp Software
2014-08-14 08:59 - 2014-08-13 23:44 - 00000702 _____ () C:\Documents and Settings\All Users\desktop\AVG 2014.lnk
2014-08-14 08:59 - 2014-08-13 23:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-08-14 01:11 - 2011-04-26 22:16 - 00000000 ____D () C:\Program Files\The Best-Seller Secret
2014-08-14 01:11 - 2011-04-26 22:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\The Best-Seller Secret
2014-08-13 23:48 - 2014-08-13 23:41 - 00000000 ____D () C:\Documents and Settings\Aliza\Local Settings\Application Data\Avg2014
2014-08-13 23:46 - 2014-08-13 23:46 - 00000000 ____D () C:\Documents and Settings\Aliza\Application Data\AVG2014
2014-08-13 23:44 - 2014-08-13 23:44 - 00000000 ____D () C:\Documents and Settings\Aliza\Application Data\TuneUp Software
2014-08-13 23:43 - 2014-08-13 23:43 - 00000000 ___HD () C:\$AVG
2014-08-13 23:43 - 2014-08-13 23:43 - 00000000 ____D () C:\Program Files\AVG
2014-08-13 23:41 - 2014-08-13 23:41 - 00000000 ____D () C:\Documents and Settings\Aliza\Local Settings\Application Data\MFAData
2014-08-13 10:44 - 2008-05-02 11:37 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-08-10 22:39 - 2008-09-22 13:22 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB952287$
2014-08-09 12:08 - 2010-02-25 21:33 - 00000000 ____D () C:\Documents and Settings\Aliza\Local Settings\Application Data\Temp
2014-08-06 17:08 - 2008-06-11 15:18 - 00049152 _____ () C:\Documents and Settings\Aliza\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-06 17:08 - 2004-08-10 13:51 - 00000997 ____H () C:\WINDOWS\win.ini
 
ZeroAccess:
C:\RECYCLER\S-1-5-18\$df9a53f7eed1859284a2f3edd8c07d49
 
Files to move or delete:
====================
C:\Documents and Settings\Aliza\hpothb07.dat
C:\Documents and Settings\Aliza\jagex_cl_runescape_LIVE.dat
C:\Documents and Settings\Aliza\jagex_runescape_preferences.dat
C:\Documents and Settings\Aliza\jagex_runescape_preferences2.dat
C:\Documents and Settings\Raimie\jagex_runescape_preferences.dat
 
 
Some content of TEMP:
====================
C:\Documents and Settings\Aliza\Local Settings\temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
 
 
ADDITION:
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:26-08-2014
Ran by Aliza at 2014-08-28 08:40:08
Running from C:\Documents and Settings\Aliza\desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG update module (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
3ivx MPEG-4 5.0.3 (remove only) (HKLM\...\3ivx MPEG-4 5.0.3) (Version: 5.0.3 - 3ivx Technologies, Pty. Ltd.)
Acrobat.com (HKLM\...\{6D8D64BE-F500-55B6-705D-DFD08AFE0624}) (Version: 1.7.186 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (HKLM\...\Adobe_6c8e2cb4fd241c55406016127a6ab2e) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe Color Common Settings (Version: 1.0.1 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Download Assistant (Version: 1.0.6 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (Version: 2.0.2 - Adobe Systems Incorporated) Hidden
Adobe Flash CS3 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS3 Professional (HKLM\...\Adobe_c3c7fe8b09d497ab2b3fd91c9353390) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Flash Video Encoder (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.0.626 - Adobe Systems, Inc.)
Adobe Type Support (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.0 - Adobe Systems Incorporated) Hidden
Apple Mobile Device Support (HKLM\...\{AFA20D47-69C3-4030-8DF8-D37466E70F13}) (Version: 2.4.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C23CD6DA-1958-43A5-ADD0-59396572E02E}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version:  - )
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4745 - AVG Technologies)
AVG 2014 (Version: 14.0.4007 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4745 - AVG Technologies) Hidden
Bonjour (HKLM\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
Box Shot 3D (HKLM\...\Box Shot 3D) (Version: 2.13 - www.BoxShot3D.com)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Citrix Online Launcher (HKLM\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Creative PC-CAM Center (HKLM\...\Creative PC-CAM Center) (Version:  - )
Creative WebCam Monitor (HKLM\...\Creative WebCam Monitor) (Version:  - )
Creative WebCam NX Pro Driver (1.03.03.0326) (HKLM\...\Creative PD1131) (Version:  - )
Creative WebCam NX Pro User's Guide (English) (HKLM\...\Creative WebCam NX Pro User's Guide English) (Version:  - )
CutePDF Writer 2.7 (HKLM\...\CutePDF Writer Installation) (Version:  - )
Dell Automated PC TuneUp (HKLM\...\{FE34691C-4298-4667-9758-D7F534DD0B94}) (Version: 1.0.3085 - Dell)
Dell DataSafe Online (HKLM\...\{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}) (Version: 1.0.21 - Dell, Inc.)
Dell Driver Reset Tool (HKLM\...\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}) (Version: 1.02.0000 - Dell Inc.)
Dell Network Assistant (HKLM\...\{0240BDFB-2995-4A3F-8C96-18D41282B716}) (Version: 3.0.0.0 - Dell Inc.)
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.09085 - Dell)
deskPDF 2.5 Professional Edition (HKLM\...\deskPDF 2.5 Professional_is1) (Version:  - Docudesk)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
ffdshow [rev 3285] [2010-02-25] (HKLM\...\ffdshow_is1) (Version: 1.0.0.3285 - )
FileZilla Client 3.6.0.2 (HKLM\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project)
FlipShare (HKLM\...\{B1C0D829-FE30-059E-E93F-CDC7A48235C0}) (Version: 5.6.35.0 - Flip Video)
Free Video Converter V 3.1 (HKLM\...\Free Video Converter_is1) (Version: 3.1.0.0 - Koyote Soft)
Glary Utilities 2.5.1 (HKLM\...\Glary Utilities_is1) (Version:  - GlaryUtilities.com)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: - - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 6.0.0.1259 (HKCU\...\GoToMeeting) (Version: 6.0.0.1259 - CitrixOnline)
Guitar Pro 5.2 (HKLM\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
Haali Media Splitter (HKLM\...\HaaliMkx) (Version:  - )
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.221 - SurfRight B.V.)
HP Memories Disc (HKLM\...\{B376402D-58EA-45EA-BD50-DD924EB67A70}) (Version: 1.0.4.805 - Hewlett-Packard Company)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{8EAB4100-B343-41AE-A880-418746998209}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® PRO Network Connections 12.1.8.0 (HKLM\...\{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}) (Version:  - Intel)
iTunes (HKLM\...\{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}) (Version: 8.1.1.10 - Apple Inc.)
Java 7 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)
Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
join.me (HKCU\...\JoinMe) (Version: 1.3.1.429 - LogMeIn, Inc.)
Linksys Updater (HKLM\...\{C15B6175-689A-4D97-A42C-7225353F60A7}) (Version: 1.1.8015.381 - Linksys)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2742597) (HKLM\...\M2742597) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version:  - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft VC9 runtime libraries (Version: 1.0.0 - AOL LLC) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000 - Adobe) Hidden
Move Media Player (HKCU\...\Move Media Player) (Version:  - Move Networks)
Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
Notepad++ (HKLM\...\Notepad++) (Version: 6.1.2 - )
PC Inspector File Recovery (HKLM\...\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}) (Version: 4.0 - )
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
PhotoPad Image Editor (HKLM\...\PhotoPad) (Version:  - NCH Software)
PixiePack Codec Pack (HKLM\...\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}) (Version: 0.10.6.0 - None)
Pixillion Image Converter (HKLM\...\Pixillion) (Version:  - NCH Software)
PowerISO (HKLM\...\PowerISO) (Version: 6.0 - Power Software Ltd)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM\...\PrimoPDF) (Version: 4.1.0.11 - Nitro PDF Software)
QuickBooks Pro 2006 (HKLM\...\{69B02159-7622-4DBB-B9EE-F933039830AD}) (Version:  - )
QuickTime (HKLM\...\{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}) (Version: 7.60.92.0 - Apple Inc.)
RealArcade (HKLM\...\RealArcade) (Version:  - )
RealDownloader (Version: 1.3.1 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recover Files 3.21 (HKLM\...\Recover Files_is1) (Version:  - Undelete & Unerase, Inc.)
Replay Converter 2.8 (HKLM\...\Replay_Converter_1) (Version:  - )
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.0 - Roxio)
Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.450.0 - SAMSUNG Electronics Co., Ltd.)
ScorpionSaver (HKLM\...\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SlimCleaner (HKLM\...\{AA6C33AF-8650-4E49-993A-D5701B783012}) (Version: 1.6.12570 - SlimWare Utilities, Inc.)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Switch Sound File Converter (HKLM\...\Switch) (Version:  - NCH Software)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab (HKLM\...\{9E1BAB75-EB78-440D-94C0-A3857BE2E733}) (Version: 4.1.71.0 - Husdawg, LLC)
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version:  - )
System Requirements Lab CYRI (HKLM\...\{E5F05232-96B6-4552-A480-785A60A94B21}) (Version: 5.0.6.0 - Husdawg, LLC)
TeamViewer 6 (HKLM\...\TeamViewer 6) (Version: 6.0.10722 - TeamViewer GmbH)
The Best-Seller Secret (HKLM\...\The Best-Seller Secret_is1) (Version:  - )
TI Connect 1.6 (HKLM\...\{A8B94669-8654-4126-BD28-D0D2412CDED6}) (Version: 1.6 - Texas Instruments Inc)
Traffic Travis 3.1.14 (HKLM\...\Traffic Travis_is1) (Version:  - Affilorama Ltd.)
Ultra QuickTime Converter 2.4.1127 (HKLM\...\Ultra QuickTime Converter_is1) (Version:  - Aone Software)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{620E77C0-CDFE-4C14-AAEB-830ABB65864C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{525A4A44-8940-40AD-ABA0-14501199D2F0}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{8153EC80-C988-4336-8DAF-6D99C0D26E0C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768024) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F5F9C863-59A7-40CA-8D86-E27D6B1D2617}) (Version:  - Microsoft)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951072-v2) (HKLM\...\KB951072-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WD SES Driver Setup (Version: 1.0.2.3 - Western Digital) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Widevine Media Optimizer Chrome 6.0.0 (HKCU\...\optimizer_chrome) (Version: 6.0.0.12757 - Widevine Technologies)
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Worms World Party (HKLM\...\{9A200E68-D5F4-4E70-910F-2871753A0E2B}) (Version:  - )
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3534371746-1935322057-1064774181-1006_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3534371746-1935322057-1064774181-1006_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Update\1.3.21.135\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-3534371746-1935322057-1064774181-1006_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3534371746-1935322057-1064774181-1006_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Update\1.3.21.57\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-3534371746-1935322057-1064774181-1006_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Documents and Settings\Aliza\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-3534371746-1935322057-1064774181-1006_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3534371746-1935322057-1064774181-1006_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3534371746-1935322057-1064774181-1006_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-3534371746-1935322057-1064774181-1006_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3534371746-1935322057-1064774181-1006_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3534371746-1935322057-1064774181-1006_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.143\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3534371746-1935322057-1064774181-1006_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Documents and Settings\Aliza\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-3534371746-1935322057-1064774181-1006_Classes\CLSID\{5F387297-4BDB-48CD-8DB0-ACAD1415FABA}\InprocServer32 -> C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Update\1.3.21.129\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-3534371746-1935322057-1064774181-1006_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Update\1.3.21.145\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-3534371746-1935322057-1064774181-1006_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Update\1.3.21.153\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-3534371746-1935322057-1064774181-1006_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1259\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3534371746-1935322057-1064774181-1006_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Documents and Settings\Aliza\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-3534371746-1935322057-1064774181-1006_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3534371746-1935322057-1064774181-1006_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Update\1.3.21.149\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-3534371746-1935322057-1064774181-1006_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-3534371746-1935322057-1064774181-1006_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-3534371746-1935322057-1064774181-1006_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3534371746-1935322057-1064774181-1006_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3534371746-1935322057-1064774181-1006_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Documents and Settings\Aliza\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-3534371746-1935322057-1064774181-1006_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3534371746-1935322057-1064774181-1006_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\InprocServer32 -> C:\Documents and Settings\Aliza\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-3534371746-1935322057-1064774181-1006_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\InprocServer32 -> C:\Documents and Settings\Aliza\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-3534371746-1935322057-1064774181-1006_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3534371746-1935322057-1064774181-1006_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3534371746-1935322057-1064774181-1006_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-3534371746-1935322057-1064774181-1006_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3534371746-1935322057-1064774181-1006_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\InprocServer32 -> C:\Documents and Settings\Aliza\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-3534371746-1935322057-1064774181-1006_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\InprocServer32 -> C:\Documents and Settings\Aliza\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-3534371746-1935322057-1064774181-1006_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Update\1.3.24.7\psuser.dll No (the data entry has 5 more characters).
 
==================== Restore Points  =========================
 
03-06-2014 00:14:19 System Checkpoint
03-06-2014 13:11:51 System Checkpoint
05-06-2014 03:38:27 System Checkpoint
06-06-2014 04:21:08 System Checkpoint
07-06-2014 05:06:54 System Checkpoint
08-06-2014 05:34:39 System Checkpoint
09-06-2014 05:59:36 System Checkpoint
10-06-2014 06:11:35 System Checkpoint
11-06-2014 06:13:56 System Checkpoint
12-06-2014 07:59:46 System Checkpoint
13-06-2014 09:59:46 System Checkpoint
14-06-2014 10:11:46 System Checkpoint
15-06-2014 11:57:33 System Checkpoint
16-06-2014 13:57:40 System Checkpoint
17-06-2014 14:04:11 System Checkpoint
19-06-2014 03:59:27 System Checkpoint
20-06-2014 05:25:58 System Checkpoint
21-06-2014 05:29:13 System Checkpoint
23-06-2014 03:40:51 System Checkpoint
24-06-2014 03:41:23 System Checkpoint
25-06-2014 05:28:02 System Checkpoint
26-06-2014 07:23:11 System Checkpoint
27-06-2014 07:25:10 System Checkpoint
28-06-2014 17:14:11 System Checkpoint
30-06-2014 06:25:01 System Checkpoint
01-07-2014 07:12:59 System Checkpoint
02-07-2014 08:18:28 System Checkpoint
03-07-2014 10:07:24 System Checkpoint
04-07-2014 11:47:14 System Checkpoint
05-07-2014 11:59:19 System Checkpoint
06-07-2014 15:30:19 System Checkpoint
07-07-2014 20:54:41 System Checkpoint
08-07-2014 21:38:40 System Checkpoint
10-07-2014 00:07:30 System Checkpoint
11-07-2014 03:19:09 System Checkpoint
12-07-2014 05:05:07 System Checkpoint
13-07-2014 06:06:17 System Checkpoint
14-07-2014 06:52:43 System Checkpoint
15-07-2014 07:47:28 System Checkpoint
16-07-2014 09:43:39 System Checkpoint
17-07-2014 11:44:47 System Checkpoint
18-07-2014 13:44:49 System Checkpoint
19-07-2014 20:21:56 System Checkpoint
21-07-2014 01:04:12 System Checkpoint
22-07-2014 03:28:46 System Checkpoint
22-07-2014 23:54:02 Removed Apple Application Support
22-07-2014 23:59:23 Removed Dynamic Web TWAIN Plug-in Trial
23-07-2014 00:00:30 Removed Google Earth Plug-in.
24-07-2014 04:35:27 System Checkpoint
25-07-2014 13:05:52 System Checkpoint
26-07-2014 17:12:18 System Checkpoint
27-07-2014 18:22:33 System Checkpoint
28-07-2014 18:23:34 System Checkpoint
29-07-2014 22:11:50 System Checkpoint
30-07-2014 22:38:05 System Checkpoint
31-07-2014 23:54:09 System Checkpoint
02-08-2014 00:26:47 System Checkpoint
03-08-2014 02:17:23 System Checkpoint
04-08-2014 04:33:07 System Checkpoint
05-08-2014 06:24:03 System Checkpoint
06-08-2014 08:07:37 System Checkpoint
07-08-2014 08:17:03 System Checkpoint
08-08-2014 09:06:41 System Checkpoint
09-08-2014 16:23:05 System Checkpoint
10-08-2014 17:51:44 System Checkpoint
11-08-2014 19:08:34 System Checkpoint
12-08-2014 22:12:43 System Checkpoint
13-08-2014 23:32:40 System Checkpoint
14-08-2014 03:43:16 Installed AVG 2014
14-08-2014 03:43:40 Installed AVG 2014
15-08-2014 04:20:08 System Checkpoint
16-08-2014 21:30:34 System Checkpoint
17-08-2014 23:23:03 System Checkpoint
19-08-2014 06:27:45 System Checkpoint
20-08-2014 06:47:08 System Checkpoint
21-08-2014 07:53:13 System Checkpoint
22-08-2014 13:06:24 System Checkpoint
23-08-2014 16:38:11 System Checkpoint
24-08-2014 19:19:40 System Checkpoint
25-08-2014 03:49:28 Removed Google Drive
26-08-2014 01:42:49 OTL Restore Point - 8/25/2014 9:42:37 PM
27-08-2014 03:57:49 System Checkpoint
28-08-2014 00:02:24 Checkpoint by HitmanPro
28-08-2014 01:06:23 Checkpoint by HitmanPro
28-08-2014 01:06:33 Checkpoint by HitmanPro
28-08-2014 01:15:13 Checkpoint by HitmanPro
28-08-2014 01:15:22 Checkpoint by HitmanPro
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-12-22 23:12 - 2013-07-24 20:51 - 00000098 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3534371746-1935322057-1064774181-1006Core.job => C:\Documents and Settings\Aliza\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3534371746-1935322057-1064774181-1006UA.job => C:\Documents and Settings\Aliza\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3534371746-1935322057-1064774181-1006Core.job => C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3534371746-1935322057-1064774181-1006UA.job => C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3534371746-1935322057-1064774181-1006.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3534371746-1935322057-1064774181-1006.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3534371746-1935322057-1064774181-1006.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3534371746-1935322057-1064774181-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3534371746-1935322057-1064774181-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3534371746-1935322057-1064774181-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3534371746-1935322057-1064774181-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3534371746-1935322057-1064774181-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3534371746-1935322057-1064774181-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\switchDowngrade.job => C:\Program Files\NCH Swift Sound\Switch\switch.exe
Task: C:\WINDOWS\Tasks\switchShakeIcon.job => C:\Program Files\NCH Swift Sound\Switch\switch.exe
 
==================== Loaded Modules (whitelisted) =============
 
2009-08-28 10:22 - 2007-07-12 22:33 - 00087552 _____ () C:\WINDOWS\system32\cpwmon2k.dll
2008-10-17 12:35 - 2008-03-25 13:51 - 00018790 _____ () C:\WINDOWS\system32\ddmon.dll
2009-08-28 10:11 - 2009-04-23 22:55 - 00176235 _____ () C:\WINDOWS\system32\Primomonnt.dll
2012-11-29 17:59 - 2012-11-29 17:59 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2008-04-15 01:29 - 2006-08-18 14:17 - 00056056 _____ () C:\WINDOWS\system32\DLAAPI_W.DLL
2010-09-06 21:50 - 2010-03-15 11:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2007-10-18 17:36 - 2007-10-18 17:36 - 00061440 _____ () C:\WINDOWS\system32\deskMenu2.dll
2011-07-18 17:04 - 2011-07-18 17:04 - 00296448 _____ () C:\Program Files\Notepad++\NppShell_04.dll
2009-06-03 17:18 - 2009-06-18 15:04 - 00043520 ____C () C:\WINDOWS\system32\CmdLineExt03.dll
2010-05-14 13:59 - 2010-05-14 13:59 - 00455944 _____ () C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
2010-05-14 13:38 - 2010-05-14 13:38 - 01581056 _____ () C:\Program Files\Flip Video\FlipShare\QtCore4.dll
2010-05-14 13:49 - 2010-05-14 13:49 - 02519040 _____ () C:\Program Files\Flip Video\FlipShare\Core.dll
2010-05-14 13:38 - 2010-05-14 13:38 - 00188416 _____ () C:\Program Files\Flip Video\FlipShare\QtSql4.dll
2010-05-14 13:38 - 2010-05-14 13:38 - 00356352 _____ () C:\Program Files\Flip Video\FlipShare\QtXml4.dll
2010-05-14 13:38 - 2010-05-14 13:38 - 06443008 _____ () C:\Program Files\Flip Video\FlipShare\QtGui4.dll
2010-05-14 13:41 - 2010-05-14 13:41 - 00708608 _____ () C:\Program Files\Flip Video\FlipShare\qca2.dll
2013-03-06 02:21 - 2013-03-06 02:21 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2004-08-10 13:50 - 2008-04-13 20:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-10 13:51 - 2008-04-13 20:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2004-08-10 13:51 - 2008-04-13 20:12 - 00192512 _____ () C:\WINDOWS\system32\qcap.dll
2014-08-14 19:00 - 2014-08-06 23:20 - 08537928 _____ () C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-14 19:00 - 2014-08-06 23:20 - 00353096 _____ () C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-14 19:00 - 2014-08-06 23:20 - 01732936 _____ () C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
2014-04-16 15:05 - 2014-02-10 13:44 - 04592128 _____ () C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-16 15:05 - 2014-02-10 13:44 - 00112128 _____ () C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2014-08-14 18:27 - 2014-08-14 18:28 - 17048240 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:63238B95
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A11F741D
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk => C:\WINDOWS\pss\Dell Network Assistant.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^officejet 6100.lnk => C:\WINDOWS\pss\officejet 6100.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup
MSCONFIG\startupreg: BitTorrent DNA => "C:\Program Files\DNA\btdna.exe"
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
MSCONFIG\startupreg: dscactivate => "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
MSCONFIG\startupreg: ECenter => C:\Dell\E-Center\EULALauncher.exe
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HPDJ Taskbar Utility => C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: RoxioDragToDisc => "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: swg => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSCONFIG\startupreg: uTorrent => "C:\Program Files\uTorrent\uTorrent.exe"
MSCONFIG\startupreg: Wisdom-soft AutoScreenRecorder 3.1 Pro => 0
MSCONFIG\startupreg: Yahoo! Pager => "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
 
==================== Faulty Device Manager Devices =============
 
Name: Motorola Surfboard 5120 USB Cable Modem
Description: Motorola Surfboard 5120 USB Cable Modem
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Beep
Description: Beep
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Beep
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/24/2014 11:50:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (08/23/2014 10:25:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 36.0.1985.143, faulting module kernel32.dll, version 5.1.2600.6293, fault address 0x0000985e.
Processing media-specific event for [chrome.exe!ws!]
 
Error: (08/23/2014 09:22:52 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This operation returned because the timeout period expired.
 
Error: (08/23/2014 07:16:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3969
 
Error: (08/23/2014 07:16:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3969
 
Error: (08/23/2014 07:16:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/23/2014 07:16:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1985
 
Error: (08/23/2014 07:16:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1985
 
Error: (08/23/2014 07:16:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/23/2014 00:12:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 26014610
 
 
System errors:
=============
Error: (08/27/2014 09:37:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Linksys Updater service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/27/2014 09:37:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
szkg5
szkgfs
 
Error: (08/27/2014 09:37:30 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Linksys Updater service hung on starting.
 
Error: (08/27/2014 09:37:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1060
 
Error: (08/27/2014 09:37:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device service failed to start due to the following error: 
%%1053
 
Error: (08/27/2014 09:37:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.
 
Error: (08/26/2014 08:41:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Linksys Updater service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/26/2014 08:41:55 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
szkg5
szkgfs
 
Error: (08/26/2014 08:41:55 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Linksys Updater service hung on starting.
 
Error: (08/26/2014 08:41:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1060
 
 
Microsoft Office Sessions:
=========================
Error: (01/13/2010 01:18:16 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 23666 seconds with 1920 seconds of active time.  This session ended with a crash.
 
Error: (10/26/2009 10:16:39 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 243080 seconds with 4380 seconds of active time.  This session ended with a crash.
 
Error: (04/30/2008 01:08:04 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 620 seconds with 180 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® Dual CPU E2160 @ 1.80GHz
Percentage of memory in use: 72%
Total physical RAM: 2037.1 MB
Available physical RAM: 558.77 MB
Total Pagefile: 3928.9 MB
Available Pagefile: 2449.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1952.14 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:148.96 GB) (Free:24.34 GB) NTFS ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#5
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi Lee07666 :)

 

Apologies for the delay.  I had to check further.  There are some damaged files from the ZeroAccess infection that was on the computer, and a few ZA remnants also though they do not appear to be active. There are also quite a bit of tool remnants that need to be removed. We'll take care of that as well.  Fresh tools are always better ;)

 

One other important item:  Your space!  Your HardDrive is almost full!

 

 

Drive C: | 148.96 Gb Total Space | 21.30 Gb Free Space | 14.30% Space Free

 

In my very humble experience, approaching half full on a drive slows down the computer.  Experts recommend atleast 20 percent free for a smooth running computer.

During this process, some will go, but you should try to copy important items elsewhere like a USB stick or external harddrive.  Having a little more Free Space will help in day to day performance.

Alrighty, let's get to it!

 

 

Step 1

Peer to Peer Warning

 

Looking through your log, I've also noticed you have BitTorrent and uTorrent installed. 

GeeksToGo does not recommend using such programs.  You should read the description of Peer-to-Peer programs below and decide for yourself.

Description of Peer-to-Peer (P2P) software:

 

P2P(Peer-to-Peer) may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. The program(s) may be safe, but there's no way to tell if the file being shared is infected. P2P programs, more often than not, install adware and/or spyware and worse still, some worms spread via P2P networks, infecting you as well.
Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

 

If you still need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing.

 

•  FBI Cyber Education Letter

•  infoworld

My suggestion would be for you to completely uninstall these what we call Optional Removals:

 

BitTorrent
 uTorrent

 

The choice is yours.  If you decide to keep it, please refrain from using it until we are finished with cleaning.

 

 

Step 2

FRST Fix

 

Download attached fixlist.txt file and save it to the Desktop.

 

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

 

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

 

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   2.38KB   180 downloads

 

When you return please post:

 

1.  Fixlog.txt
2.  How is the computer running now?

Thank you :)


  • 0

#6
Lee07666

Lee07666

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:29-08-2014
Ran by Aliza at 2014-08-29 15:49:09 Run:1
Running from C:\Documents and Settings\Aliza\desktop\VIRUS REMOVAL PROGRAMS
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
HKLM\...\Run: [] => [X]
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
FF Extension: ArcadeWeb - C:\Documents and Settings\Aliza\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] [2012-06-19]
C:\Documents and Settings\Aliza\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: PutLockerDownloader - C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\Extensions\[email protected] [2012-11-06]
C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\Extensions\[email protected]
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
S0 aktbdow; System32\drivers\qiov.sys [X]
S3 catchme; \??\C:\DOCUME~1\Aliza\LOCALS~1\Temp\catchme.sys [X]
S0 is3srv; system32\drivers\is3srv.sys [X]
S3 NVIDIAHWAccess; \??\C:\Documents and Settings\Aliza\Application Data\NVIDIA\HWAccess.sys [X]
ZeroAccess:
C:\RECYCLER\S-1-5-18\$df9a53f7eed1859284a2f3edd8c07d49
C:\Documents and Settings\Aliza\hpothb07.dat
C:\Documents and Settings\Aliza\jagex_cl_runescape_LIVE.dat
C:\Documents and Settings\Aliza\jagex_runescape_preferences.dat
C:\Documents and Settings\Aliza\jagex_runescape_preferences2.dat
C:\Documents and Settings\Raimie\jagex_runescape_preferences.dat
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
ScorpionSaver (HKLM\...\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:63238B95
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A11F741D
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
Replace:
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S0 szkg5; system32\DRIVERS\szkg.sys [X]
S0 szkgfs; system32\drivers\szkgfs.sys [X]
end
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5 entry 000000000003\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
C:\Documents and Settings\Aliza\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] => not found.
"C:\Documents and Settings\Aliza\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}" => File/Directory not found.
C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\Extensions\[email protected] => Moved successfully.
"C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\Extensions\[email protected]" => File/Directory not found.
ssmdrv => Service stopped successfully.
ssmdrv => Service deleted successfully.
aktbdow => Service deleted successfully.
catchme => Service not found.
is3srv => Service deleted successfully.
NVIDIAHWAccess => Service not found.
ZeroAccess: => Error: No automatic fix found for this entry.
"C:\RECYCLER\S-1-5-18\$df9a53f7eed1859284a2f3edd8c07d49" => File/Directory not found.
C:\Documents and Settings\Aliza\hpothb07.dat => Moved successfully.
C:\Documents and Settings\Aliza\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Documents and Settings\Aliza\jagex_runescape_preferences.dat => Moved successfully.
C:\Documents and Settings\Aliza\jagex_runescape_preferences2.dat => Moved successfully.
C:\Documents and Settings\Raimie\jagex_runescape_preferences.dat => Moved successfully.
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) => Error: No automatic fix found for this entry.
ScorpionSaver (HKLM\...\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION => Error: No automatic fix found for this entry.
C:\Documents and Settings\All Users\Application Data\TEMP => ":62E2D794" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":63238B95" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":A11F741D" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":DFC5A2B2" ADS removed successfully.
Could not find Replace:
Could not find Replace:
IDriverT => Service deleted successfully.
szkg5 => Service deleted successfully.
szkgfs => Service deleted successfully.
 
==== End of Fixlog ====

  • 0

#7
Lee07666

Lee07666

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

i was fast for about a hot minute, then things got slow again.

i opened a PDF...took forever, then froze completely when i tried closing it.

after that, opening browser windows takes a long time again.

 

question: i installed AVG protection (free version) and i noticed a LOT of processes running for it...at least 7, and they're all running at 15k and above (one is 60k).

is this normal and could this be part of the problem?

 

ps, i backed up and removed a LOT of files - how can i check to see if i've improved the open space ratio?

 

thanks


  • 0

#8
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi Lee07666 :)
 
Great work!   :thumbsup:
 

i was fast for about a hot minute, then things got slow again.
i opened a PDF...took forever, then froze completely when i tried closing it.
after that, opening browser windows takes a long time again.

 
 
Ok, thank you for that information xsmile.png.pagespeed.ic.CwSpBGGvqN.png There is still more work to do.
 
 

question: i installed AVG protection (free version) and i noticed a LOT of processes running for it...at least 7, and they're all running at 15k and above (one is 60k).
is this normal and could this be part of the problem?

 
 
It could very well be part of the problem as far as slow goes.  Avast! free is right now preferred by myself for XP.  I had found AVG slowed it down, it does have more running processes.  Avast! seems much better in that regard.  If you want to try another there is a list here with links.  Microsoft Security Essentials can no longer be used for XP, they stopped updating it for XP :(  There is a link for Avast! there also.  On my XP machine AVAST! added one running process.
It may be more to your liking as well ;)
 
Download your chosen Antivirus to your Desktop
Uninstall AVG via Start ~> Contol Panel ~> Add/remove Programs
If there are more than one, uninstall each.
Run the uninstaller for your version from this page
After that, reboot if you are not requested after the uninstall process
Then install your new choice.
Let it run a Full scan, and if you choose Avast!  a boot scan is offered, go ahead and run that.
Please advise if it finds anything.
 
 

how can i check to see if i've improved the open space ratio?

 
 
Click on Start ~> Computer ~> Right click on Drive C: ~> Choose Properties 
You will be able to see how much space is available.
 
Diskcleanup is here too, but please wait until we're done!  We'll do that also after all the rubbish and Tools are cleaned out.
 
 
Moving along:
 
Step 1
Fresh FRST log

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.

Step 2
SecurityCheck by Screen317:
 
Please also download Security Check by screen317.
•Save it to your Desktop.
•Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
•A Notepad document should open automatically called checkup.txt; please also post the contents of that document.
NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED!  Try rebooting the system and then run SecurityCheck again.

When you return please post:
 
1.  FRST.txt
2.  checkup.txt
 
Thank you :)


  • 0

#9
Lee07666

Lee07666

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2014 02
Ran by Aliza (administrator) on FAMILY on 02-09-2014 00:07:48
Running from C:\Documents and Settings\Aliza\desktop\VIRUS REMOVAL PROGRAMS
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 6
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
(SingleClick Systems) C:\Program Files\Dell Network Assistant\hnm_svc.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Google Inc.) C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16132608 2007-06-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [HPDJ Taskbar Utility] => C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [188416 2003-03-09] (HP)
HKLM\...\Run: [dellsupportcenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM\...\Run: [Easy Dock] => [X]
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-01] (AVAST Software)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-21-3534371746-1935322057-1064774181-1006\...\Run: [GoogleDriveSync] => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-3534371746-1935322057-1064774181-1006\...\Run: [Google Update] => C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2011-01-20] (Google Inc.)
HKU\S-1-5-21-3534371746-1935322057-1064774181-1006\...\Run: [Facebook Update] => C:\Documents and Settings\Aliza\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [138096 2012-12-23] (Facebook Inc.)
HKU\S-1-5-21-3534371746-1935322057-1064774181-1006\...\Run: [Easy Dock] => C:\Documents and Settings\Aliza\My Documents\RCA easyRip\EZDock.exe
HKU\S-1-5-21-3534371746-1935322057-1064774181-1006\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3534371746-1935322057-1064774181-1006\...\Run: [GoogleChromeAutoLaunch_ED68D1E178F10B5D80C7265BE712D9C5] => C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\Application\chrome.exe [860488 2014-08-06] (Google Inc.)
HKU\S-1-5-21-3534371746-1935322057-1064774181-1006\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-3534371746-1935322057-1064774181-1006\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-3534371746-1935322057-1064774181-1006\...\Run: [Xvid] => C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
Startup: C:\Documents and Settings\Aliza\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=OIE8HP&PC=B8MC
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.c...spx?tb_id=60027
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60027
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
SearchScopes: HKCU - DefaultScope {933F3547-731C-4CA9-B7F0-99F219C69580} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKCU - {933F3547-731C-4CA9-B7F0-99F219C69580} URL = https://search.yahoo...p={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Gaming support for ArcadeWeb -> {9F531FB1-7C1F-4E1A-8C0C-E8D6177130E2} -> C:\Documents and Settings\Aliza\Local Settings\Application Data\ArcadeWeb\arcadeweb32.dll No File
Toolbar: HKLM - StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll No File
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {F2CF5485-4E02-4F68-819C-B92DE9277049} -  No File
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.71.0.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab
DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} http://www.blackberr...re/AxLoader.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...101/CTSUEng.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15111/CTPID.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 167.206.245.135 167.206.245.136
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll No File
FF Plugin: @java.com/DTPlugin,version=10.15.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @movenetworks.com/Quantum Media Player -> C:\Documents and Settings\Aliza\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF Plugin: @real.com/nppl3260;version=16.0.1.18 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.1.18 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Aliza\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 -> C:\Documents and Settings\Aliza\Application Data\Facebook\npfbplugin_1_0_3.dll No File
FF Plugin HKCU: @movenetworks.com/Quantum Media Player -> C:\Documents and Settings\Aliza\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\Aliza\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npmozax.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\searchplugins\yahoo_ff.xml
FF Extension: InstantAction.com Game Launcher - C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\Extensions\[email protected] [2009-04-26]
FF Extension: RealArcade V3 Plugin - C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\Extensions\[email protected] [2008-08-06]
FF Extension: Widevine Media Optimizer - C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\Extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d} [2014-08-29]
FF Extension: Firebug - C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\Extensions\[email protected] [2011-06-11]
FF Extension: Firefox Old Version Update Hotfix - C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\Extensions\[email protected] [2014-08-11]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-09-19]
FF Extension: kaboodle - C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\Extensions\{21b88860-5e00-44dd-bdac-fca1f791837e}.xpi [2011-06-11]
FF Extension: SearchStatus - C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\Extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi [2011-06-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-05-30]
FF HKLM\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-03-30]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-01]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Documents and Settings\Aliza\Application Data\Move Networks
FF Extension: Move Media Player - C:\Documents and Settings\Aliza\Application Data\Move Networks [2008-09-08]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSearchKeyword: Default -> google
CHR DefaultSearchProvider: Default -> google2
CHR DefaultSearchURL: Default -> https://www.google.c...q={searchTerms}
CHR DefaultSuggestURL: Default -> 
CHR CustomProfile: C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-05]
CHR Extension: (avast! Online Security) - C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-01]
CHR Extension: (RealDownloader) - C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-03-30]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-01]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\Aliza\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-03-06]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Aliza\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-01] (AVAST Software)
S3 DellAMBrokerService; C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe [76016 2007-10-11] ()
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2008-10-09] (Macrovision Europe Ltd.) [File not signed]
R2 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [455944 2010-05-14] ()
S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1838592 2008-04-15] (Google) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2014-08-28] (SurfRight B.V.)
R2 hnmsvc; C:\Program Files\Dell Network Assistant\hnm_svc.exe [112176 2007-05-25] (SingleClick Systems)
S2 LinksysUpdater; C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [204800 2008-01-15] () [File not signed]
S3 npggsvc; C:\WINDOWS\system32\GameMon.des [2870429 2009-04-26] (INCA Internet Co., Ltd.) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-14] (SupportSoft, Inc.)
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-09-01] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-09-01] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-09-01] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-09-01] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-09-01] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-09-01] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-09-01] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-09-01] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R2 datunidr; C:\WINDOWS\System32\DRIVERS\datunidr.sys [5376 2007-08-23] (Gteko Ltd.)
S3 evserial; C:\WINDOWS\System32\DRIVERS\evserial.sys [53888 2008-05-19] (ELTIMA Software)
S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51024 2003-03-09] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16080 2003-03-09] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21456 2003-03-09] (HP)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 P1131VID; C:\WINDOWS\System32\DRIVERS\P1131Vid.sys [91241 2004-03-26] (Creative Technology Ltd.)
R2 Packet; C:\WINDOWS\System32\DRIVERS\packet.sys [12672 2006-12-18] (SingleClick Systems) [File not signed]
S3 PTproct; C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [116320 2014-06-27] (Power Software Ltd)
S3 tbhsd; C:\WINDOWS\System32\drivers\tbhsd.sys [27936 2008-02-20] (RapidSolution Software AG)
S3 TIEHDUSB; C:\WINDOWS\System32\drivers\tiehdusb.sys [49536 2004-02-04] (Texas Instruments Incorporated) [File not signed]
S3 VSBC; C:\WINDOWS\System32\DRIVERS\evsbc.sys [27904 2008-05-19] (ELTIMA Software)
U5 AppMgmt; C:\WINDOWS\system32\svchost.exe [14336 2008-04-13] (Microsoft Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [79232 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-01 23:56 - 2014-09-02 00:04 - 00000300 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3534371746-1935322057-1064774181-1006.job
2014-09-01 22:36 - 2014-09-01 22:36 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-09-01 22:29 - 2014-09-01 22:29 - 00001627 _____ () C:\WINDOWS\setupapi.log
2014-09-01 22:12 - 2014-09-01 22:12 - 00000000 ____D () C:\Documents and Settings\Aliza\Application Data\AVAST Software
2014-09-01 22:11 - 2014-09-01 22:11 - 00001733 _____ () C:\Documents and Settings\All Users\desktop\avast! Free Antivirus.lnk
2014-09-01 22:11 - 2014-09-01 22:11 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-09-01 22:11 - 2014-09-01 22:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2014-09-01 22:10 - 2014-09-02 00:03 - 00000314 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-09-01 22:09 - 2014-09-01 22:10 - 00414520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-09-01 22:09 - 2014-09-01 22:09 - 00779536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-09-01 22:09 - 2014-09-01 22:09 - 00276432 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-09-01 22:09 - 2014-09-01 22:09 - 00192352 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-09-01 22:09 - 2014-09-01 22:09 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-09-01 22:09 - 2014-09-01 22:09 - 00057800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-09-01 22:09 - 2014-09-01 22:09 - 00055112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-09-01 22:09 - 2014-09-01 22:09 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-09-01 22:09 - 2014-09-01 22:09 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-09-01 22:09 - 2014-09-01 22:09 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-09-01 22:07 - 2014-09-01 22:07 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-01 22:06 - 2014-09-01 22:07 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-08-31 13:15 - 2014-09-01 22:14 - 00000000 ____D () C:\Documents and Settings\Aliza\Application Data\uTorrent
2014-08-30 20:52 - 2014-08-30 20:52 - 00006406 _____ () C:\Documents and Settings\Aliza\desktop\HitmanPro_20140830_2052.log
2014-08-29 15:41 - 2014-09-02 00:07 - 00000000 ____D () C:\FRST
2014-08-27 19:05 - 2014-08-27 19:06 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-27 19:05 - 2014-08-27 19:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
2014-08-26 20:37 - 2014-09-01 23:52 - 00008197 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-26 18:46 - 2014-08-26 18:46 - 00000000 _____ () C:\Documents and Settings\Aliza\defogger_reenable
2014-08-25 22:08 - 2014-08-25 22:08 - 00011822 _____ () C:\Documents and Settings\Aliza\desktop\hijackthis.log
2014-08-24 01:01 - 2014-08-24 01:01 - 00000682 _____ () C:\Documents and Settings\All Users\desktop\PowerISO.lnk
2014-08-24 01:01 - 2014-08-24 01:01 - 00000000 ____D () C:\Program Files\PowerISO
2014-08-24 01:01 - 2014-08-24 01:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\PowerISO
2014-08-22 15:54 - 2014-08-22 15:54 - 00000000 ____D () C:\Documents and Settings\Aliza\My Documents\OneNote Notebooks
2014-08-18 19:21 - 2014-08-18 19:21 - 00000000 ____D () C:\Documents and Settings\Aliza\Local Settings\Application Data\Adobe
2014-08-16 12:43 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-08-16 12:39 - 2014-08-16 12:49 - 00000000 ____D () C:\AdwCleaner
2014-08-14 08:59 - 2014-08-14 08:59 - 00000000 ____D () C:\Documents and Settings\Default User\Application Data\TuneUp Software
2014-08-13 23:46 - 2014-08-13 23:46 - 00000000 ____D () C:\Documents and Settings\Aliza\Application Data\AVG2014
2014-08-13 23:44 - 2014-08-13 23:44 - 00000000 ____D () C:\Documents and Settings\Aliza\Application Data\TuneUp Software
2014-08-13 23:41 - 2014-09-01 22:31 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-08-13 23:41 - 2014-09-01 22:30 - 00000000 ____D () C:\Documents and Settings\Aliza\Local Settings\Application Data\Avg2014
2014-08-13 23:41 - 2014-08-13 23:41 - 00000000 ____D () C:\Documents and Settings\Aliza\Local Settings\Application Data\MFAData
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-02 00:08 - 2012-12-23 16:03 - 00000998 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3534371746-1935322057-1064774181-1006UA.job
2014-09-02 00:08 - 2011-07-02 20:09 - 00000000 ____D () C:\Documents and Settings\Aliza\Local Settings\temp
2014-09-02 00:07 - 2014-08-29 15:41 - 00000000 ____D () C:\FRST
2014-09-02 00:04 - 2014-09-01 23:56 - 00000300 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3534371746-1935322057-1064774181-1006.job
2014-09-02 00:03 - 2014-09-01 22:10 - 00000314 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-09-02 00:03 - 2013-03-30 22:15 - 00000308 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3534371746-1935322057-1064774181-1006.job
2014-09-02 00:03 - 2009-04-07 11:56 - 00000000 ____D () C:\Documents and Settings\Aliza\Application Data\Skype
2014-09-02 00:02 - 2013-03-30 22:16 - 00000278 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3534371746-1935322057-1064774181-1006.job
2014-09-02 00:02 - 2011-07-04 13:13 - 00000278 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3534371746-1935322057-1064774181-1006.job
2014-09-02 00:02 - 2010-08-29 11:43 - 00000282 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3534371746-1935322057-1064774181-1007.job
2014-09-02 00:02 - 2010-02-07 19:28 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-02 00:02 - 2004-08-10 13:59 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-09-02 00:02 - 2004-08-10 13:59 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-09-02 00:01 - 2004-08-10 14:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-01 23:56 - 2011-11-20 13:56 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-01 23:52 - 2014-08-26 20:37 - 00008197 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-01 23:52 - 2008-04-26 16:08 - 00000178 ___SH () C:\Documents and Settings\Aliza\ntuser.ini
2014-09-01 23:52 - 2004-08-10 14:08 - 00032308 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-01 23:31 - 2012-11-30 16:34 - 00000978 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3534371746-1935322057-1064774181-1006UA.job
2014-09-01 23:11 - 2012-04-12 12:47 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-01 22:40 - 2010-02-25 21:33 - 00000000 ____D () C:\Documents and Settings\Aliza\Local Settings\Application Data\Temp
2014-09-01 22:36 - 2014-09-01 22:36 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-09-01 22:36 - 2008-10-07 17:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-09-01 22:31 - 2014-08-13 23:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-09-01 22:30 - 2014-08-13 23:41 - 00000000 ____D () C:\Documents and Settings\Aliza\Local Settings\Application Data\Avg2014
2014-09-01 22:29 - 2014-09-01 22:29 - 00001627 _____ () C:\WINDOWS\setupapi.log
2014-09-01 22:15 - 2013-03-30 22:15 - 00000326 _____ () C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3534371746-1935322057-1064774181-1006.job
2014-09-01 22:14 - 2014-08-31 13:15 - 00000000 ____D () C:\Documents and Settings\Aliza\Application Data\uTorrent
2014-09-01 22:12 - 2014-09-01 22:12 - 00000000 ____D () C:\Documents and Settings\Aliza\Application Data\AVAST Software
2014-09-01 22:11 - 2014-09-01 22:11 - 00001733 _____ () C:\Documents and Settings\All Users\desktop\avast! Free Antivirus.lnk
2014-09-01 22:11 - 2014-09-01 22:11 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-09-01 22:11 - 2014-09-01 22:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2014-09-01 22:10 - 2014-09-01 22:09 - 00414520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-09-01 22:09 - 2014-09-01 22:09 - 00779536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-09-01 22:09 - 2014-09-01 22:09 - 00276432 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-09-01 22:09 - 2014-09-01 22:09 - 00192352 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-09-01 22:09 - 2014-09-01 22:09 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-09-01 22:09 - 2014-09-01 22:09 - 00057800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-09-01 22:09 - 2014-09-01 22:09 - 00055112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-09-01 22:09 - 2014-09-01 22:09 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-09-01 22:09 - 2014-09-01 22:09 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-09-01 22:09 - 2014-09-01 22:09 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-09-01 22:07 - 2014-09-01 22:07 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-01 22:07 - 2014-09-01 22:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-09-01 22:02 - 2012-05-02 20:09 - 00000000 ____D () C:\Documents and Settings\Aliza\Application Data\vlc
2014-09-01 15:08 - 2012-12-23 16:03 - 00000976 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3534371746-1935322057-1064774181-1006Core.job
2014-09-01 01:31 - 2012-11-30 16:34 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3534371746-1935322057-1064774181-1006Core.job
2014-08-31 21:43 - 2008-06-11 15:18 - 00051712 _____ () C:\Documents and Settings\Aliza\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-31 21:43 - 2004-08-10 13:51 - 00000997 ____H () C:\WINDOWS\win.ini
2014-08-31 10:24 - 2014-03-09 12:04 - 00002265 _____ () C:\Documents and Settings\All Users\desktop\Skype.lnk
2014-08-30 21:49 - 2011-07-04 13:13 - 00000286 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3534371746-1935322057-1064774181-1006.job
2014-08-30 20:52 - 2014-08-30 20:52 - 00006406 _____ () C:\Documents and Settings\Aliza\desktop\HitmanPro_20140830_2052.log
2014-08-30 20:21 - 2014-07-24 18:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-30 20:21 - 2012-09-19 11:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-30 20:20 - 2008-04-26 16:08 - 00000000 ____D () C:\Documents and Settings\Aliza
2014-08-30 20:19 - 2011-07-02 20:09 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-08-29 19:57 - 2013-03-30 22:16 - 00000286 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3534371746-1935322057-1064774181-1006.job
2014-08-29 19:26 - 2012-09-19 11:14 - 00000724 _____ () C:\Documents and Settings\All Users\desktop\Mozilla Firefox.lnk
2014-08-29 19:26 - 2011-06-11 17:42 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-29 16:59 - 2012-01-28 20:14 - 00000000 ____D () C:\Documents and Settings\Aliza\desktop\Aliza
2014-08-29 16:52 - 2010-12-26 17:55 - 00000000 ____D () C:\Documents and Settings\Aliza\desktop\Paradoxical Press
2014-08-29 16:10 - 2009-12-26 16:28 - 00000000 ____D () C:\Documents and Settings\Aliza\desktop\WP Base
2014-08-29 15:49 - 2008-06-15 16:26 - 00000000 ____D () C:\Documents and Settings\Raimie
2014-08-28 20:51 - 2014-07-22 18:33 - 00033512 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-08-27 19:06 - 2014-08-27 19:05 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-27 19:06 - 2014-08-27 19:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
2014-08-27 15:43 - 2011-11-23 13:47 - 00000290 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3534371746-1935322057-1064774181-1007.job
2014-08-26 20:20 - 2013-07-24 20:26 - 00581829 _____ () C:\MGlogs.zip
2014-08-26 20:20 - 2011-06-09 20:09 - 00000000 ____D () C:\MGtools
2014-08-26 20:20 - 2004-08-10 13:51 - 00002206 ____H () C:\WINDOWS\system32\wpa.dbl
2014-08-26 20:13 - 2014-07-18 17:31 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro
2014-08-26 19:13 - 2014-07-22 18:44 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-26 18:55 - 2009-11-23 11:22 - 00000000 ____D () C:\Documents and Settings\Aliza\Application Data\TeamViewer
2014-08-26 18:52 - 2010-05-03 15:08 - 00000000 ____D () C:\WINDOWS\Minidump
2014-08-26 18:49 - 2008-05-04 17:46 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-26 18:46 - 2014-08-26 18:46 - 00000000 _____ () C:\Documents and Settings\Aliza\defogger_reenable
2014-08-26 00:12 - 2008-08-15 10:05 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-08-25 22:08 - 2014-08-25 22:08 - 00011822 _____ () C:\Documents and Settings\Aliza\desktop\hijackthis.log
2014-08-24 23:50 - 2008-04-26 16:08 - 00000000 ____D () C:\Documents and Settings\Aliza\Local Settings\Application Data\Google
2014-08-24 23:50 - 2008-04-15 01:30 - 00000000 ____D () C:\Program Files\Google
2014-08-24 23:47 - 2012-09-26 14:55 - 00000000 ___RD () C:\Documents and Settings\Aliza\My Documents\Google Drive
2014-08-24 19:31 - 2012-08-16 03:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2712808$
2014-08-24 01:01 - 2014-08-24 01:01 - 00000682 _____ () C:\Documents and Settings\All Users\desktop\PowerISO.lnk
2014-08-24 01:01 - 2014-08-24 01:01 - 00000000 ____D () C:\Program Files\PowerISO
2014-08-24 01:01 - 2014-08-24 01:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\PowerISO
2014-08-24 00:54 - 2011-05-24 10:13 - 00000083 ____C () C:\WINDOWS\wwp.INI
2014-08-22 19:25 - 2011-01-15 20:29 - 00000000 ____D () C:\Documents and Settings\Aliza\desktop\CRAFTS
2014-08-22 15:54 - 2014-08-22 15:54 - 00000000 ____D () C:\Documents and Settings\Aliza\My Documents\OneNote Notebooks
2014-08-18 19:21 - 2014-08-18 19:21 - 00000000 ____D () C:\Documents and Settings\Aliza\Local Settings\Application Data\Adobe
2014-08-16 17:40 - 2008-04-26 16:08 - 00000803 _____ () C:\Documents and Settings\Aliza\Start Menu\Programs\Internet Explorer.lnk
2014-08-16 17:40 - 2008-04-26 16:08 - 00000000 ____D () C:\Documents and Settings\Aliza\Start Menu\Programs\Accessories
2014-08-16 17:15 - 2004-08-10 13:52 - 00000000 ____D () C:\WINDOWS\Help
2014-08-16 17:12 - 2009-09-28 19:08 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-08-16 17:09 - 2004-08-10 13:52 - 00000000 ____D () C:\WINDOWS\Media
2014-08-16 12:49 - 2014-08-16 12:39 - 00000000 ____D () C:\AdwCleaner
2014-08-14 19:01 - 2011-06-30 15:58 - 00002284 _____ () C:\Documents and Settings\Aliza\desktop\Google Chrome.lnk
2014-08-14 18:28 - 2012-04-12 12:47 - 00699568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-08-14 18:28 - 2011-05-21 21:54 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-08-14 08:59 - 2014-08-14 08:59 - 00000000 ____D () C:\Documents and Settings\Default User\Application Data\TuneUp Software
2014-08-13 23:46 - 2014-08-13 23:46 - 00000000 ____D () C:\Documents and Settings\Aliza\Application Data\AVG2014
2014-08-13 23:44 - 2014-08-13 23:44 - 00000000 ____D () C:\Documents and Settings\Aliza\Application Data\TuneUp Software
2014-08-13 23:41 - 2014-08-13 23:41 - 00000000 ____D () C:\Documents and Settings\Aliza\Local Settings\Application Data\MFAData
2014-08-13 10:44 - 2008-05-02 11:37 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-08-10 22:39 - 2008-09-22 13:22 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB952287$
 
Some content of TEMP:
====================
C:\Documents and Settings\Aliza\Local Settings\temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================

  • 0

#10
Lee07666

Lee07666

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
 Results of screen317's Security Check version 0.99.87  
 Windows XP Service Pack 3 x86   
 Internet Explorer 6 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 avast! Free Antivirus    
 McAfee Security Scan Plus   
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
 SlimCleaner     
 Java 7 Update 40  
 Java version out of Date! 
 Adobe Flash Player 14.0.0.179  
 Adobe Reader 9  
 Adobe Reader XI  
 Mozilla Firefox (31.0) 
````````Process Check: objlist.exe by Laurent````````  
 Aliza desktop VIRUS REMOVAL PROGRAMS FRST.exe 
 Aliza Desktop VIRUS REMOVAL PROGRAMS SecurityCheck.exe 
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 37% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 

  • 0

Advertisements


#11
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi Lee07666 :)
 
Lookin' good! Great work!   :thumbsup:

 A bit more cleaning and some double checking to do:
 
 
Step 1.
Uninstalls

1. 
Click on Start, go to All Programs
Open McAfee Security Scan Plus folder
Select Uninstall
This probably came to your computer unrequested via another program download.

2.
!! Registry Cleaner Warning !!

 

There are signs of multiple programs that are currently installed on your computer that contain registry cleaners.  A registry cleaner will not increase your system's speed or performance, and has the potential to break your registry to the point that your PC is no longer bootable. At GeekstoGo we strongly advise that people stay away from any of the registry cleaners out there.
Go here to get more information about why registry cleaners aren't needed. Technet blog also discusses this issue as well as Ed Bott.
To that end, there are many posts in the forum here about "I used HitmanPro and now my computer won't boot".  It's just not safe.

I recommend you uninstall and to not use these types of programs.

These programs are:

 

SlimCleaner
CCleaner
HitmanPro

 

 

 

Step 2.
FRST Fix
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attached File  fixlist.txt   310bytes   221 downloads
 
Step 3.
Junkware Removal Tool
 
•   Please download Junkware Removal Tool to your desktop.
•  Shut down your protection software now to avoid potential conflicts.
•  Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
•  The tool will open and start scanning your system.
•  Please be patient as this can take a while to complete depending on your system's specifications.
•  On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•  Post the contents of JRT.txt into your next post.
 

 

Step 4.
Malwarebytes

 

You have Malwarebytes installed. 

Please Update and run a full scan and post the results.

 

 

 

Step 5.
ESET Online Scan

 


  • Please go here and click on 1.JPG
  • Note: This site is optimized for Internet Explorer. Please use it for this scan. If you wish to use Firefox or Chrome you will be asked to download the ESET Smart Installer first (esetsmartinstaller_enu.exe). Go ahead and download and run this file.
  • Please accept the ESET Online Scanner EULA and click Start.
  • If prompted, allow the Add-On/Active X to install. If you have problems with this step please see this link.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
  • 2.JPG
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the contents of the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
    Note: Copy/Paste the contents of the log.txt file before going on to the next step or the log file will be removed.
  • Also be sure to check Uninstall Application on Close before clicking finish.
  • Paste that log as a part of your next post.

 

 

When you return please post:

 

1.  Fixlog.txt
2.  JRT.txt
3.  Malwarebytes log
4.  ESET log

5.  How is the computer running?

 

Thank you xsmile.png.pagespeed.ic.CwSpBGGvqN.png


  • 0

#12
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Is everything ok?  Do you need more time? 


  • 0

#13
Lee07666

Lee07666

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

yes, sorry - very busy week. here are results first of ESET.

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=f9749b073f7abb4cbc0e77288b7c6a50
# engine=20043
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-07 08:29:29
# local_time=2014-09-07 04:29:29 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 95 0 5398454 0 0
# scanned=253852
# found=27
# cleaned=0
# scan_time=7781
sh=70ED30AD95C95C154C9516EA069AFDF9ECEBCF26 ft=1 fh=4f84a5b760c1dd42 vn="a variant of Win32/Toolbar.Widgi.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Documents and Settings\Aliza\Application Data\Search Protection\Uninstall.exe.vir"
sh=43A205985790C47A7E611FA2D3CAB9B4EB59121F ft=1 fh=5bd497922ffc5928 vn="a variant of Win32/Toolbar.Babylon.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Documents and Settings\Aliza\Local Settings\Application Data\Babylon\Setup\BExternal.dll.vir"
sh=1B2801DD02E9D9B7F27789ED161BC1761943E921 ft=1 fh=8073091e54552e56 vn="a variant of Win32/Toolbar.Babylon.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Documents and Settings\Aliza\Local Settings\Application Data\Babylon\Setup\IECookieLow.dll.vir"
sh=3A9D7D4639B5EB8BEC42DF972C44493690EAADFC ft=1 fh=b8a59cf28e1dc165 vn="a variant of Win32/Toolbar.Babylon.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Documents and Settings\Aliza\Local Settings\Application Data\Babylon\Setup\Setup.exe.vir"
sh=BE31458AEC18D1322FAB3088E8D2AE7D7E0D2DE6 ft=1 fh=100d65ff0418f116 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Documents and Settings\Aliza\desktop\Stuff for People and Clients\EPS\mp3rocket.exe"
sh=8A893FE3C1376F3C1B0F67A9514CBE621B717D98 ft=1 fh=667b25980f774106 vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\Documents and Settings\Aliza\desktop\VIRUS REMOVAL PROGRAMS\cbsidlm-tr1_13-HitmanPro_3_32bit-ORG-10895604.exe"
sh=D12F2B7B95F3EB52E57E5E034F4315F4716670FF ft=1 fh=fa0e3acfd523f7f9 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Documents and Settings\Aliza\desktop\VIRUS REMOVAL PROGRAMS\ccsetup415.exe"
sh=659FBEBB44AF4BCC17CD002C1B2619BF2F4D97BF ft=1 fh=a1a0739888129ca4 vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\Documents and Settings\Aliza\desktop\VIRUS REMOVAL PROGRAMS\defragsetup.exe"
sh=1DE5D70A411EBBF4441FD569E7427CC28A4D6B13 ft=1 fh=b572351b8a033ea9 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Documents and Settings\Aliza\My Documents\Downloads\ccsetup417.exe"
sh=B1F7740AC46A1750FC10DC4768D89DFCAD77E85C ft=1 fh=37bbe5db5c9182cf vn="Win32/Toolbar.Babylon.T potentially unwanted application" ac=I fn="C:\Documents and Settings\Aliza\My Documents\Downloads\ReimageRepair.exe"
sh=890368473ECBC404DCD42FF0C6C38397102F59C0 ft=1 fh=4c7db45bf4256cb3 vn="Win32/PrcView potentially unsafe application" ac=I fn="C:\MGtools\Process.exe"
sh=0FFD65212481622C151E2E66D98F4CA6D9269AD8 ft=1 fh=9f2626f90b9204b0 vn="a variant of Win32/Toolbar.Conduit.I potentially unwanted application" ac=I fn="C:\Program Files\NCH Swift Sound\Switch\switch.exe"
sh=F45393839F1B5845EE5CC47D79AE3C0F8C09E269 ft=1 fh=33d17987dc12a5dc vn="a variant of Win32/Toolbar.Conduit.I potentially unwanted application" ac=I fn="C:\Program Files\NCH Swift Sound\Switch\switchsetup_v2.04.exe"
sh=7B0E7780E69F1C239D079B81D4BB1A0E5EE01CE2 ft=1 fh=651862330b9204b0 vn="a variant of Win32/Toolbar.Conduit.I potentially unwanted application" ac=I fn="C:\Program Files\NCH Swift Sound\Switch\uninst.exe"
sh=867282DD945C5685342C99401A6D059623665297 ft=0 fh=0000000000000000 vn="Win32/TrojanDownloader.Tracur.F trojan" ac=I fn="C:\Qoobox\Quarantine\C\Documents and Settings\Avishua\Application Data\Mozilla\Firefox\Profiles\9bcljcqy.default\extensions\{24c9c4e1-ff8e-4845-8d50-20f81449e9f1}\chrome.manifest.vir"
sh=7F41518F7B1DC4F9E0693F70F72C206741A207B7 ft=0 fh=0000000000000000 vn="JS/Agent.NDB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Documents and Settings\Avishua\Application Data\Mozilla\Firefox\Profiles\9bcljcqy.default\extensions\{24c9c4e1-ff8e-4845-8d50-20f81449e9f1}\chrome\xulcache.jar.vir"
sh=8A017A234D9CBC7D6368A800E29119DBAE8712BA ft=1 fh=c71c00115837424f vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1047\A0103933.dll"
sh=890368473ECBC404DCD42FF0C6C38397102F59C0 ft=1 fh=4c7db45bf4256cb3 vn="Win32/PrcView potentially unsafe application" ac=I fn="C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1055\A0106712.exe"
sh=890368473ECBC404DCD42FF0C6C38397102F59C0 ft=1 fh=4c7db45bf4256cb3 vn="Win32/PrcView potentially unsafe application" ac=I fn="C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1058\A0107929.exe"
sh=43A205985790C47A7E611FA2D3CAB9B4EB59121F ft=1 fh=5bd497922ffc5928 vn="a variant of Win32/Toolbar.Babylon.F potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1084\A0111521.dll"
sh=1B2801DD02E9D9B7F27789ED161BC1761943E921 ft=1 fh=8073091e54552e56 vn="a variant of Win32/Toolbar.Babylon.E potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1084\A0111522.dll"
sh=3A9D7D4639B5EB8BEC42DF972C44493690EAADFC ft=1 fh=b8a59cf28e1dc165 vn="a variant of Win32/Toolbar.Babylon.H potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1084\A0111523.exe"
sh=70ED30AD95C95C154C9516EA069AFDF9ECEBCF26 ft=1 fh=4f84a5b760c1dd42 vn="a variant of Win32/Toolbar.Widgi.G potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1084\A0111525.exe"
sh=890368473ECBC404DCD42FF0C6C38397102F59C0 ft=1 fh=4c7db45bf4256cb3 vn="Win32/PrcView potentially unsafe application" ac=I fn="C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1094\A0116022.exe"
sh=F852481BD6C8021F246DA91E9503DF3C6926FF4F ft=1 fh=c71c0011f8beef64 vn="a variant of Win32/Adware.Gamevance.CL potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0116505.dll"
sh=5C4A6218A2FAA31AB575AFCACC0B72DE4C0DA146 ft=1 fh=c71c0011f9cba4ec vn="a variant of Win32/Adware.Gamevance.CM potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0116561.dll"
sh=5C4A6218A2FAA31AB575AFCACC0B72DE4C0DA146 ft=1 fh=c71c0011f9cba4ec vn="a variant of Win32/Adware.Gamevance.CM potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0116566.dll"

  • 0

#14
Lee07666

Lee07666

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:31-08-2014 02
Ran by Aliza at 2014-09-07 12:50:09 Run:2
Running from C:\Documents and Settings\Aliza\desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
Start
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
BHO: Gaming support for ArcadeWeb -> {9F531FB1-7C1F-4E1A-8C0C-E8D6177130E2} -> C:\Documents and Settings\Aliza\Local Settings\Application Data\ArcadeWeb\arcadeweb32.dll No File
EmptyTemp:
End
 
 
 
*****************
 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => Key deleted successfully.
"HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9F531FB1-7C1F-4E1A-8C0C-E8D6177130E2}" => Key deleted successfully.
"HKCR\CLSID\{9F531FB1-7C1F-4E1A-8C0C-E8D6177130E2}" => Key deleted successfully.
EmptyTemp: => Removed 522.3 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====

  • 0

#15
Lee07666

Lee07666

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by Aliza on Sun 09/07/2014 at 12:59:04.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\putlockerdownloader
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\boost_interprocess"
Successfully deleted: [Folder] "C:\Documents and Settings\Aliza\Application Data\getrighttogo"
Successfully deleted: [Folder] "C:\Program Files\free video converter"
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 09/07/2014 at 13:06:15.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP