Solved Very slow web pages

[al davis]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by al (administrator) on XP on 25-03-2015 12:47:19
Running from C:\Documents and Settings\al\Desktop\virus_et_al
Loaded Profiles: al (Available profiles: al & Administrator & Guest)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\locator.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\WINDOWS\StartupMonitor.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\wscntfy.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Documents and Settings\al\Desktop\FRST.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Run StartupMonitor] => C:\WINDOWS\StartupMonitor.exe [86016 2000-05-20] ()
HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\sstext3d.scr [679936 2008-04-14] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\winvnc4.exe (RealVNC Ltd.)
Startup: C:\Documents and Settings\al\Start Menu\Programs\Startup\alt_mich.com.lnk
ShortcutTarget: alt_mich.com.lnk -> (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Local Policy Restriction on IP: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385236-70fa-11d1-864c-14a300000000} <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-02-12] (RealPlayer)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll No File
BHO: No Name -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31] (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2013-06-08] (Sun Microsystems, Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll [2007-08-21] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2013-06-08] (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2013-06-08] (Sun Microsystems, Inc.)
BHO: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files\Google\Chrome\Application\26.0.1410.64\npchrome_frame.dll [2013-04-09] (Google Inc.)
Toolbar: HKLM - No Name - {BA52B914-B692-46c4-B683-905236F6F655} - No File
Toolbar: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006 -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
Toolbar: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/oas/ActiveX/MSDcode.cab
DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} http://us.chat1.yimg.com/us.yimg.com/I/chat/applet/v45/yacscom.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} http://chat.yahoo.com/cab/yacsui.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome\Application\26.0.1410.64\npchrome_frame.dll [2013-04-09] (Google Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File []
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
ShellExecuteHooks: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\eudora_7\EuShlExt.dll [86016 2005-08-09] (Qualcomm Inc.)
Tcpip\..\Interfaces\{8AA62950-D597-4798-9F57-32AEF4529374}: [NameServer] 216.234.97.2 216.234.97.3

FireFox:
========
FF ProfilePath: C:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\nkz4233i.default
FF Homepage: hxxp://www.cloudynights.com/ubbthreads/|hxxp://www.cloudynights.com/ubbthreads/ubbthreads.php?Cat=
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2010-09-01] (Google)
FF Plugin: @java.com/DTPlugin,version=1.6.0_45 -> C:\WINDOWS\system32\npdeployJava1.dll [2013-06-08] (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2013-06-08] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+(R),version=1.6.2.100 -> C:\Program Files\NOS\bin\np_gp.dll [2011-03-01] (NOS Microsystems Ltd.)
FF Plugin: @pack.google.com/Google Updater;version=11 -> C:\Program Files\Google\Google Updater\2.2.940.34809\npCIDetect11.dll [2007-08-21] (Google)
FF Plugin: @real.com/nppl3260;version=12.0.1.633 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2011-02-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.633 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll [2011-02-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.633 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-02-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.633 -> c:\program files\real\realplayer\Netscape6\nprpjplug.dll [2011-02-12] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=8 -> C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll [2010-10-21] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3960577219-1813400529-1317427278-1006: @tools.google.com/Google Update;version=8 -> C:\Documents and Settings\al\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll [2010-10-20] (Google Inc.)
FF Extension: Adblock Plus - C:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\nkz4233i.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-17]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2008-11-24]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-02-12]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2013-06-08]

Chrome:
=======
CHR Profile: C:\Documents and Settings\al\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\al\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-02-19]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-02-12]
StartMenuInternet: chrome.exe - C:\Documents and Settings\al\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [660576 2011-02-12] (Acronis)
S3 getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [31592 2008-06-26] (NOS Microsystems Ltd.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [158128 2013-06-08] (Sun Microsystems, Inc.)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [335872 2003-03-19] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S3 NetSvc; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [143360 2003-03-03] (Intel(R) Corporation) [File not signed]
S2 helpsvc; %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2003-07-16] (Microsoft Corporation)
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R3 BCMModem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29] (Broadcom Corporation)
R2 BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [19537 2000-07-24] (Brother Industries Ltd.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 DIGIRPS; C:\WINDOWS\System32\DRIVERS\digirlpt.sys [152376 2008-07-10] (Digi International Inc.)
R2 DriverX; C:\WINDOWS\System32\Drivers\driverx.sys [52512 2001-06-11] (Microsoft Corporation) [File not signed]
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [84576 2003-07-31] (Sonic Solutions) [File not signed]
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40448 2003-06-20] (Sonic Solutions) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [383800 2007-02-13] (Symantec Corporation)
S3 evserial; C:\WINDOWS\System32\DRIVERS\evserial.sys [53888 2008-05-19] (ELTIMA Software)
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [57536 2008-03-13] (FTDI Ltd.)
R1 hwinterface; C:\WINDOWS\System32\Drivers\hwinterface.sys [3026 2009-10-09] (Logix4u) [File not signed]
S3 i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [161020 2004-08-03] (Intel(R) Corporation)
S3 iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [12415 2004-08-03] (Intel(R) Corporation)
S3 iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [12127 2004-08-03] (Intel(R) Corporation)
S3 iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [11775 2004-08-03] (Intel(R) Corporation)
S3 iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-03] (Intel(R) Corporation)
S3 iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-03] (Intel(R) Corporation)
S3 iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [29311 2004-08-03] (Intel(R) Corporation)
S3 iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [19551 2004-08-03] (Intel(R) Corporation)
S3 iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [33599 2004-08-03] (Intel(R) Corporation)
S3 iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-03] (Intel(R) Corporation)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R1 MpKsla9fceb36; C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BCD37E5A-9F72-45E5-A0C9-0AE8DB38995E}\MpKsla9fceb36.sys [39464 2015-03-25] (Microsoft Corporation)
R3 MxlW2k; C:\WINDOWS\system32\Drivers\MxlW2k.sys [28256 2010-05-07] (MusicMatch, Inc.) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R1 omci; C:\WINDOWS\System32\DRIVERS\omci.sys [17217 2002-11-08] (Dell Computer Corporation) [File not signed]
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-14] (Microsoft Corporation)
R0 PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [17168 2003-07-30] (Sonic Solutions) [File not signed]
R0 snapman; C:\WINDOWS\System32\DRIVERS\snapman.sys [99776 2009-08-04] (Acronis) [File not signed]
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5621 2003-07-14] (Sonic Solutions) [File not signed]
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23219 2003-07-14] (Sonic Solutions) [File not signed]
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25685 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34837 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4117 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2233 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [83284 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [14229 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6357 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98068 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100373 2003-08-06] (Sonic Solutions) [File not signed]
R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [32224 2009-08-04] (Acronis) [File not signed]
R0 timounter; C:\WINDOWS\System32\DRIVERS\timntr.sys [387520 2009-08-04] (Acronis) [File not signed]
S3 TVicHW32; C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [29536 2006-10-13] (EnTech Taiwan)
R2 tviclpt; C:\WINDOWS\system32\Drivers\tviclpt.sys [15536 2003-03-12] (EnTech Taiwan) [File not signed]
S3 USB28xxBGA; C:\WINDOWS\System32\DRIVERS\emBDA.sys [608128 2011-03-10] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\WINDOWS\System32\DRIVERS\emOEM.sys [1038080 2011-03-10] (eMPIA Technology, Inc.)
R1 vcdrom; C:\WINDOWS\SYSTEM32\DRIVERS\VCdRom.sys [8576 2001-12-19] (Microsoft Corporation) [File not signed]
R3 VSBC; C:\WINDOWS\System32\DRIVERS\evsbc.sys [27904 2008-05-19] (ELTIMA Software)
R3 vsbus; C:\WINDOWS\System32\DRIVERS\vsb.sys [18180 2003-03-14] (ELTIMA Software) [File not signed]
S3 vserial; C:\WINDOWS\System32\DRIVERS\vserial.sys [69932 2003-03-14] (ELTIMA Software) [File not signed]
S3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\WINDOWS\System32\drivers\ialmsbw.sys [113504 2003-04-15] (Intel Corporation)
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\WINDOWS\System32\drivers\ialmkchw.sys [78752 2003-04-15] (Intel Corporation)
S2 adfs; No ImagePath
S3 catchme; \??\C:\DOCUME~1\al\LOCALS~1\Temp\catchme.sys [X]
S3 EL90X; System32\DRIVERS\el90xnd5.sys [X]
S3 EL90XBC; System32\DRIVERS\el90xbc5.sys [X]
S3 iAimTV2; System32\DRIVERS\wATV03nt.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S3 wanatw; System32\DRIVERS\wanatw4.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-25 12:44 - 2015-03-25 12:47 - 00000000 ____D () C:\FRST
2015-03-13 08:40 - 2015-03-13 21:59 - 00054156 ____H () C:\WINDOWS\QTFont.qfn
2015-03-13 08:40 - 2015-03-13 08:40 - 00001409 _____ () C:\WINDOWS\QTFont.for
2015-03-13 00:32 - 2015-03-13 00:32 - 00001887 _____ () C:\Documents and Settings\All Users\Desktop\CyberLink Media Suite 10.lnk
2015-03-13 00:32 - 2015-03-13 00:32 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CyberLink Media Suite
2015-03-13 00:31 - 2015-03-13 00:31 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\install_clap
2015-03-12 20:05 - 2015-03-12 20:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\vsosdk
2015-03-11 00:32 - 2015-03-14 06:36 - 00181549 _____ () C:\Documents and Settings\al\My Documents\GOPR0105.XtoDVD
2015-03-10 23:34 - 2015-03-10 17:28 - 00001119 _____ () C:\Documents and Settings\al\Desktop\Desktop Burning Gadget.lnk
2015-03-10 18:04 - 2015-03-13 09:31 - 00000000 ____D () C:\Documents and Settings\al\My Documents\ConvertXtoDVD
2015-03-10 17:25 - 2015-03-10 17:32 - 00087608 _____ () C:\Documents and Settings\al\Application Data\inst.exe
2015-03-10 17:25 - 2015-03-10 17:32 - 00047360 _____ (VSO Software) C:\Documents and Settings\al\Application Data\pcouffin.sys
2015-03-10 17:25 - 2015-03-10 17:32 - 00007887 _____ () C:\Documents and Settings\al\Application Data\pcouffin.cat
2015-03-10 17:25 - 2015-03-10 17:32 - 00000055 _____ () C:\Documents and Settings\al\Application Data\pcouffin.log
2015-03-10 17:25 - 2015-03-10 17:32 - 00000000 ____D () C:\Documents and Settings\al\Application Data\Vso
2015-03-10 17:24 - 2015-03-13 18:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\VSO
2015-03-10 17:24 - 2015-03-10 17:32 - 00000889 _____ () C:\Documents and Settings\al\Desktop\ConvertXToDVD 5.lnk
2015-03-10 17:24 - 2015-03-10 17:24 - 00000000 ____D () C:\Program Files\VSO
2015-03-10 17:24 - 2015-03-10 17:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\VSO
2015-03-10 16:52 - 2015-03-10 16:53 - 00000000 ____D () C:\Documents and Settings\al\My Documents\Youcam
2015-03-10 16:52 - 2015-03-10 16:52 - 00000000 ____D () C:\Documents and Settings\al\Local Settings\Application Data\CyberLink
2015-03-10 16:51 - 2015-03-10 16:52 - 00000000 ____D () C:\Program Files\lg_fwupdate
2015-03-10 16:51 - 2015-03-10 16:51 - 00000267 _____ () C:\WINDOWS\lgfwup.ini
2015-03-10 16:51 - 2015-03-10 16:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\LG Tool Kit
2015-03-10 16:51 - 2012-07-11 13:18 - 00023664 _____ (BitLeader) C:\WINDOWS\system32\lgfwunis.exe
2015-03-10 16:51 - 2001-08-29 21:00 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbemdisp.tlb
2015-03-10 16:51 - 1998-07-22 00:00 - 00102160 _____ (Microsoft Corporation) C:\WINDOWS\system32\VB6KO.DLL
2015-03-10 16:50 - 2008-04-14 05:42 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kswdmcap.ax
2015-03-10 16:50 - 2008-04-14 05:42 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kstvtune.ax
2015-03-10 16:50 - 2008-04-14 05:42 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vfwwdm32.dll
2015-03-10 16:50 - 2008-04-14 05:42 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksxbar.ax
2015-03-10 16:50 - 2008-04-14 05:42 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vidcap.ax
2015-03-10 16:46 - 2015-03-10 16:50 - 00000000 ____D () C:\Documents and Settings\Guest\Start Menu\Programs\CyberLink Media Suite
2015-03-10 16:46 - 2015-03-10 16:50 - 00000000 ____D () C:\Documents and Settings\Default User\Start Menu\Programs\CyberLink Media Suite
2015-03-10 16:46 - 2015-03-10 16:50 - 00000000 ____D () C:\Documents and Settings\al\Start Menu\Programs\CyberLink Media Suite
2015-03-10 16:46 - 2015-03-10 16:50 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\CyberLink Media Suite
2015-03-10 16:43 - 2015-03-10 16:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CLSK
2015-03-10 16:35 - 2015-03-13 00:51 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CyberLink

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-25 12:48 - 2012-07-19 02:14 - 00000000 ____D () C:\Documents and Settings\al\Local Settings\temp
2015-03-25 12:47 - 2011-02-06 08:41 - 00000000 ____D () C:\Documents and Settings\al\Desktop\virus_et_al
2015-03-25 12:06 - 2011-12-02 21:09 - 00000272 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3960577219-1813400529-1317427278-1006.job
2015-03-25 12:06 - 2004-08-21 08:38 - 01710817 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-25 12:06 - 2004-01-09 06:49 - 00000427 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-03-25 12:05 - 2013-06-08 15:44 - 00000350 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2015-03-25 12:05 - 2004-01-03 18:46 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-25 12:05 - 2004-01-03 18:32 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-03-25 12:04 - 2004-01-08 16:03 - 00000278 ___SH () C:\Documents and Settings\al\NTUSER.INI
2015-03-25 12:04 - 2004-01-03 18:46 - 00032488 _____ () C:\WINDOWS\SchedLgU.Txt
2015-03-25 11:50 - 2013-04-20 16:27 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-24 21:22 - 2011-10-01 19:00 - 00000280 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3960577219-1813400529-1317427278-1006.job
2015-03-23 01:32 - 2012-02-05 23:31 - 02691628 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3960577219-1813400529-1317427278-1006-0.dat
2015-03-23 01:32 - 2012-02-05 23:31 - 00261318 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-03-22 15:00 - 2015-02-05 20:17 - 00000000 ____D () C:\tTax_2014
2015-03-22 15:00 - 2015-02-05 20:06 - 00002393 _____ () C:\Documents and Settings\All Users\Desktop\TurboTax 2014.lnk
2015-03-21 09:30 - 2013-08-12 14:25 - 00016077 _____ () C:\WINDOWS\al8.xlb
2015-03-20 10:29 - 2014-06-14 10:17 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-19 00:45 - 2002-09-03 14:29 - 00000215 _____ () C:\WINDOWS\WIADEBUG.LOG
2015-03-18 11:19 - 2002-09-03 14:29 - 00000049 _____ () C:\WINDOWS\WIASERVC.LOG
2015-03-17 23:38 - 2014-10-08 15:26 - 00000000 ____D () C:\eudora_7
2015-03-17 20:02 - 2013-04-03 16:51 - 00000718 _____ () C:\Documents and Settings\al\Desktop\New Text Document (2).txt
2015-03-16 21:30 - 2005-04-12 19:38 - 04249909 _____ () C:\winzip.log
2015-03-16 21:28 - 2014-10-18 10:23 - 00000000 ____D () C:\unzipped
2015-03-13 00:31 - 2012-08-11 16:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2015-03-13 00:31 - 2004-01-03 18:57 - 00000000 ____D () C:\Program Files\CyberLink
2015-03-13 00:31 - 2004-01-03 18:56 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-03-11 08:34 - 2004-09-13 18:43 - 00000000 __SHD () C:\WINDOWS\CSC
2015-03-11 08:34 - 2004-02-17 13:14 - 805306368 _____ () C:\WINDOWS\MEMORY.DMP
2015-03-10 18:05 - 2006-02-11 16:36 - 00000000 ____D () C:\Dextron
2015-03-10 17:01 - 2005-02-25 19:20 - 00000000 ____D () C:\Documents and Settings\al\Application Data\CyberLink
2015-03-10 16:50 - 2011-02-06 23:45 - 00243617 _____ () C:\WINDOWS\setupapi.log
2015-03-05 00:50 - 2013-10-06 09:31 - 00004064 _____ () C:\Documents and Settings\al\Desktop\Empty.txt
2015-03-03 08:16 - 2013-12-05 02:39 - 00246920 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-03-02 07:11 - 2004-01-03 18:43 - 00001170 _____ () C:\WINDOWS\system32\WPA.DBL
2015-02-26 11:59 - 2003-10-16 16:44 - 00258918 _____ () C:\WINDOWS\SETUPACT.LOG

==================== Files in the root of some directories =======

2004-01-13 07:24 - 2004-01-13 08:56 - 0000000 _____ () C:\Documents and Settings\al\Application Data\dm.ini
2015-03-10 17:25 - 2015-03-10 17:32 - 0087608 _____ () C:\Documents and Settings\al\Application Data\inst.exe
2015-03-10 17:25 - 2015-03-10 17:32 - 0007887 _____ () C:\Documents and Settings\al\Application Data\pcouffin.cat
2015-03-10 17:25 - 2015-03-10 17:32 - 0001144 _____ () C:\Documents and Settings\al\Application Data\pcouffin.inf
2015-03-10 17:25 - 2015-03-10 17:32 - 0000055 _____ () C:\Documents and Settings\al\Application Data\pcouffin.log
2015-03-10 17:25 - 2015-03-10 17:32 - 0047360 _____ (VSO Software) C:\Documents and Settings\al\Application Data\pcouffin.sys
2004-12-10 22:01 - 2004-12-10 22:01 - 0012358 _____ () C:\Documents and Settings\al\Application Data\PFP110JCM.{PB
2004-12-10 22:01 - 2004-12-10 22:01 - 0061678 _____ () C:\Documents and Settings\al\Application Data\PFP110JPR.{PB
2004-02-20 23:30 - 2014-10-18 13:40 - 0010752 _____ () C:\Documents and Settings\al\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-10 14:53 - 2012-08-10 14:53 - 0027520 _____ () C:\Documents and Settings\al\Local Settings\Application Data\dt.dat
2004-02-21 12:33 - 2005-01-05 22:28 - 0000125 _____ () C:\Documents and Settings\al\Local Settings\Application Data\fusioncache.dat
2002-12-15 00:10 - 2002-12-15 00:10 - 0001192 ___RH () C:\Documents and Settings\al\Local Settings\Application Data\ntuisl.dat

Some zero byte size files/folders:
==========================
C:\Windows\System32\addxr32.exe
C:\Windows\System32\netne32.exe
C:\Windows\System32\ofjhl.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

[al davis]

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by al at 2015-03-25 12:49:01
Running from C:\Documents and Settings\al\Desktop\virus_et_al
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acronis Drive Monitor (HKLM\...\{706AE61D-40A4-4F50-8359-FE8F6F7FA461}) (Version: 1.0.566 - Acronis)
Acronis True Image (HKLM\...\{7F129516-73AD-4232-8FD0-C7BC2508B274}) (Version: 9.0.3647 - Acronis)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.100 - NOS Microsystems Ltd.)
Adobe Download Manager 1.2 (Remove Only) (HKLM\...\AdobeESD) (Version: - )
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Photoshop Album 2.0 Starter Edition (HKLM\...\{11B569C2-4BF6-4ED0-9D17-A4273943CB24}) (Version: 2.00.000 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AnswerWorks 4.0 Runtime - English (HKLM\...\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}) (Version: 4.0.101 - Vantage Software Technologies)
AnswerWorks 5.0 English Runtime (HKLM\...\{9E5A03E3-6246-4920-9630-0527D5DA9B07}) (Version: 008.000.0003 - Vantage Linguistics)
Apple Software Update (HKLM\...\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}) (Version: 2.0.2.92 - Apple Inc.)
ArcSoft Software Suite (HKLM\...\{497A1721-088F-41EF-8876-B43C9DA5528B}) (Version: 1.0 - ArcSoft)
Banctec Service Agreement (Version: 1.00.00 - Dell) Hidden
BCM V.92 56K Modem (HKLM\...\BCM V.92 56K Modem) (Version: - )
Belkin SOHO Networking Utilities (HKLM\...\{E03969E7-3AFB-4672-8259-991B5F618D5A}) (Version: 1.1 - Belkin Components)
Belkin Wireless Access Point Manager (HKLM\...\{A2284436-0CA3-4880-B8D1-E79E64A46EB3}) (Version: - )
Brother HL-5340D (HKLM\...\{653F3899-8CC4-43DB-AFD8-E9D829504138}) (Version: 1.00 - Brother)
Canon i250 (HKLM\...\CANONBJ_Deinstall_CNMCP50.DLL) (Version: - )
Cartes du Ciel V3.8 (HKLM\...\{A261F28E-6053-4414-9B84-AA8FE5F47AD4}_is1) (Version: - )
Chanalyzer 2.1.7 (HKLM\...\{FD736238-55EB-420B-9BFC-B8A9983B21C9}) (Version: 2.1.7 - MetaGeek, LLC)
Core FTP LE 1.3c (HKLM\...\Core FTP LE 1.3c) (Version: - )
CyberLink Media Suite 10 (HKLM\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Dell Digital Jukebox Driver (HKLM\...\Dell Digital Jukebox Driver) (Version: - )
Dell Media Experience (HKLM\...\{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: - )
Dell Networking Guide (Version: 1.00.0001 - Dell) Hidden
Dell ResourceCD (HKLM\...\{D78653C3-A8FF-415F-92E6-D774E634FF2D}) (Version: - )
Dell Solution Center (HKLM\...\{11F1920A-56A2-4642-B6E0-3B31A12C9288}) (Version: 1.00.0000 - Dell)
Dell Support (HKLM\...\{43FCA273-9534-40DB-B7C5-D7758875616A}) (Version: 2.1.0.0 - Dell)
Digi Port Authority - Remote (HKLM\...\Digi Port Authority - Remote) (Version: - )
DS21Patch (Version: 1.00.0000 - Dell) Hidden
DVDSentry (HKLM\...\{98DF85D9-96C0-4F57-A92E-C3539477EF5E}) (Version: 1.00.0000 - Dell)
Eudora (HKLM\...\{268C1DB7-02FA-45F2-93EC-0D4DDCA91AB8}) (Version: 7.0 - )
ExamDiff Pro 3.4.2 (HKLM\...\ExamDiff Pro_is1) (Version: - PrestoSoft)
G4FON Koch Method Morse Trainer (HKLM\...\G4FON Koch Method Morse Trainer) (Version: - )
getPlus(R) (HKLM\...\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}) (Version: 1.5.2.19 - NOS Microsystems Ltd.)
Google Chrome (HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\Google Chrome) (Version: 8.0.552.224 - Google Inc.)
Google Chrome Frame (HKLM\...\Google Chrome Frame) (Version: 26.0.1410.64 - Google Inc.)
Google Earth (HKLM\...\{4286E640-B5FB-11DF-AC4B-005056C00008}) (Version: 5.2.1.1588 - Google)
Google Gears (Version: 0.4.24.0 - Google) Hidden
Google Update Helper (Version: 1.2.183.39 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.2.940.34809 - Google Inc.)
Help and Support Customization (Version: 1.00.0000 - Dell) Hidden
honestechDVR 2.5 (HKLM\...\{D8410ADD-CB92-46B6-AB7C-AF4907A803A2}) (Version: 2.5 - honestech)
honestechDVR 2.5 (Version: 2.5 - honestech) Hidden
Inssider (HKLM\...\{B5915379-1885-4220-BEB5-A602A368D581}) (Version: 1.0.3 - MetaGeek)
Intel(R) Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
Intel(R) PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version: - )
Intel(R) PROSet (HKLM\...\{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}) (Version: 6.05.2001 - Intel)
Internet Explorer Default Page (Version: 1.00.03 - Dell Inc.) Hidden
IsoBuster 2.8.5 (HKLM\...\IsoBuster_is1) (Version: 2.8.5 - Smart Projects)
IZArc 4.1.6 (HKLM\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.6 - Ivan Zahariev)
J2SE Runtime Environment 5.0 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150060}) (Version: 1.5.0.60 - Sun Microsystems, Inc.)
Jasc Paint Shop Photo Album (HKLM\...\{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}) (Version: 4.0.3 - Jasc Software, Inc.)
Jasc Paint Shop Pro 8 Dell Edition (HKLM\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.10.0000 - Jasc Software Inc)
Java(TM) 6 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216045FF}) (Version: 6.0.450 - Oracle)
Jupiter 2.0.7.1 (HKLM\...\{22C070B6-BEC2-4B4B-8324-08DE6F168B9C}_is1) (Version: - Sylvain Rondi)
Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version: - )
LG ODD Auto Firmware Update (HKLM\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
MallinCam Control (HKLM\...\{32091497-B2FA-4091-B733-64A2DC30566C}) (Version: 1.2 - Pro-Com Electronics)
MallinCam Control (HKLM\...\{DF207EA2-675D-47C8-9D51-3F9F14EDAD5F}) (Version: 1.0.0 - Pro-Com Electronics)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft ASP.NET Web Matrix (HKLM\...\{DCBE96DF-822C-401C-8DD2-0F3539637ADE}) (Version: 0.6.812.0 - Microsoft Corporation)
Microsoft Document Explorer 2008 (HKLM\...\Microsoft Document Explorer 2008) (Version: - Microsoft Corporation)
Microsoft Encarta Encyclopedia Standard 2004 (HKLM\...\{04410044-9149-45C6-A806-F2BF9CFCE762}) (Version: 2004 - Microsoft Corporation)
Microsoft Money 2004 (HKLM\...\{1D643CD7-4DD6-11D7-A4E0-000874180BB3}) (Version: 12.0.50 - Microsoft)
Microsoft Money 2004 System Pack (HKLM\...\{8C64E145-54BA-11D6-91B1-00500462BE80}) (Version: 12.0.80 - Microsoft)
Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version: - )
Microsoft Office XP Professional (HKLM\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft SAPI 5.1 Voices for Windows XP (HKLM\...\{8F194222-199F-11D6-B163-AA8310157D2E}) (Version: 1.0.0.0 - )
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Management Objects (HKLM\...\{F5E87B12-3C27-452F-8E78-21D42164FD83}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English (HKLM\...\{0C19D563-5F25-4621-BF10-01F741BD283F}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.3 (HKLM\...\{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 6.0 Professional Edition (HKLM\...\Visual C++ 6.0 Professional Edition) (Version: - )
Microsoft Visual Studio 2008 Standard Edition - ENU (HKLM\...\Microsoft Visual Studio 2008 Standard Edition - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2008 Standard Edition - ENU Service Pack 1 (KB945140) (HKLM\...\{F434F50E-7614-3EA8-9008-2FB866B697DA}.KB945140) (Version: 1 - Microsoft Corporation)
Microsoft Visual Studio Web Authoring Component (HKLM\...\VisualWebDeveloper) (Version: 12.0.4518.1066 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu (HKLM\...\{05EC21B8-4593-3037-A781-A6B5AFFCB19D}) (Version: 3.5.21022 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{842FAF7C-50EF-4463-9B8F-6222E1384D7D}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (HKLM\...\{64c5b887-b5ee-42b8-8596-78905a6b5f1f}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Tools (HKLM\...\{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}) (Version: 6.1.5294.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools (HKLM\...\{B268E9A1-04A9-40D0-9866-846BE2B74BA7}) (Version: 6.1.5294.17011 - Microsoft Corporation)
Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: - )
Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSDN Library - Visual Studio 6.0 (HKLM\...\Microsoft Developer Network - Visual Studio 6.0) (Version: - )
MSDN Library for Visual Studio 2008 - ENU (HKLM\...\MSDN Library for Visual Studio 2008 - ENU) (Version: 9.0 - Microsoft)
MSDN Library for Visual Studio 2008 - ENU (Version: 9.0.21022 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
MUSICMATCH® Jukebox (HKLM\...\{45EBDA59-D33B-433A-956E-B2F236468B56}) (Version: - )
NexRemote (HKLM\...\NexRemote) (Version: 1.7.22 - Celestron)
PHD Guiding 1.10.0 (HKLM\...\PHD Guiding_is1) (Version: - Stark Labs)
PHOTOfunSTUDIO (HKLM\...\{9A9DBEBC-C800-4776-A970-D76D6AA405B1}) (Version: 3.00.000 - Panasonic)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )
Qualxserve Service Agreement (Version: 1.00.0004 - Dell) Hidden
QuickTime (HKLM\...\{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}) (Version: 7.4.5.67 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 12.0) (Version: - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
RSpec Version 1.7 (Build:19) (HKLM\...\{A08319DE-E83E-4B07-B4E5-69F2489D6B45}_is1) (Version: - Field Tested Systems)
Shockwave (HKLM\...\Shockwave) (Version: - )
SlickEdit 2007 (HKLM\...\{B598851F-6498-48CF-B61F-5074B889773B}) (Version: 12.0.0.0 - SlickEdit Inc.)
Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.50 - Sonic Solutions)
Sonic MyDVD (HKLM\...\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}) (Version: - )
Sonic RecordNow! (HKLM\...\{9541FED0-327F-4DF0-8B96-EF57EF622F19}) (Version: 6.5.0 - Sonic Solutions)
Spybot - Search & Destroy 1.4 (HKLM\...\Spybot - Search & Destroy_is1) (Version: 1.4 - Safer Networking Limited)
SQL Server System CLR Types (HKLM\...\{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}) (Version: 10.0.1600.22 - Microsoft Corporation)
StartupMonitor (HKLM\...\{76EFAC4F-1712-401F-B2AE-590B170C9BCE}) (Version: 1.0.2.0 - Mike Lin)
Stellarium 0.10.4 (HKLM\...\Stellarium_is1) (Version: - )
Timex Trainer (HKLM\...\{96AF99D4-F7E8-4333-AB16-F9F4B91DBFBE}) (Version: 1.0.202 - Timex Corporation)
TurboTax 2008 (HKLM\...\TurboTax 2008) (Version: - )
TurboTax 2009 (HKLM\...\TurboTax 2009) (Version: - Intuit, Inc)
TurboTax 2010 (HKLM\...\TurboTax 2010) (Version: - Intuit, Inc)
TurboTax 2011 (HKLM\...\TurboTax 2011) (Version: - Intuit, Inc)
TurboTax 2012 (HKLM\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Update for 2007 Microsoft Office System (KB2284654) (HKLM\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{FB166E7C-8AA6-48C8-B726-1F25BEE7825A}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
USB Video/Audio Device Driver (HKLM\...\{3717C4F2-7412-4793-9BB8-D73D2817B3D6}) (Version: 1.00.0000 - EETI)
Virtual Moon Atlas Pro 5.0 (HKLM\...\{3EB7A19B-690F-49BA-B494-CADA547D0DB9}_is1) (Version: - )
Visual C++ 2008 IA64 Runtime - v9.0.30729.01 (HKLM\...\{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual C++ 2008 x64 Runtime - v9.0.30729.01 (HKLM\...\{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual C++ 2008 x64 Runtime - v9.0.30729.4148 (HKLM\...\{3C11D2DA-6802-3F66-BE6B-B2C046AFE866}.vc_x64runtime_30729_4148) (Version: 9.0.30729.4148 - Microsoft Corporation)
Visual C++ 2008 x64 Runtime - v9.0.30729.6161 (HKLM\...\{E7E58A3A-D9BD-3D4B-9475-AE757454AD82}.vc_x64runtime_30729_6161) (Version: 9.0.30729.6161 - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - v9.0.30729.4148 (HKLM\...\{7B33F480-496D-334A-BAC2-205DEC0CBC2D}.vc_x86runtime_30729_4148) (Version: 9.0.30729.4148 - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - v9.0.30729.6161 (HKLM\...\{3F8D9A47-9C50-3F46-8F12-B92DD5CA0A2E}.vc_x86runtime_30729_6161) (Version: 9.0.30729.6161 - Microsoft Corporation)
VNC Free Edition 4.1.2 (HKLM\...\RealVNC_is1) (Version: 4.1.2 - RealVNC Ltd.)
VSO ConvertXToDVD (HKLM\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.2.0.59 - VSO Software)
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
Where is M13? version 2.3 (HKLM\...\Where is M13?_is1) (Version: - Think Astronomy)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinJUPOS 10.0.16 (HKLM\...\WinJUPOS 10.0.16_is1) (Version: 10.0.16 - Grischa Hahn, Germany)
WordPerfect Office 11 (HKLM\...\{54F90B55-BEB3-4F0D-8802-228822FA5921}) (Version: 11.0 - Corel Corporation)
XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden
XoftSpy (HKLM\...\XoftSpy) (Version: - )
YouCam (Version: 3.1.5324 - CyberLink Corp.) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\MFC42U.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\MFC42U.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\MFC42U.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Documents and Settings\al\Local Settings\Application Data\Google\Update\1.2.183.39\goopdate.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{2B11E9B0-9F09-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\WINDOWS\System32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\al\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\InprocServer32 -> C:\Documents and Settings\al\Local Settings\Application Data\Google\Update\1.2.131.27\goopdate.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{4536918A-95A8-498F-B542-CB906C561A43}\InprocServer32 -> C:\Documents and Settings\al\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\WINDOWS\system32\MSINET.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{699DDBCC-DC7E-11D0-BCF7-00C04FC2FB86}\InprocServer32 -> C:\WINDOWS\System32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{6D835690-900B-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\WINDOWS\System32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{99FF4677-FFC3-11D0-BD02-00C04FC2FB86}\InprocServer32 -> C:\WINDOWS\System32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> C:\WINDOWS\SYSTEM32\msvbvm60.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{D800E6DE-AFD1-4A47-9342-18426F9A50D3}\InprocServer32 -> D:\vs_2008_proj\polygon\polygon\Debug\polygon.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\SYSTEM32\COMDLG32.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)

==================== Restore Points =========================

12-01-2015 09:20:32 Software Distribution Service 3.0
13-01-2015 09:19:29 Software Distribution Service 3.0
13-01-2015 13:39:35 Software Distribution Service 3.0
14-01-2015 14:27:24 System Checkpoint
14-01-2015 23:53:07 Software Distribution Service 3.0
16-01-2015 00:48:57 System Checkpoint
17-01-2015 08:59:10 Software Distribution Service 3.0
18-01-2015 09:17:41 Software Distribution Service 3.0
19-01-2015 10:12:35 System Checkpoint
20-01-2015 09:01:56 Software Distribution Service 3.0
20-01-2015 21:28:57 Software Distribution Service 3.0
21-01-2015 22:57:27 System Checkpoint
22-01-2015 09:29:13 Software Distribution Service 3.0
23-01-2015 10:33:51 Software Distribution Service 3.0
24-01-2015 11:56:23 System Checkpoint
25-01-2015 08:19:14 Software Distribution Service 3.0
26-01-2015 09:34:28 Software Distribution Service 3.0
27-01-2015 10:06:46 Software Distribution Service 3.0
28-01-2015 09:52:52 Software Distribution Service 3.0
29-01-2015 09:54:13 System Checkpoint
30-01-2015 09:35:56 Software Distribution Service 3.0
31-01-2015 10:30:56 Software Distribution Service 3.0
01-02-2015 13:21:10 System Checkpoint
02-02-2015 09:24:53 Software Distribution Service 3.0
03-02-2015 08:48:58 Software Distribution Service 3.0
04-02-2015 09:10:41 System Checkpoint
05-02-2015 07:39:52 Software Distribution Service 3.0
05-02-2015 20:04:23 Installed TurboTax 2014 wrapper
05-02-2015 22:42:34 Installed TurboTax 2014 wmiiper
07-02-2015 07:31:23 Software Distribution Service 3.0
08-02-2015 09:40:00 Software Distribution Service 3.0
09-02-2015 13:16:54 Software Distribution Service 3.0
10-02-2015 13:36:19 System Checkpoint
10-02-2015 23:22:29 Software Distribution Service 3.0
12-02-2015 03:13:46 Software Distribution Service 3.0
12-02-2015 23:01:00 Software Distribution Service 3.0
13-02-2015 13:22:03 Software Distribution Service 3.0
14-02-2015 10:07:13 Software Distribution Service 3.0
15-02-2015 10:36:04 System Checkpoint
16-02-2015 11:55:40 Software Distribution Service 3.0
16-02-2015 14:04:53 Software Distribution Service 3.0
17-02-2015 14:49:58 System Checkpoint
18-02-2015 08:06:40 Software Distribution Service 3.0
19-02-2015 09:05:16 Software Distribution Service 3.0
20-02-2015 11:23:53 System Checkpoint
21-02-2015 08:36:25 Software Distribution Service 3.0
22-02-2015 09:22:19 System Checkpoint
23-02-2015 08:58:17 Software Distribution Service 3.0
24-02-2015 10:41:56 System Checkpoint
25-02-2015 08:08:38 Software Distribution Service 3.0
26-02-2015 08:47:12 Software Distribution Service 3.0
27-02-2015 09:48:46 System Checkpoint
27-02-2015 12:53:18 Software Distribution Service 3.0
28-02-2015 19:20:55 System Checkpoint
01-03-2015 06:33:48 Software Distribution Service 3.0
02-03-2015 07:35:11 Software Distribution Service 3.0
03-03-2015 08:16:02 Software Distribution Service 3.0
04-03-2015 09:01:31 System Checkpoint
05-03-2015 08:54:21 Software Distribution Service 3.0
06-03-2015 09:22:56 System Checkpoint
07-03-2015 07:21:19 Software Distribution Service 3.0
08-03-2015 07:45:00 Software Distribution Service 3.0
09-03-2015 08:49:56 Software Distribution Service 3.0
10-03-2015 09:06:00 System Checkpoint
10-03-2015 16:36:11 Installed Suite2
10-03-2015 16:44:39 Installed Suite2
11-03-2015 07:59:59 Software Distribution Service 3.0
12-03-2015 09:09:04 System Checkpoint
13-03-2015 00:28:48 Installed Suite2
13-03-2015 08:09:04 Software Distribution Service 3.0
14-03-2015 14:50:28 System Checkpoint
15-03-2015 09:01:03 Software Distribution Service 3.0
16-03-2015 09:16:29 System Checkpoint
17-03-2015 08:55:20 Software Distribution Service 3.0
18-03-2015 08:40:02 Software Distribution Service 3.0
19-03-2015 10:15:33 System Checkpoint
20-03-2015 09:30:38 Software Distribution Service 3.0
21-03-2015 16:41:28 System Checkpoint
22-03-2015 08:46:29 Software Distribution Service 3.0
23-03-2015 09:01:11 Software Distribution Service 3.0
24-03-2015 09:22:40 System Checkpoint
24-03-2015 19:59:05 Software Distribution Service 3.0
25-03-2015 09:15:39 Software Distribution Service 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-19 09:19 - 2012-07-19 01:44 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\A l e r t s.job => C:\PROGRA~1\Dell\Support\bin\Support.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\WINDOWS\TEMP\{66DF5FDE-076E-40A3-A078-C214C8DEA605}.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3960577219-1813400529-1317427278-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3960577219-1813400529-1317427278-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

==================== Loaded Modules (whitelisted) ==============

2009-01-27 17:41 - 2009-01-27 17:41 - 00755712 _____ () C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
2009-01-27 18:41 - 2009-01-27 18:41 - 00471040 _____ () C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2010-01-17 11:14 - 2010-01-17 11:14 - 00854016 _____ () C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2010-01-17 11:14 - 2010-01-17 11:14 - 00471040 _____ () C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2011-02-05 17:08 - 2011-02-05 17:08 - 00476520 _____ () C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2011-06-24 14:51 - 2011-02-28 21:42 - 00652800 _____ () C:\Program Files\IZArc\IZArcCM.dll
2000-05-20 17:23 - 2000-05-20 17:23 - 00086016 _____ () C:\WINDOWS\StartupMonitor.exe
2014-07-04 02:05 - 2014-07-04 02:05 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS\wmsetup.log:ebagsq
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMPDE29E40

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 216.234.97.2 - 216.234.97.3

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3960577219-1813400529-1317427278-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
al (S-1-5-21-3960577219-1813400529-1317427278-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\al
ASPNET (S-1-5-21-3960577219-1813400529-1317427278-1008 - Limited - Enabled)
Guest (S-1-5-21-3960577219-1813400529-1317427278-501 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Guest
HelpAssistant (S-1-5-21-3960577219-1813400529-1317427278-1005 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-3960577219-1813400529-1317427278-1002 - Limited - Enabled)
SUPPORT_3f151ab9 (S-1-5-21-3960577219-1813400529-1317427278-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/25/2015 00:47:25 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/25/2015 00:47:25 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/13/2015 06:07:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application wmplayer.exe, version 9.0.0.4503, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/13/2015 06:06:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application wmplayer.exe, version 9.0.0.4503, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/13/2015 00:23:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application wmplayer.exe, version 9.0.0.4503, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/12/2015 09:24:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mmc.exe, version 5.2.3790.4136, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/12/2015 08:24:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application Power2GoExpress.exe, version 7.0.0.3328, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/12/2015 08:15:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application Power2GoExpress.exe, version 7.0.0.3328, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/12/2015 08:12:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application ConvertXtoDvd.exe, version 5.2.0.59, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/10/2015 08:25:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (03/25/2015 00:06:40 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service ALG with arguments ""
in order to run the server:
{D6015EC3-FA16-4813-9CA1-DA204574F5DA}

Error: (03/25/2015 00:05:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Help and Support service terminated with the following error:
%%126

Error: (03/25/2015 00:05:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The adfs service failed to start due to the following error:
%%2

Error: (03/25/2015 11:49:43 AM) (Source: ipnathlp) (EventID: 31008) (User: )
Description: The DNS proxy agent was unable to read the local list of name-resolution
servers from the registry.
The data is the error code.

Error: (03/25/2015 11:40:46 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service ALG with arguments ""
in order to run the server:
{D6015EC3-FA16-4813-9CA1-DA204574F5DA}

Error: (03/25/2015 11:40:30 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Help and Support service terminated with the following error:
%%126

Error: (03/25/2015 11:40:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The adfs service failed to start due to the following error:
%%2

Error: (03/25/2015 11:33:25 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service ALG with arguments ""
in order to run the server:
{D6015EC3-FA16-4813-9CA1-DA204574F5DA}

Error: (03/25/2015 11:32:35 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Help and Support service terminated with the following error:
%%126

Error: (03/25/2015 11:32:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The adfs service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (03/25/2015 00:47:25 PM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/25/2015 00:47:25 PM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/13/2015 06:07:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wmplayer.exe9.0.0.4503hungapp0.0.0.000000000

Error: (03/13/2015 06:06:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wmplayer.exe9.0.0.4503hungapp0.0.0.000000000

Error: (03/13/2015 00:23:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wmplayer.exe9.0.0.4503hungapp0.0.0.000000000

Error: (03/12/2015 09:24:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mmc.exe5.2.3790.4136hungapp0.0.0.000000000

Error: (03/12/2015 08:24:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Power2GoExpress.exe7.0.0.3328hungapp0.0.0.000000000

Error: (03/12/2015 08:15:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Power2GoExpress.exe7.0.0.3328hungapp0.0.0.000000000

Error: (03/12/2015 08:12:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: ConvertXtoDvd.exe5.2.0.59hungapp0.0.0.000000000

Error: (03/10/2015 08:25:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: rundll32.exe5.1.2600.5512hungapp0.0.0.000000000


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz
Percentage of memory in use: 27%
Total physical RAM: 2557.98 MB
Available physical RAM: 1858.21 MB
Total Pagefile: 3172.93 MB
Available Pagefile: 2568 MB
Total Virtual: 2047.88 MB
Available Virtual: 1924.59 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.47 GB) (Free:7.48 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (New Volume) (Fixed) (Total:111.79 GB) (Free:63.69 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: DBBDF0DD)
Partition 1: (Not Active) - (Size=31 MB) - (Type=DE)
Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 111.8 GB) (Disk ID: 03C16DE5)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

[Broni]

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=======================================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

• Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to the following:
  
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
• Click Finish.
• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Export'.
• Click 'Text file (*.txt)'
• In the Save File dialog box which appears, click on Desktop.
• In the File name: box type a name for your scan log.
• A message box named 'File Saved' should appear stating "Your file has been successfully exported".
• Click Ok
• Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Copy to Clipboard'
• Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[al davis]

RogueKiller V10.5.7.0 [Mar 22 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : al [Administrator]
Started from : C:\Documents and Settings\al\Desktop\virus_et_al\RogueKiller.exe
Mode : Delete -- Date : 03/25/2015 19:17:54

¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] StartupMonitor.exe(2876) -- C:\WINDOWS\StartupMonitor.exe[-] -> Killed [TermProc]

¤¤¤ Registry : 12 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (C:\Program Files\AVG\AVG2012\avgssie.dll) -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} (C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll) -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -> Not selected
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (C:\Program Files\AVG\AVG2012\avgssie.dll) -> Not selected
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Run StartupMonitor : StartupMonitor.exe [-] -> Deleted
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme (\??\C:\DOCUME~1\al\LOCALS~1\Temp\catchme.sys) -> Not selected
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme (\??\C:\DOCUME~1\al\LOCALS~1\Temp\catchme.sys) -> Not selected
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\catchme (\??\C:\DOCUME~1\al\LOCALS~1\Temp\catchme.sys) -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8AA62950-D597-4798-9F57-32AEF4529374} | NameServer : 216.234.97.2 216.234.97.3 [UNITED STATES (US)][UNITED STATES (US)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8AA62950-D597-4798-9F57-32AEF4529374} | NameServer : 216.234.97.2 216.234.97.3 [UNITED STATES (US)][UNITED STATES (US)] -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected

¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job -- C:\WINDOWS\TEMP\{66DF5FDE-076E-40A3-A078-C214C8DEA605}.exe (--uninstall=1) -> Deleted

¤¤¤ Files : 1 ¤¤¤
[Suspicious.Startup][File] winvnc4.exe -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\winvnc4.exe -> Deleted

¤¤¤ Hosts File : 1 ¤¤¤
[C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 2 (Driver: Loaded) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \FileSystem\sscdbhk5 @ Unknown (\SystemRoot\system32\drivers\sscdbhk5.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \FileSystem\sscdbhk5 @ Unknown (\SystemRoot\system32\drivers\sscdbhk5.sys)

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] nkz4233i.default : user_pref("browser.startup.homepage", "http://www.cloudynights.com/ubbthreads/|http://www.cloudynights.com/ubbthreads/ubbthreads.php?Cat="); -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD800JB-00CRA1 +++++
--- User ---
[MBR] a424273e389a5f925dec8ec317922d71
[BSP] df181a316d055118222264dc4b433ad1 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 31 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 64260 | Size: 76253 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD1200BB-00FTA0 +++++
--- User ---
[MBR] 268c12ab46afff633d4da4dbb3ed03da
[BSP] 7547572e5dd6ae04acec92eb483c3008 : Linux MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 114470 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_03252015_190931.log

 

[al davis]

Malwarebytes Anti-Malware
www.malwarebytes.org


Error, 3/25/2015 7:25:32 PM, SYSTEM, XP, Manual, 0,
Error, 3/25/2015 7:25:32 PM, SYSTEM, XP, Manual, 0,
Update, 3/25/2015 8:25:00 PM, SYSTEM, XP, Manual, Malware Database, 2015.3.20.4, 2015.3.25.7,
Scan, 3/25/2015 8:52:25 PM, SYSTEM, XP, Manual, Start:3/25/2015 8:25:02 PM, Duration:27 min 20 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,

(end)

 

[al davis]

# AdwCleaner v4.113 - Logfile created 25/03/2015 at 22:22:34
# Updated 22/03/2015 by Xplode
# Database : 2015-03-23.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : al - XP
# Running from : C:\Documents and Settings\al\Desktop\virus_et_al\adwcleaner_4.113.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKLM\SOFTWARE\MetaStream
Key Deleted : HKLM\SOFTWARE\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v30.0 (en-US)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [2813 bytes] - [25/03/2015 22:18:08]
AdwCleaner[S0].txt - [2788 bytes] - [25/03/2015 22:22:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2847 bytes] ##########

 

[al davis]

MBAM logfile attached

 

[Broni]

I still need JRT log.

 

[al davis]

JRT will not run. I get error 'Non 7z Archive' in a popup window when I try to run it. XP 32 bit machine.

 

[Broni]

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[al davis]

ComboFix tells me that Microsoft Security Essentials (MSE) is running. I stopped it from starting at reboot and its avitar/icon is not on the toolbar. Are there other things I need to do to stop it?

 

[al davis]

OK I think I stoped MSE (via component services)


ComboFix 15-03-25.01 - al 03/26/2015 0:26.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2558.2094 [GMT -5:00]
Running from: c:\documents and settings\al\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\al\Local Settings\Application Data\HTPA
c:\documents and settings\al\Local Settings\Application Data\HTPA\HTPA.exe
c:\documents and settings\al\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}\Setup.exe
c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe
c:\documents and settings\All Users\Application Data\TEMP\{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}\Setup.exe
c:\windows\$msi31uninstall_kb893803v2$
c:\windows\$msi31uninstall_kb893803v2$\msi.dll
c:\windows\$msi31uninstall_kb893803v2$\msiexec.exe
c:\windows\$msi31uninstall_kb893803v2$\msihnd.dll
c:\windows\$msi31uninstall_kb893803v2$\msimsg.dll
c:\windows\$msi31uninstall_kb893803v2$\msisip.dll
c:\windows\$msi31uninstall_kb893803v2$\reg00013
c:\windows\$msi31uninstall_kb893803v2$\reg00014
c:\windows\$msi31uninstall_kb893803v2$\reg00015
c:\windows\$msi31uninstall_kb893803v2$\reg00016
c:\windows\$msi31uninstall_kb893803v2$\reg00017
c:\windows\$msi31uninstall_kb893803v2$\reg00018
c:\windows\$msi31uninstall_kb893803v2$\reg00019
c:\windows\$msi31uninstall_kb893803v2$\reg00020
c:\windows\$msi31uninstall_kb893803v2$\reg00021
c:\windows\$msi31uninstall_kb893803v2$\reg00022
c:\windows\$msi31uninstall_kb893803v2$\reg00023
c:\windows\$msi31uninstall_kb893803v2$\reg00024
c:\windows\$msi31uninstall_kb893803v2$\reg00025
c:\windows\$msi31uninstall_kb893803v2$\reg00026
c:\windows\$msi31uninstall_kb893803v2$\reg00027
c:\windows\$msi31uninstall_kb893803v2$\reg00028
c:\windows\$msi31uninstall_kb893803v2$\reg00029
c:\windows\$msi31uninstall_kb893803v2$\reg00030
c:\windows\$msi31uninstall_kb893803v2$\reg00031
c:\windows\$msi31uninstall_kb893803v2$\reg00032
c:\windows\$msi31uninstall_kb893803v2$\reg00033
c:\windows\$msi31uninstall_kb893803v2$\reg00034
c:\windows\$msi31uninstall_kb893803v2$\reg00035
c:\windows\$msi31uninstall_kb893803v2$\reg00036
c:\windows\$msi31uninstall_kb893803v2$\reg00037
c:\windows\$msi31uninstall_kb893803v2$\reg00038
c:\windows\$msi31uninstall_kb893803v2$\reg00039
c:\windows\$msi31uninstall_kb893803v2$\reg00040
c:\windows\$msi31uninstall_kb893803v2$\reg00041
c:\windows\$msi31uninstall_kb893803v2$\reg00042
c:\windows\$msi31uninstall_kb893803v2$\reg00043
c:\windows\$msi31uninstall_kb893803v2$\reg00044
c:\windows\$msi31uninstall_kb893803v2$\reg00045
c:\windows\$msi31uninstall_kb893803v2$\reg00046
c:\windows\$msi31uninstall_kb893803v2$\reg00047
c:\windows\$msi31uninstall_kb893803v2$\reg00048
c:\windows\$msi31uninstall_kb893803v2$\reg00051
c:\windows\$msi31uninstall_kb893803v2$\reg00052
c:\windows\$msi31uninstall_kb893803v2$\reg00053
c:\windows\$msi31uninstall_kb893803v2$\reg00054
c:\windows\$msi31uninstall_kb893803v2$\reg00055
c:\windows\$msi31uninstall_kb893803v2$\reg00056
c:\windows\$msi31uninstall_kb893803v2$\reg00057
c:\windows\$msi31uninstall_kb893803v2$\reg00058
c:\windows\$msi31uninstall_kb893803v2$\reg00059
c:\windows\$msi31uninstall_kb893803v2$\reg00060
c:\windows\$msi31uninstall_kb893803v2$\reg00061
c:\windows\$msi31uninstall_kb893803v2$\reg00062
c:\windows\$msi31uninstall_kb893803v2$\reg00063
c:\windows\$msi31uninstall_kb893803v2$\reg00064
c:\windows\$msi31uninstall_kb893803v2$\reg00065
c:\windows\$msi31uninstall_kb893803v2$\reg00066
c:\windows\$msi31uninstall_kb893803v2$\reg00067
c:\windows\$msi31uninstall_kb893803v2$\reg00068
c:\windows\$msi31uninstall_kb893803v2$\reg00069
c:\windows\$msi31uninstall_kb893803v2$\reg00070
c:\windows\$msi31uninstall_kb893803v2$\reg00071
c:\windows\$msi31uninstall_kb893803v2$\reg00072
c:\windows\$msi31uninstall_kb893803v2$\reg00073
c:\windows\$msi31uninstall_kb893803v2$\reg00074
c:\windows\$msi31uninstall_kb893803v2$\reg00075
c:\windows\$msi31uninstall_kb893803v2$\reg00076
c:\windows\$msi31uninstall_kb893803v2$\reg00077
c:\windows\$msi31uninstall_kb893803v2$\reg00078
c:\windows\$msi31uninstall_kb893803v2$\reg00079
c:\windows\$msi31uninstall_kb893803v2$\reg00080
c:\windows\$msi31uninstall_kb893803v2$\reg00081
c:\windows\$msi31uninstall_kb893803v2$\reg00082
c:\windows\$msi31uninstall_kb893803v2$\reg00083
c:\windows\$msi31uninstall_kb893803v2$\reg00084
c:\windows\$msi31uninstall_kb893803v2$\reg00085
c:\windows\$msi31uninstall_kb893803v2$\reg00086
c:\windows\$msi31uninstall_kb893803v2$\reg00087
c:\windows\$msi31uninstall_kb893803v2$\reg00088
c:\windows\$msi31uninstall_kb893803v2$\reg00089
c:\windows\$msi31uninstall_kb893803v2$\reg00090
c:\windows\$msi31uninstall_kb893803v2$\reg00099
c:\windows\$msi31uninstall_kb893803v2$\reg00100
c:\windows\$msi31uninstall_kb893803v2$\reg00101
c:\windows\$msi31uninstall_kb893803v2$\reg00102
c:\windows\$msi31uninstall_kb893803v2$\reg00103
c:\windows\$msi31uninstall_kb893803v2$\reg00104
c:\windows\$msi31uninstall_kb893803v2$\reg00105
c:\windows\$msi31uninstall_kb893803v2$\reg00106
c:\windows\$msi31uninstall_kb893803v2$\reg00107
c:\windows\$msi31uninstall_kb893803v2$\reg00108
c:\windows\$msi31uninstall_kb893803v2$\reg00109
c:\windows\$msi31uninstall_kb893803v2$\reg00110
c:\windows\$msi31uninstall_kb893803v2$\reg00111
c:\windows\$msi31uninstall_kb893803v2$\reg00112
c:\windows\$msi31uninstall_kb893803v2$\reg00113
c:\windows\$msi31uninstall_kb893803v2$\reg00114
c:\windows\$msi31uninstall_kb893803v2$\reg00115
c:\windows\$msi31uninstall_kb893803v2$\reg00116
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.exe
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.inf
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.txt
c:\windows\$msi31uninstall_kb893803v2$\spuninst\updspapi.dll
c:\windows\system32\Cache
c:\windows\system32\Cache\1fde3ce452d6a70f.fb
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\377f198ec4d132d6.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\98a5da257fdcad00.fb
c:\windows\system32\Cache\991ac4565a32d6e5.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\beed8a91d2573f79.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f63a6bb0f27a98c0.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
.
.
((((((((((((((((((((((((( Files Created from 2015-02-26 to 2015-03-26 )))))))))))))))))))))))))))))))
.
.
2015-03-26 03:16 . 2015-03-26 03:33 -------- d-----w- C:\AdwCleaner
2015-03-25 23:59 . 2015-03-25 23:59 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-03-25 23:59 . 2015-03-26 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\RogueKiller
2015-03-25 14:15 . 2015-03-14 10:06 9119072 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BCD37E5A-9F72-45E5-A0C9-0AE8DB38995E}\mpengine.dll
2015-03-25 01:00 . 2015-03-14 10:06 9119072 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-03-13 13:40 . 2015-03-13 13:40 1409 ----a-w- c:\windows\QTFont.for
2015-03-13 05:31 . 2015-03-13 05:31 -------- d-----w- c:\documents and settings\All Users\Application Data\install_clap
2015-03-13 01:05 . 2015-03-13 01:05 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2015-03-10 22:25 . 2015-03-10 22:32 -------- d-----w- c:\documents and settings\al\Application Data\Vso
2015-03-10 22:25 . 2015-03-10 22:32 87608 ----a-w- c:\documents and settings\al\Application Data\inst.exe
2015-03-10 22:25 . 2015-03-10 22:32 47360 ----a-w- c:\documents and settings\al\Application Data\pcouffin.sys
2015-03-10 22:24 . 2015-03-13 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\VSO
2015-03-10 22:24 . 2015-03-10 22:24 -------- d-----w- c:\program files\VSO
2015-03-10 21:52 . 2015-03-10 21:52 -------- d-----w- c:\documents and settings\al\Local Settings\Application Data\CyberLink
2015-03-10 21:51 . 2012-07-11 18:18 23664 ----a-w- c:\windows\system32\lgfwunis.exe
2015-03-10 21:51 . 2001-08-30 02:00 59904 ----a-w- c:\windows\system32\wbemdisp.tlb
2015-03-10 21:51 . 1998-07-22 05:00 102160 ----a-w- c:\windows\system32\VB6KO.DLL
2015-03-10 21:51 . 2015-03-10 21:52 -------- d-----w- c:\program files\lg_fwupdate
2015-03-10 21:50 . 2008-04-14 10:42 53760 ----a-w- c:\windows\system32\drivers\vfwwdm32.dll
2015-03-10 21:43 . 2015-03-10 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\CLSK
2015-03-10 21:35 . 2015-03-13 05:51 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-26 03:41 . 2014-06-14 15:17 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-03 13:16 . 2013-12-05 07:39 246920 ------w- c:\windows\system32\MpSigStub.exe
2015-02-06 00:35 . 2012-12-26 01:14 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-06 00:35 . 2012-12-26 01:14 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-01-27 02:34 . 2015-01-27 02:34 10 ----a-w- c:\windows\Fonts\wfonts.key
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\eudora_7\EuShlExt.dll" [2005-08-09 86016]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Adobe\\Acrobat.com\\Acrobat.com.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"c:\\Documents and Settings\\al\\Desktop\\winvnc4.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*isabledxpsp2res.dll,-22009
.
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\SYSTEM32\DRIVERS\VCdRom.sys [11/24/2008 4:41 PM 8576]
R2 DriverX;DriverX;c:\windows\SYSTEM32\DRIVERS\driverx.sys [2/19/2011 4:42 PM 52512]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [9/18/2014 6:16 PM 14624]
R2 tviclpt;tviclpt;c:\windows\SYSTEM32\DRIVERS\tviclpt.SYS [10/9/2009 8:28 PM 15536]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\SYSTEM32\DRIVERS\clwvd.sys [6/14/2012 10:23 PM 27760]
R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\windows\SYSTEM32\DRIVERS\evsbc.sys [7/2/2012 1:25 PM 27904]
S3 DIGIRPS;Digi RealPort Driver;c:\windows\SYSTEM32\DRIVERS\digirlpt.sys [10/2/2009 6:40 PM 152376]
S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\windows\SYSTEM32\DRIVERS\evserial.sys [7/2/2012 1:26 PM 53888]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [7/16/2003 11:41 AM 14336]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL7A21C442
*Deregistered* - MpKsl7a21c442
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-31 c:\windows\Tasks\A l e r t s.job
- c:\progra~1\Dell\Support\bin\Support.exe [2004-05-28 01:06]
.
2015-03-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-26 00:35]
.
2015-03-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3960577219-1813400529-1317427278-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2015-03-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3960577219-1813400529-1317427278-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
Trusted Zone: turbotax.com
TCP: Interfaces\{8AA62950-D597-4798-9F57-32AEF4529374}: NameServer = 216.234.97.2 216.234.97.3
FF - ProfilePath - c:\documents and settings\al\Application Data\Mozilla\Firefox\Profiles\nkz4233i.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cloudynights.com/ubbthreads/|http://www.cloudynights.com/ubbthreads/ubbthreads.php?Cat=
.
- - - - ORPHANS REMOVED - - - -
.
c:\documents and settings\al\Start Menu\Programs\Startup\alt_mich.com.lnk - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-03-26 00:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(868)
c:\windows\system32\relog_ap.dll
.
Completion time: 2015-03-26 00:40:33
ComboFix-quarantined-files.txt 2015-03-26 05:40
.
Pre-Run: 7,924,465,664 bytes free
Post-Run: 7,915,884,544 bytes free
.
- - End Of File - - 3FC14A7994B36347BE77821CC5B54890
8F558EB6672622401DA993E1E865C861

 

[Broni]

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Make sure you checkmark Addition.txt box.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[al davis]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by al (administrator) on XP on 26-03-2015 19:16:22
Running from C:\Documents and Settings\al\Desktop\virus_et_al
Loaded Profiles: al (Available profiles: al & Administrator & Guest)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\locator.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\wscntfy.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Documents and Settings\al\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\al\Local Settings\Application Data\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\sstext3d.scr [679936 2008-04-14] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\Documents and Settings\al\Start Menu\Programs\Startup\alt_mich.com.lnk
ShortcutTarget: alt_mich.com.lnk -> (No File)
Startup: C:\Documents and Settings\al\Start Menu\Programs\Startup\Microsoft Security Essentials.lnk
ShortcutTarget: Microsoft Security Essentials.lnk -> C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Local Policy Restriction on IP: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385236-70fa-11d1-864c-14a300000000} <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-02-12] (RealPlayer)
BHO: No Name -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31] (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2013-06-08] (Sun Microsystems, Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll [2007-08-21] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2013-06-08] (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2013-06-08] (Sun Microsystems, Inc.)
BHO: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files\Google\Chrome\Application\26.0.1410.64\npchrome_frame.dll [2013-04-09] (Google Inc.)
Toolbar: HKLM - No Name - {BA52B914-B692-46c4-B683-905236F6F655} - No File
Toolbar: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006 -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/oas/ActiveX/MSDcode.cab
DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} http://us.chat1.yimg.com/us.yimg.com/I/chat/applet/v45/yacscom.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} http://chat.yahoo.com/cab/yacsui.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome\Application\26.0.1410.64\npchrome_frame.dll [2013-04-09] (Google Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File []
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
ShellExecuteHooks: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\eudora_7\EuShlExt.dll [86016 2005-08-09] (Qualcomm Inc.)
Tcpip\..\Interfaces\{8AA62950-D597-4798-9F57-32AEF4529374}: [NameServer] 216.234.97.2 216.234.97.3

FireFox:
========
FF ProfilePath: C:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\nkz4233i.default
FF Homepage: hxxp://www.cloudynights.com/ubbthreads/|hxxp://www.cloudynights.com/ubbthreads/ubbthreads.php?Cat=
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2010-09-01] (Google)
FF Plugin: @java.com/DTPlugin,version=1.6.0_45 -> C:\WINDOWS\system32\npdeployJava1.dll [2013-06-08] (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2013-06-08] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+(R),version=1.6.2.100 -> C:\Program Files\NOS\bin\np_gp.dll [2011-03-01] (NOS Microsystems Ltd.)
FF Plugin: @pack.google.com/Google Updater;version=11 -> C:\Program Files\Google\Google Updater\2.2.940.34809\npCIDetect11.dll [2007-08-21] (Google)
FF Plugin: @real.com/nppl3260;version=12.0.1.633 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2011-02-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.633 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll [2011-02-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.633 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-02-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.633 -> c:\program files\real\realplayer\Netscape6\nprpjplug.dll [2011-02-12] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=8 -> C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll [2010-10-21] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3960577219-1813400529-1317427278-1006: @tools.google.com/Google Update;version=8 -> C:\Documents and Settings\al\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll [2010-10-20] (Google Inc.)
FF Extension: Adblock Plus - C:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\nkz4233i.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-17]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2008-11-24]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-02-12]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2013-06-08]

Chrome:
=======
CHR Profile: C:\Documents and Settings\al\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\al\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-02-19]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-02-12]
StartMenuInternet: chrome.exe - C:\Documents and Settings\al\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [660576 2011-02-12] (Acronis)
S3 getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [31592 2008-06-26] (NOS Microsystems Ltd.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [158128 2013-06-08] (Sun Microsystems, Inc.)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [335872 2003-03-19] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S3 NetSvc; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [143360 2003-03-03] (Intel(R) Corporation) [File not signed]
S2 helpsvc; %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2003-07-16] (Microsoft Corporation)
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R3 BCMModem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29] (Broadcom Corporation)
R2 BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [19537 2000-07-24] (Brother Industries Ltd.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 DIGIRPS; C:\WINDOWS\System32\DRIVERS\digirlpt.sys [152376 2008-07-10] (Digi International Inc.)
R2 DriverX; C:\WINDOWS\System32\Drivers\driverx.sys [52512 2001-06-11] (Microsoft Corporation) [File not signed]
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [84576 2003-07-31] (Sonic Solutions) [File not signed]
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40448 2003-06-20] (Sonic Solutions) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [383800 2007-02-13] (Symantec Corporation)
S3 evserial; C:\WINDOWS\System32\DRIVERS\evserial.sys [53888 2008-05-19] (ELTIMA Software)
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [57536 2008-03-13] (FTDI Ltd.)
R1 hwinterface; C:\WINDOWS\System32\Drivers\hwinterface.sys [3026 2009-10-09] (Logix4u) [File not signed]
S3 i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [161020 2004-08-03] (Intel(R) Corporation)
S3 iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [12415 2004-08-03] (Intel(R) Corporation)
S3 iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [12127 2004-08-03] (Intel(R) Corporation)
S3 iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [11775 2004-08-03] (Intel(R) Corporation)
S3 iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-03] (Intel(R) Corporation)
S3 iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-03] (Intel(R) Corporation)
S3 iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [29311 2004-08-03] (Intel(R) Corporation)
S3 iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [19551 2004-08-03] (Intel(R) Corporation)
S3 iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [33599 2004-08-03] (Intel(R) Corporation)
S3 iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-03] (Intel(R) Corporation)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R3 MxlW2k; C:\WINDOWS\system32\Drivers\MxlW2k.sys [28256 2010-05-07] (MusicMatch, Inc.) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R1 omci; C:\WINDOWS\System32\DRIVERS\omci.sys [17217 2002-11-08] (Dell Computer Corporation) [File not signed]
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-14] (Microsoft Corporation)
R0 PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [17168 2003-07-30] (Sonic Solutions) [File not signed]
R0 snapman; C:\WINDOWS\System32\DRIVERS\snapman.sys [99776 2009-08-04] (Acronis) [File not signed]
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5621 2003-07-14] (Sonic Solutions) [File not signed]
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23219 2003-07-14] (Sonic Solutions) [File not signed]
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25685 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34837 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4117 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2233 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [83284 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [14229 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6357 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98068 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100373 2003-08-06] (Sonic Solutions) [File not signed]
R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [32224 2009-08-04] (Acronis) [File not signed]
R0 timounter; C:\WINDOWS\System32\DRIVERS\timntr.sys [387520 2009-08-04] (Acronis) [File not signed]
S3 TVicHW32; C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [29536 2006-10-13] (EnTech Taiwan)
R2 tviclpt; C:\WINDOWS\system32\Drivers\tviclpt.sys [15536 2003-03-12] (EnTech Taiwan) [File not signed]
S3 USB28xxBGA; C:\WINDOWS\System32\DRIVERS\emBDA.sys [608128 2011-03-10] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\WINDOWS\System32\DRIVERS\emOEM.sys [1038080 2011-03-10] (eMPIA Technology, Inc.)
R1 vcdrom; C:\WINDOWS\SYSTEM32\DRIVERS\VCdRom.sys [8576 2001-12-19] (Microsoft Corporation) [File not signed]
R3 VSBC; C:\WINDOWS\System32\DRIVERS\evsbc.sys [27904 2008-05-19] (ELTIMA Software)
R3 vsbus; C:\WINDOWS\System32\DRIVERS\vsb.sys [18180 2003-03-14] (ELTIMA Software) [File not signed]
S3 vserial; C:\WINDOWS\System32\DRIVERS\vserial.sys [69932 2003-03-14] (ELTIMA Software) [File not signed]
S3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\WINDOWS\System32\drivers\ialmsbw.sys [113504 2003-04-15] (Intel Corporation)
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\WINDOWS\System32\drivers\ialmkchw.sys [78752 2003-04-15] (Intel Corporation)
S2 adfs; No ImagePath
S3 catchme; \??\C:\DOCUME~1\al\LOCALS~1\Temp\catchme.sys [X]
S3 EL90X; System32\DRIVERS\el90xnd5.sys [X]
S3 EL90XBC; System32\DRIVERS\el90xbc5.sys [X]
S3 iAimTV2; System32\DRIVERS\wATV03nt.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S3 wanatw; System32\DRIVERS\wanatw4.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-26 19:16 - 2015-03-26 19:16 - 00000000 ____D () C:\FRST
2015-03-26 00:40 - 2015-03-26 19:16 - 00000000 ____D () C:\Documents and Settings\al\Local Settings\temp
2015-03-26 00:40 - 2015-03-26 00:40 - 00016791 _____ () C:\ComboFix.txt
2015-03-26 00:40 - 2015-03-26 00:40 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\temp
2015-03-26 00:40 - 2015-03-26 00:40 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\temp
2015-03-26 00:40 - 2015-03-26 00:40 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2015-03-25 23:21 - 2015-03-25 23:59 - 05615749 ____R (Swearware) C:\Documents and Settings\al\Desktop\ComboFix.exe
2015-03-25 22:16 - 2015-03-25 22:33 - 00000000 ____D () C:\AdwCleaner
2015-03-25 18:59 - 2015-03-25 19:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2015-03-25 18:59 - 2015-03-25 18:59 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-03-13 08:40 - 2015-03-13 21:59 - 00054156 ____H () C:\WINDOWS\QTFont.qfn
2015-03-13 08:40 - 2015-03-13 08:40 - 00001409 _____ () C:\WINDOWS\QTFont.for
2015-03-13 00:32 - 2015-03-13 00:32 - 00001887 _____ () C:\Documents and Settings\All Users\Desktop\CyberLink Media Suite 10.lnk
2015-03-13 00:32 - 2015-03-13 00:32 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CyberLink Media Suite
2015-03-13 00:31 - 2015-03-13 00:31 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\install_clap
2015-03-12 20:05 - 2015-03-12 20:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\vsosdk
2015-03-11 00:32 - 2015-03-14 06:36 - 00181549 _____ () C:\Documents and Settings\al\My Documents\GOPR0105.XtoDVD
2015-03-10 23:34 - 2015-03-10 17:28 - 00001119 _____ () C:\Documents and Settings\al\Desktop\Desktop Burning Gadget.lnk
2015-03-10 18:04 - 2015-03-13 09:31 - 00000000 ____D () C:\Documents and Settings\al\My Documents\ConvertXtoDVD
2015-03-10 17:25 - 2015-03-10 17:32 - 00087608 _____ () C:\Documents and Settings\al\Application Data\inst.exe
2015-03-10 17:25 - 2015-03-10 17:32 - 00047360 _____ (VSO Software) C:\Documents and Settings\al\Application Data\pcouffin.sys
2015-03-10 17:25 - 2015-03-10 17:32 - 00007887 _____ () C:\Documents and Settings\al\Application Data\pcouffin.cat
2015-03-10 17:25 - 2015-03-10 17:32 - 00000055 _____ () C:\Documents and Settings\al\Application Data\pcouffin.log
2015-03-10 17:25 - 2015-03-10 17:32 - 00000000 ____D () C:\Documents and Settings\al\Application Data\Vso
2015-03-10 17:24 - 2015-03-13 18:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\VSO
2015-03-10 17:24 - 2015-03-10 17:32 - 00000889 _____ () C:\Documents and Settings\al\Desktop\ConvertXToDVD 5.lnk
2015-03-10 17:24 - 2015-03-10 17:24 - 00000000 ____D () C:\Program Files\VSO
2015-03-10 17:24 - 2015-03-10 17:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\VSO
2015-03-10 16:52 - 2015-03-10 16:53 - 00000000 ____D () C:\Documents and Settings\al\My Documents\Youcam
2015-03-10 16:52 - 2015-03-10 16:52 - 00000000 ____D () C:\Documents and Settings\al\Local Settings\Application Data\CyberLink
2015-03-10 16:51 - 2015-03-10 16:52 - 00000000 ____D () C:\Program Files\lg_fwupdate
2015-03-10 16:51 - 2015-03-10 16:51 - 00000267 _____ () C:\WINDOWS\lgfwup.ini
2015-03-10 16:51 - 2015-03-10 16:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\LG Tool Kit
2015-03-10 16:51 - 2012-07-11 13:18 - 00023664 _____ (BitLeader) C:\WINDOWS\system32\lgfwunis.exe
2015-03-10 16:51 - 2001-08-29 21:00 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbemdisp.tlb
2015-03-10 16:51 - 1998-07-22 00:00 - 00102160 _____ (Microsoft Corporation) C:\WINDOWS\system32\VB6KO.DLL
2015-03-10 16:50 - 2008-04-14 05:42 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kswdmcap.ax
2015-03-10 16:50 - 2008-04-14 05:42 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kstvtune.ax
2015-03-10 16:50 - 2008-04-14 05:42 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vfwwdm32.dll
2015-03-10 16:50 - 2008-04-14 05:42 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksxbar.ax
2015-03-10 16:50 - 2008-04-14 05:42 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vidcap.ax
2015-03-10 16:46 - 2015-03-10 16:50 - 00000000 ____D () C:\Documents and Settings\Guest\Start Menu\Programs\CyberLink Media Suite
2015-03-10 16:46 - 2015-03-10 16:50 - 00000000 ____D () C:\Documents and Settings\Default User\Start Menu\Programs\CyberLink Media Suite
2015-03-10 16:46 - 2015-03-10 16:50 - 00000000 ____D () C:\Documents and Settings\al\Start Menu\Programs\CyberLink Media Suite
2015-03-10 16:46 - 2015-03-10 16:50 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\CyberLink Media Suite
2015-03-10 16:43 - 2015-03-10 16:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CLSK
2015-03-10 16:35 - 2015-03-13 00:51 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CyberLink

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-26 19:16 - 2011-02-06 08:41 - 00000000 ____D () C:\Documents and Settings\al\Desktop\virus_et_al
2015-03-26 18:50 - 2013-04-20 16:27 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-26 16:54 - 2011-02-06 23:45 - 00244107 _____ () C:\WINDOWS\setupapi.log
2015-03-26 09:47 - 2004-08-21 08:38 - 01756291 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-26 08:43 - 2011-12-02 21:09 - 00000272 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3960577219-1813400529-1317427278-1006.job
2015-03-26 08:41 - 2004-01-09 06:49 - 00000428 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-03-26 08:40 - 2004-01-03 18:46 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-26 08:40 - 2004-01-03 18:32 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-03-26 08:39 - 2004-01-08 16:03 - 00000278 ___SH () C:\Documents and Settings\al\NTUSER.INI
2015-03-26 08:39 - 2004-01-03 18:46 - 00032488 _____ () C:\WINDOWS\SchedLgU.Txt
2015-03-26 00:40 - 2012-07-18 23:56 - 00000000 ____D () C:\Qoobox
2015-03-26 00:40 - 2004-01-03 18:32 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-03-26 00:37 - 2002-09-03 14:26 - 00000227 _____ () C:\WINDOWS\system.ini
2015-03-26 00:36 - 2004-01-08 16:03 - 00000000 ____D () C:\Documents and Settings\al
2015-03-26 00:11 - 2004-01-03 18:32 - 00000000 ____D () C:\WINDOWS\Registration
2015-03-25 22:41 - 2014-06-14 10:17 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-24 21:22 - 2011-10-01 19:00 - 00000280 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3960577219-1813400529-1317427278-1006.job
2015-03-23 01:32 - 2012-02-05 23:31 - 02691628 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3960577219-1813400529-1317427278-1006-0.dat
2015-03-23 01:32 - 2012-02-05 23:31 - 00261318 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-03-22 15:00 - 2015-02-05 20:17 - 00000000 ____D () C:\tTax_2014
2015-03-22 15:00 - 2015-02-05 20:06 - 00002393 _____ () C:\Documents and Settings\All Users\Desktop\TurboTax 2014.lnk
2015-03-21 09:30 - 2013-08-12 14:25 - 00016077 _____ () C:\WINDOWS\al8.xlb
2015-03-19 00:45 - 2002-09-03 14:29 - 00000215 _____ () C:\WINDOWS\WIADEBUG.LOG
2015-03-18 11:19 - 2002-09-03 14:29 - 00000049 _____ () C:\WINDOWS\WIASERVC.LOG
2015-03-17 23:38 - 2014-10-08 15:26 - 00000000 ____D () C:\eudora_7
2015-03-17 20:02 - 2013-04-03 16:51 - 00000718 _____ () C:\Documents and Settings\al\Desktop\New Text Document (2).txt
2015-03-16 21:30 - 2005-04-12 19:38 - 04249909 _____ () C:\winzip.log
2015-03-16 21:28 - 2014-10-18 10:23 - 00000000 ____D () C:\unzipped
2015-03-13 00:31 - 2004-01-03 18:57 - 00000000 ____D () C:\Program Files\CyberLink
2015-03-13 00:31 - 2004-01-03 18:56 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-03-11 08:34 - 2004-09-13 18:43 - 00000000 __SHD () C:\WINDOWS\CSC
2015-03-11 08:34 - 2004-02-17 13:14 - 805306368 _____ () C:\WINDOWS\MEMORY.DMP
2015-03-10 18:05 - 2006-02-11 16:36 - 00000000 ____D () C:\Dextron
2015-03-10 17:01 - 2005-02-25 19:20 - 00000000 ____D () C:\Documents and Settings\al\Application Data\CyberLink
2015-03-05 00:50 - 2013-10-06 09:31 - 00004064 _____ () C:\Documents and Settings\al\Desktop\Empty.txt
2015-03-03 08:16 - 2013-12-05 02:39 - 00246920 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-03-02 07:11 - 2004-01-03 18:43 - 00001170 _____ () C:\WINDOWS\system32\WPA.DBL
2015-02-26 11:59 - 2003-10-16 16:44 - 00258918 _____ () C:\WINDOWS\SETUPACT.LOG

==================== Files in the root of some directories =======

2004-01-13 07:24 - 2004-01-13 08:56 - 0000000 _____ () C:\Documents and Settings\al\Application Data\dm.ini
2015-03-10 17:25 - 2015-03-10 17:32 - 0087608 _____ () C:\Documents and Settings\al\Application Data\inst.exe
2015-03-10 17:25 - 2015-03-10 17:32 - 0007887 _____ () C:\Documents and Settings\al\Application Data\pcouffin.cat
2015-03-10 17:25 - 2015-03-10 17:32 - 0001144 _____ () C:\Documents and Settings\al\Application Data\pcouffin.inf
2015-03-10 17:25 - 2015-03-10 17:32 - 0000055 _____ () C:\Documents and Settings\al\Application Data\pcouffin.log
2015-03-10 17:25 - 2015-03-10 17:32 - 0047360 _____ (VSO Software) C:\Documents and Settings\al\Application Data\pcouffin.sys
2004-12-10 22:01 - 2004-12-10 22:01 - 0012358 _____ () C:\Documents and Settings\al\Application Data\PFP110JCM.{PB
2004-12-10 22:01 - 2004-12-10 22:01 - 0061678 _____ () C:\Documents and Settings\al\Application Data\PFP110JPR.{PB
2004-02-20 23:30 - 2014-10-18 13:40 - 0010752 _____ () C:\Documents and Settings\al\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-10 14:53 - 2012-08-10 14:53 - 0027520 _____ () C:\Documents and Settings\al\Local Settings\Application Data\dt.dat
2004-02-21 12:33 - 2005-01-05 22:28 - 0000125 _____ () C:\Documents and Settings\al\Local Settings\Application Data\fusioncache.dat
2002-12-15 00:10 - 2002-12-15 00:10 - 0001192 ___RH () C:\Documents and Settings\al\Local Settings\Application Data\ntuisl.dat

Some zero byte size files/folders:
==========================
C:\Windows\System32\addxr32.exe
C:\Windows\System32\netne32.exe
C:\Windows\System32\ofjhl.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

[al davis]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by al (administrator) on XP on 26-03-2015 19:16:22
Running from C:\Documents and Settings\al\Desktop\virus_et_al
Loaded Profiles: al (Available profiles: al & Administrator & Guest)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\locator.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\wscntfy.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Documents and Settings\al\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\al\Local Settings\Application Data\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\sstext3d.scr [679936 2008-04-14] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\Documents and Settings\al\Start Menu\Programs\Startup\alt_mich.com.lnk
ShortcutTarget: alt_mich.com.lnk -> (No File)
Startup: C:\Documents and Settings\al\Start Menu\Programs\Startup\Microsoft Security Essentials.lnk
ShortcutTarget: Microsoft Security Essentials.lnk -> C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Local Policy Restriction on IP: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385236-70fa-11d1-864c-14a300000000} <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-02-12] (RealPlayer)
BHO: No Name -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31] (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2013-06-08] (Sun Microsystems, Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll [2007-08-21] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2013-06-08] (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2013-06-08] (Sun Microsystems, Inc.)
BHO: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files\Google\Chrome\Application\26.0.1410.64\npchrome_frame.dll [2013-04-09] (Google Inc.)
Toolbar: HKLM - No Name - {BA52B914-B692-46c4-B683-905236F6F655} - No File
Toolbar: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006 -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/oas/ActiveX/MSDcode.cab
DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} http://us.chat1.yimg.com/us.yimg.com/I/chat/applet/v45/yacscom.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} http://chat.yahoo.com/cab/yacsui.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome\Application\26.0.1410.64\npchrome_frame.dll [2013-04-09] (Google Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File []
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
ShellExecuteHooks: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\eudora_7\EuShlExt.dll [86016 2005-08-09] (Qualcomm Inc.)
Tcpip\..\Interfaces\{8AA62950-D597-4798-9F57-32AEF4529374}: [NameServer] 216.234.97.2 216.234.97.3

FireFox:
========
FF ProfilePath: C:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\nkz4233i.default
FF Homepage: hxxp://www.cloudynights.com/ubbthreads/|hxxp://www.cloudynights.com/ubbthreads/ubbthreads.php?Cat=
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2010-09-01] (Google)
FF Plugin: @java.com/DTPlugin,version=1.6.0_45 -> C:\WINDOWS\system32\npdeployJava1.dll [2013-06-08] (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2013-06-08] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+(R),version=1.6.2.100 -> C:\Program Files\NOS\bin\np_gp.dll [2011-03-01] (NOS Microsystems Ltd.)
FF Plugin: @pack.google.com/Google Updater;version=11 -> C:\Program Files\Google\Google Updater\2.2.940.34809\npCIDetect11.dll [2007-08-21] (Google)
FF Plugin: @real.com/nppl3260;version=12.0.1.633 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2011-02-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.633 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll [2011-02-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.633 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-02-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.633 -> c:\program files\real\realplayer\Netscape6\nprpjplug.dll [2011-02-12] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=8 -> C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll [2010-10-21] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3960577219-1813400529-1317427278-1006: @tools.google.com/Google Update;version=8 -> C:\Documents and Settings\al\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll [2010-10-20] (Google Inc.)
FF Extension: Adblock Plus - C:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\nkz4233i.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-17]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2008-11-24]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-02-12]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2013-06-08]

Chrome:
=======
CHR Profile: C:\Documents and Settings\al\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\al\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-02-19]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-02-12]
StartMenuInternet: chrome.exe - C:\Documents and Settings\al\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [660576 2011-02-12] (Acronis)
S3 getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [31592 2008-06-26] (NOS Microsystems Ltd.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [158128 2013-06-08] (Sun Microsystems, Inc.)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [335872 2003-03-19] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S3 NetSvc; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [143360 2003-03-03] (Intel(R) Corporation) [File not signed]
S2 helpsvc; %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2003-07-16] (Microsoft Corporation)
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R3 BCMModem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29] (Broadcom Corporation)
R2 BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [19537 2000-07-24] (Brother Industries Ltd.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 DIGIRPS; C:\WINDOWS\System32\DRIVERS\digirlpt.sys [152376 2008-07-10] (Digi International Inc.)
R2 DriverX; C:\WINDOWS\System32\Drivers\driverx.sys [52512 2001-06-11] (Microsoft Corporation) [File not signed]
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [84576 2003-07-31] (Sonic Solutions) [File not signed]
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40448 2003-06-20] (Sonic Solutions) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [383800 2007-02-13] (Symantec Corporation)
S3 evserial; C:\WINDOWS\System32\DRIVERS\evserial.sys [53888 2008-05-19] (ELTIMA Software)
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [57536 2008-03-13] (FTDI Ltd.)
R1 hwinterface; C:\WINDOWS\System32\Drivers\hwinterface.sys [3026 2009-10-09] (Logix4u) [File not signed]
S3 i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [161020 2004-08-03] (Intel(R) Corporation)
S3 iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [12415 2004-08-03] (Intel(R) Corporation)
S3 iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [12127 2004-08-03] (Intel(R) Corporation)
S3 iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [11775 2004-08-03] (Intel(R) Corporation)
S3 iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-03] (Intel(R) Corporation)
S3 iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-03] (Intel(R) Corporation)
S3 iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [29311 2004-08-03] (Intel(R) Corporation)
S3 iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [19551 2004-08-03] (Intel(R) Corporation)
S3 iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [33599 2004-08-03] (Intel(R) Corporation)
S3 iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-03] (Intel(R) Corporation)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R3 MxlW2k; C:\WINDOWS\system32\Drivers\MxlW2k.sys [28256 2010-05-07] (MusicMatch, Inc.) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R1 omci; C:\WINDOWS\System32\DRIVERS\omci.sys [17217 2002-11-08] (Dell Computer Corporation) [File not signed]
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-14] (Microsoft Corporation)
R0 PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [17168 2003-07-30] (Sonic Solutions) [File not signed]
R0 snapman; C:\WINDOWS\System32\DRIVERS\snapman.sys [99776 2009-08-04] (Acronis) [File not signed]
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5621 2003-07-14] (Sonic Solutions) [File not signed]
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23219 2003-07-14] (Sonic Solutions) [File not signed]
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25685 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34837 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4117 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2233 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [83284 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [14229 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6357 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98068 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100373 2003-08-06] (Sonic Solutions) [File not signed]
R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [32224 2009-08-04] (Acronis) [File not signed]
R0 timounter; C:\WINDOWS\System32\DRIVERS\timntr.sys [387520 2009-08-04] (Acronis) [File not signed]
S3 TVicHW32; C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [29536 2006-10-13] (EnTech Taiwan)
R2 tviclpt; C:\WINDOWS\system32\Drivers\tviclpt.sys [15536 2003-03-12] (EnTech Taiwan) [File not signed]
S3 USB28xxBGA; C:\WINDOWS\System32\DRIVERS\emBDA.sys [608128 2011-03-10] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\WINDOWS\System32\DRIVERS\emOEM.sys [1038080 2011-03-10] (eMPIA Technology, Inc.)
R1 vcdrom; C:\WINDOWS\SYSTEM32\DRIVERS\VCdRom.sys [8576 2001-12-19] (Microsoft Corporation) [File not signed]
R3 VSBC; C:\WINDOWS\System32\DRIVERS\evsbc.sys [27904 2008-05-19] (ELTIMA Software)
R3 vsbus; C:\WINDOWS\System32\DRIVERS\vsb.sys [18180 2003-03-14] (ELTIMA Software) [File not signed]
S3 vserial; C:\WINDOWS\System32\DRIVERS\vserial.sys [69932 2003-03-14] (ELTIMA Software) [File not signed]
S3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\WINDOWS\System32\drivers\ialmsbw.sys [113504 2003-04-15] (Intel Corporation)
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\WINDOWS\System32\drivers\ialmkchw.sys [78752 2003-04-15] (Intel Corporation)
S2 adfs; No ImagePath
S3 catchme; \??\C:\DOCUME~1\al\LOCALS~1\Temp\catchme.sys [X]
S3 EL90X; System32\DRIVERS\el90xnd5.sys [X]
S3 EL90XBC; System32\DRIVERS\el90xbc5.sys [X]
S3 iAimTV2; System32\DRIVERS\wATV03nt.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S3 wanatw; System32\DRIVERS\wanatw4.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-26 19:16 - 2015-03-26 19:16 - 00000000 ____D () C:\FRST
2015-03-26 00:40 - 2015-03-26 19:16 - 00000000 ____D () C:\Documents and Settings\al\Local Settings\temp
2015-03-26 00:40 - 2015-03-26 00:40 - 00016791 _____ () C:\ComboFix.txt
2015-03-26 00:40 - 2015-03-26 00:40 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\temp
2015-03-26 00:40 - 2015-03-26 00:40 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\temp
2015-03-26 00:40 - 2015-03-26 00:40 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2015-03-25 23:21 - 2015-03-25 23:59 - 05615749 ____R (Swearware) C:\Documents and Settings\al\Desktop\ComboFix.exe
2015-03-25 22:16 - 2015-03-25 22:33 - 00000000 ____D () C:\AdwCleaner
2015-03-25 18:59 - 2015-03-25 19:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2015-03-25 18:59 - 2015-03-25 18:59 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-03-13 08:40 - 2015-03-13 21:59 - 00054156 ____H () C:\WINDOWS\QTFont.qfn
2015-03-13 08:40 - 2015-03-13 08:40 - 00001409 _____ () C:\WINDOWS\QTFont.for
2015-03-13 00:32 - 2015-03-13 00:32 - 00001887 _____ () C:\Documents and Settings\All Users\Desktop\CyberLink Media Suite 10.lnk
2015-03-13 00:32 - 2015-03-13 00:32 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CyberLink Media Suite
2015-03-13 00:31 - 2015-03-13 00:31 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\install_clap
2015-03-12 20:05 - 2015-03-12 20:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\vsosdk
2015-03-11 00:32 - 2015-03-14 06:36 - 00181549 _____ () C:\Documents and Settings\al\My Documents\GOPR0105.XtoDVD
2015-03-10 23:34 - 2015-03-10 17:28 - 00001119 _____ () C:\Documents and Settings\al\Desktop\Desktop Burning Gadget.lnk
2015-03-10 18:04 - 2015-03-13 09:31 - 00000000 ____D () C:\Documents and Settings\al\My Documents\ConvertXtoDVD
2015-03-10 17:25 - 2015-03-10 17:32 - 00087608 _____ () C:\Documents and Settings\al\Application Data\inst.exe
2015-03-10 17:25 - 2015-03-10 17:32 - 00047360 _____ (VSO Software) C:\Documents and Settings\al\Application Data\pcouffin.sys
2015-03-10 17:25 - 2015-03-10 17:32 - 00007887 _____ () C:\Documents and Settings\al\Application Data\pcouffin.cat
2015-03-10 17:25 - 2015-03-10 17:32 - 00000055 _____ () C:\Documents and Settings\al\Application Data\pcouffin.log
2015-03-10 17:25 - 2015-03-10 17:32 - 00000000 ____D () C:\Documents and Settings\al\Application Data\Vso
2015-03-10 17:24 - 2015-03-13 18:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\VSO
2015-03-10 17:24 - 2015-03-10 17:32 - 00000889 _____ () C:\Documents and Settings\al\Desktop\ConvertXToDVD 5.lnk
2015-03-10 17:24 - 2015-03-10 17:24 - 00000000 ____D () C:\Program Files\VSO
2015-03-10 17:24 - 2015-03-10 17:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\VSO
2015-03-10 16:52 - 2015-03-10 16:53 - 00000000 ____D () C:\Documents and Settings\al\My Documents\Youcam
2015-03-10 16:52 - 2015-03-10 16:52 - 00000000 ____D () C:\Documents and Settings\al\Local Settings\Application Data\CyberLink
2015-03-10 16:51 - 2015-03-10 16:52 - 00000000 ____D () C:\Program Files\lg_fwupdate
2015-03-10 16:51 - 2015-03-10 16:51 - 00000267 _____ () C:\WINDOWS\lgfwup.ini
2015-03-10 16:51 - 2015-03-10 16:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\LG Tool Kit
2015-03-10 16:51 - 2012-07-11 13:18 - 00023664 _____ (BitLeader) C:\WINDOWS\system32\lgfwunis.exe
2015-03-10 16:51 - 2001-08-29 21:00 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbemdisp.tlb
2015-03-10 16:51 - 1998-07-22 00:00 - 00102160 _____ (Microsoft Corporation) C:\WINDOWS\system32\VB6KO.DLL
2015-03-10 16:50 - 2008-04-14 05:42 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kswdmcap.ax
2015-03-10 16:50 - 2008-04-14 05:42 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kstvtune.ax
2015-03-10 16:50 - 2008-04-14 05:42 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vfwwdm32.dll
2015-03-10 16:50 - 2008-04-14 05:42 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksxbar.ax
2015-03-10 16:50 - 2008-04-14 05:42 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vidcap.ax
2015-03-10 16:46 - 2015-03-10 16:50 - 00000000 ____D () C:\Documents and Settings\Guest\Start Menu\Programs\CyberLink Media Suite
2015-03-10 16:46 - 2015-03-10 16:50 - 00000000 ____D () C:\Documents and Settings\Default User\Start Menu\Programs\CyberLink Media Suite
2015-03-10 16:46 - 2015-03-10 16:50 - 00000000 ____D () C:\Documents and Settings\al\Start Menu\Programs\CyberLink Media Suite
2015-03-10 16:46 - 2015-03-10 16:50 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\CyberLink Media Suite
2015-03-10 16:43 - 2015-03-10 16:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CLSK
2015-03-10 16:35 - 2015-03-13 00:51 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CyberLink

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-26 19:16 - 2011-02-06 08:41 - 00000000 ____D () C:\Documents and Settings\al\Desktop\virus_et_al
2015-03-26 18:50 - 2013-04-20 16:27 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-26 16:54 - 2011-02-06 23:45 - 00244107 _____ () C:\WINDOWS\setupapi.log
2015-03-26 09:47 - 2004-08-21 08:38 - 01756291 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-26 08:43 - 2011-12-02 21:09 - 00000272 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3960577219-1813400529-1317427278-1006.job
2015-03-26 08:41 - 2004-01-09 06:49 - 00000428 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-03-26 08:40 - 2004-01-03 18:46 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-26 08:40 - 2004-01-03 18:32 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-03-26 08:39 - 2004-01-08 16:03 - 00000278 ___SH () C:\Documents and Settings\al\NTUSER.INI
2015-03-26 08:39 - 2004-01-03 18:46 - 00032488 _____ () C:\WINDOWS\SchedLgU.Txt
2015-03-26 00:40 - 2012-07-18 23:56 - 00000000 ____D () C:\Qoobox
2015-03-26 00:40 - 2004-01-03 18:32 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-03-26 00:37 - 2002-09-03 14:26 - 00000227 _____ () C:\WINDOWS\system.ini
2015-03-26 00:36 - 2004-01-08 16:03 - 00000000 ____D () C:\Documents and Settings\al
2015-03-26 00:11 - 2004-01-03 18:32 - 00000000 ____D () C:\WINDOWS\Registration
2015-03-25 22:41 - 2014-06-14 10:17 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-24 21:22 - 2011-10-01 19:00 - 00000280 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3960577219-1813400529-1317427278-1006.job
2015-03-23 01:32 - 2012-02-05 23:31 - 02691628 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3960577219-1813400529-1317427278-1006-0.dat
2015-03-23 01:32 - 2012-02-05 23:31 - 00261318 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-03-22 15:00 - 2015-02-05 20:17 - 00000000 ____D () C:\tTax_2014
2015-03-22 15:00 - 2015-02-05 20:06 - 00002393 _____ () C:\Documents and Settings\All Users\Desktop\TurboTax 2014.lnk
2015-03-21 09:30 - 2013-08-12 14:25 - 00016077 _____ () C:\WINDOWS\al8.xlb
2015-03-19 00:45 - 2002-09-03 14:29 - 00000215 _____ () C:\WINDOWS\WIADEBUG.LOG
2015-03-18 11:19 - 2002-09-03 14:29 - 00000049 _____ () C:\WINDOWS\WIASERVC.LOG
2015-03-17 23:38 - 2014-10-08 15:26 - 00000000 ____D () C:\eudora_7
2015-03-17 20:02 - 2013-04-03 16:51 - 00000718 _____ () C:\Documents and Settings\al\Desktop\New Text Document (2).txt
2015-03-16 21:30 - 2005-04-12 19:38 - 04249909 _____ () C:\winzip.log
2015-03-16 21:28 - 2014-10-18 10:23 - 00000000 ____D () C:\unzipped
2015-03-13 00:31 - 2004-01-03 18:57 - 00000000 ____D () C:\Program Files\CyberLink
2015-03-13 00:31 - 2004-01-03 18:56 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-03-11 08:34 - 2004-09-13 18:43 - 00000000 __SHD () C:\WINDOWS\CSC
2015-03-11 08:34 - 2004-02-17 13:14 - 805306368 _____ () C:\WINDOWS\MEMORY.DMP
2015-03-10 18:05 - 2006-02-11 16:36 - 00000000 ____D () C:\Dextron
2015-03-10 17:01 - 2005-02-25 19:20 - 00000000 ____D () C:\Documents and Settings\al\Application Data\CyberLink
2015-03-05 00:50 - 2013-10-06 09:31 - 00004064 _____ () C:\Documents and Settings\al\Desktop\Empty.txt
2015-03-03 08:16 - 2013-12-05 02:39 - 00246920 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-03-02 07:11 - 2004-01-03 18:43 - 00001170 _____ () C:\WINDOWS\system32\WPA.DBL
2015-02-26 11:59 - 2003-10-16 16:44 - 00258918 _____ () C:\WINDOWS\SETUPACT.LOG

==================== Files in the root of some directories =======

2004-01-13 07:24 - 2004-01-13 08:56 - 0000000 _____ () C:\Documents and Settings\al\Application Data\dm.ini
2015-03-10 17:25 - 2015-03-10 17:32 - 0087608 _____ () C:\Documents and Settings\al\Application Data\inst.exe
2015-03-10 17:25 - 2015-03-10 17:32 - 0007887 _____ () C:\Documents and Settings\al\Application Data\pcouffin.cat
2015-03-10 17:25 - 2015-03-10 17:32 - 0001144 _____ () C:\Documents and Settings\al\Application Data\pcouffin.inf
2015-03-10 17:25 - 2015-03-10 17:32 - 0000055 _____ () C:\Documents and Settings\al\Application Data\pcouffin.log
2015-03-10 17:25 - 2015-03-10 17:32 - 0047360 _____ (VSO Software) C:\Documents and Settings\al\Application Data\pcouffin.sys
2004-12-10 22:01 - 2004-12-10 22:01 - 0012358 _____ () C:\Documents and Settings\al\Application Data\PFP110JCM.{PB
2004-12-10 22:01 - 2004-12-10 22:01 - 0061678 _____ () C:\Documents and Settings\al\Application Data\PFP110JPR.{PB
2004-02-20 23:30 - 2014-10-18 13:40 - 0010752 _____ () C:\Documents and Settings\al\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-10 14:53 - 2012-08-10 14:53 - 0027520 _____ () C:\Documents and Settings\al\Local Settings\Application Data\dt.dat
2004-02-21 12:33 - 2005-01-05 22:28 - 0000125 _____ () C:\Documents and Settings\al\Local Settings\Application Data\fusioncache.dat
2002-12-15 00:10 - 2002-12-15 00:10 - 0001192 ___RH () C:\Documents and Settings\al\Local Settings\Application Data\ntuisl.dat

Some zero byte size files/folders:
==========================
C:\Windows\System32\addxr32.exe
C:\Windows\System32\netne32.exe
C:\Windows\System32\ofjhl.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

[al davis]

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by al at 2015-03-26 19:17:42
Running from C:\Documents and Settings\al\Desktop\virus_et_al
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acronis Drive Monitor (HKLM\...\{706AE61D-40A4-4F50-8359-FE8F6F7FA461}) (Version: 1.0.566 - Acronis)
Acronis True Image (HKLM\...\{7F129516-73AD-4232-8FD0-C7BC2508B274}) (Version: 9.0.3647 - Acronis)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.100 - NOS Microsystems Ltd.)
Adobe Download Manager 1.2 (Remove Only) (HKLM\...\AdobeESD) (Version: - )
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Photoshop Album 2.0 Starter Edition (HKLM\...\{11B569C2-4BF6-4ED0-9D17-A4273943CB24}) (Version: 2.00.000 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AnswerWorks 4.0 Runtime - English (HKLM\...\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}) (Version: 4.0.101 - Vantage Software Technologies)
AnswerWorks 5.0 English Runtime (HKLM\...\{9E5A03E3-6246-4920-9630-0527D5DA9B07}) (Version: 008.000.0003 - Vantage Linguistics)
Apple Software Update (HKLM\...\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}) (Version: 2.0.2.92 - Apple Inc.)
ArcSoft Software Suite (HKLM\...\{497A1721-088F-41EF-8876-B43C9DA5528B}) (Version: 1.0 - ArcSoft)
Banctec Service Agreement (Version: 1.00.00 - Dell) Hidden
BCM V.92 56K Modem (HKLM\...\BCM V.92 56K Modem) (Version: - )
Belkin SOHO Networking Utilities (HKLM\...\{E03969E7-3AFB-4672-8259-991B5F618D5A}) (Version: 1.1 - Belkin Components)
Belkin Wireless Access Point Manager (HKLM\...\{A2284436-0CA3-4880-B8D1-E79E64A46EB3}) (Version: - )
Brother HL-5340D (HKLM\...\{653F3899-8CC4-43DB-AFD8-E9D829504138}) (Version: 1.00 - Brother)
Canon i250 (HKLM\...\CANONBJ_Deinstall_CNMCP50.DLL) (Version: - )
Cartes du Ciel V3.8 (HKLM\...\{A261F28E-6053-4414-9B84-AA8FE5F47AD4}_is1) (Version: - )
Chanalyzer 2.1.7 (HKLM\...\{FD736238-55EB-420B-9BFC-B8A9983B21C9}) (Version: 2.1.7 - MetaGeek, LLC)
Core FTP LE 1.3c (HKLM\...\Core FTP LE 1.3c) (Version: - )
CyberLink Media Suite 10 (HKLM\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Dell Digital Jukebox Driver (HKLM\...\Dell Digital Jukebox Driver) (Version: - )
Dell Media Experience (HKLM\...\{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: - )
Dell Networking Guide (Version: 1.00.0001 - Dell) Hidden
Dell ResourceCD (HKLM\...\{D78653C3-A8FF-415F-92E6-D774E634FF2D}) (Version: - )
Dell Solution Center (HKLM\...\{11F1920A-56A2-4642-B6E0-3B31A12C9288}) (Version: 1.00.0000 - Dell)
Dell Support (HKLM\...\{43FCA273-9534-40DB-B7C5-D7758875616A}) (Version: 2.1.0.0 - Dell)
Digi Port Authority - Remote (HKLM\...\Digi Port Authority - Remote) (Version: - )
DS21Patch (Version: 1.00.0000 - Dell) Hidden
DVDSentry (HKLM\...\{98DF85D9-96C0-4F57-A92E-C3539477EF5E}) (Version: 1.00.0000 - Dell)
Eudora (HKLM\...\{268C1DB7-02FA-45F2-93EC-0D4DDCA91AB8}) (Version: 7.0 - )
ExamDiff Pro 3.4.2 (HKLM\...\ExamDiff Pro_is1) (Version: - PrestoSoft)
G4FON Koch Method Morse Trainer (HKLM\...\G4FON Koch Method Morse Trainer) (Version: - )
getPlus(R) (HKLM\...\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}) (Version: 1.5.2.19 - NOS Microsystems Ltd.)
Google Chrome (HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\...\Google Chrome) (Version: 8.0.552.224 - Google Inc.)
Google Chrome Frame (HKLM\...\Google Chrome Frame) (Version: 26.0.1410.64 - Google Inc.)
Google Earth (HKLM\...\{4286E640-B5FB-11DF-AC4B-005056C00008}) (Version: 5.2.1.1588 - Google)
Google Gears (Version: 0.4.24.0 - Google) Hidden
Google Update Helper (Version: 1.2.183.39 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.2.940.34809 - Google Inc.)
Help and Support Customization (Version: 1.00.0000 - Dell) Hidden
honestechDVR 2.5 (HKLM\...\{D8410ADD-CB92-46B6-AB7C-AF4907A803A2}) (Version: 2.5 - honestech)
honestechDVR 2.5 (Version: 2.5 - honestech) Hidden
Inssider (HKLM\...\{B5915379-1885-4220-BEB5-A602A368D581}) (Version: 1.0.3 - MetaGeek)
Intel(R) Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
Intel(R) PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version: - )
Intel(R) PROSet (HKLM\...\{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}) (Version: 6.05.2001 - Intel)
Internet Explorer Default Page (Version: 1.00.03 - Dell Inc.) Hidden
IsoBuster 2.8.5 (HKLM\...\IsoBuster_is1) (Version: 2.8.5 - Smart Projects)
IZArc 4.1.6 (HKLM\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.6 - Ivan Zahariev)
J2SE Runtime Environment 5.0 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150060}) (Version: 1.5.0.60 - Sun Microsystems, Inc.)
Jasc Paint Shop Photo Album (HKLM\...\{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}) (Version: 4.0.3 - Jasc Software, Inc.)
Jasc Paint Shop Pro 8 Dell Edition (HKLM\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.10.0000 - Jasc Software Inc)
Java(TM) 6 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216045FF}) (Version: 6.0.450 - Oracle)
Jupiter 2.0.7.1 (HKLM\...\{22C070B6-BEC2-4B4B-8324-08DE6F168B9C}_is1) (Version: - Sylvain Rondi)
Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version: - )
LG ODD Auto Firmware Update (HKLM\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
MallinCam Control (HKLM\...\{32091497-B2FA-4091-B733-64A2DC30566C}) (Version: 1.2 - Pro-Com Electronics)
MallinCam Control (HKLM\...\{DF207EA2-675D-47C8-9D51-3F9F14EDAD5F}) (Version: 1.0.0 - Pro-Com Electronics)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft ASP.NET Web Matrix (HKLM\...\{DCBE96DF-822C-401C-8DD2-0F3539637ADE}) (Version: 0.6.812.0 - Microsoft Corporation)
Microsoft Document Explorer 2008 (HKLM\...\Microsoft Document Explorer 2008) (Version: - Microsoft Corporation)
Microsoft Encarta Encyclopedia Standard 2004 (HKLM\...\{04410044-9149-45C6-A806-F2BF9CFCE762}) (Version: 2004 - Microsoft Corporation)
Microsoft Money 2004 (HKLM\...\{1D643CD7-4DD6-11D7-A4E0-000874180BB3}) (Version: 12.0.50 - Microsoft)
Microsoft Money 2004 System Pack (HKLM\...\{8C64E145-54BA-11D6-91B1-00500462BE80}) (Version: 12.0.80 - Microsoft)
Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version: - )
Microsoft Office XP Professional (HKLM\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft SAPI 5.1 Voices for Windows XP (HKLM\...\{8F194222-199F-11D6-B163-AA8310157D2E}) (Version: 1.0.0.0 - )
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Management Objects (HKLM\...\{F5E87B12-3C27-452F-8E78-21D42164FD83}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English (HKLM\...\{0C19D563-5F25-4621-BF10-01F741BD283F}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.3 (HKLM\...\{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 6.0 Professional Edition (HKLM\...\Visual C++ 6.0 Professional Edition) (Version: - )
Microsoft Visual Studio 2008 Standard Edition - ENU (HKLM\...\Microsoft Visual Studio 2008 Standard Edition - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2008 Standard Edition - ENU Service Pack 1 (KB945140) (HKLM\...\{F434F50E-7614-3EA8-9008-2FB866B697DA}.KB945140) (Version: 1 - Microsoft Corporation)
Microsoft Visual Studio Web Authoring Component (HKLM\...\VisualWebDeveloper) (Version: 12.0.4518.1066 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu (HKLM\...\{05EC21B8-4593-3037-A781-A6B5AFFCB19D}) (Version: 3.5.21022 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{842FAF7C-50EF-4463-9B8F-6222E1384D7D}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (HKLM\...\{64c5b887-b5ee-42b8-8596-78905a6b5f1f}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Tools (HKLM\...\{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}) (Version: 6.1.5294.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools (HKLM\...\{B268E9A1-04A9-40D0-9866-846BE2B74BA7}) (Version: 6.1.5294.17011 - Microsoft Corporation)
Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: - )
Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSDN Library - Visual Studio 6.0 (HKLM\...\Microsoft Developer Network - Visual Studio 6.0) (Version: - )
MSDN Library for Visual Studio 2008 - ENU (HKLM\...\MSDN Library for Visual Studio 2008 - ENU) (Version: 9.0 - Microsoft)
MSDN Library for Visual Studio 2008 - ENU (Version: 9.0.21022 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
MUSICMATCH® Jukebox (HKLM\...\{45EBDA59-D33B-433A-956E-B2F236468B56}) (Version: - )
NexRemote (HKLM\...\NexRemote) (Version: 1.7.22 - Celestron)
PHD Guiding 1.10.0 (HKLM\...\PHD Guiding_is1) (Version: - Stark Labs)
PHOTOfunSTUDIO (HKLM\...\{9A9DBEBC-C800-4776-A970-D76D6AA405B1}) (Version: 3.00.000 - Panasonic)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )
Qualxserve Service Agreement (Version: 1.00.0004 - Dell) Hidden
QuickTime (HKLM\...\{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}) (Version: 7.4.5.67 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 12.0) (Version: - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
RSpec Version 1.7 (Build:19) (HKLM\...\{A08319DE-E83E-4B07-B4E5-69F2489D6B45}_is1) (Version: - Field Tested Systems)
Shockwave (HKLM\...\Shockwave) (Version: - )
SlickEdit 2007 (HKLM\...\{B598851F-6498-48CF-B61F-5074B889773B}) (Version: 12.0.0.0 - SlickEdit Inc.)
Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.50 - Sonic Solutions)
Sonic MyDVD (HKLM\...\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}) (Version: - )
Sonic RecordNow! (HKLM\...\{9541FED0-327F-4DF0-8B96-EF57EF622F19}) (Version: 6.5.0 - Sonic Solutions)
Spybot - Search & Destroy 1.4 (HKLM\...\Spybot - Search & Destroy_is1) (Version: 1.4 - Safer Networking Limited)
SQL Server System CLR Types (HKLM\...\{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}) (Version: 10.0.1600.22 - Microsoft Corporation)
StartupMonitor (HKLM\...\{76EFAC4F-1712-401F-B2AE-590B170C9BCE}) (Version: 1.0.2.0 - Mike Lin)
Stellarium 0.10.4 (HKLM\...\Stellarium_is1) (Version: - )
Timex Trainer (HKLM\...\{96AF99D4-F7E8-4333-AB16-F9F4B91DBFBE}) (Version: 1.0.202 - Timex Corporation)
TurboTax 2008 (HKLM\...\TurboTax 2008) (Version: - )
TurboTax 2009 (HKLM\...\TurboTax 2009) (Version: - Intuit, Inc)
TurboTax 2010 (HKLM\...\TurboTax 2010) (Version: - Intuit, Inc)
TurboTax 2011 (HKLM\...\TurboTax 2011) (Version: - Intuit, Inc)
TurboTax 2012 (HKLM\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Update for 2007 Microsoft Office System (KB2284654) (HKLM\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{FB166E7C-8AA6-48C8-B726-1F25BEE7825A}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
USB Video/Audio Device Driver (HKLM\...\{3717C4F2-7412-4793-9BB8-D73D2817B3D6}) (Version: 1.00.0000 - EETI)
Virtual Moon Atlas Pro 5.0 (HKLM\...\{3EB7A19B-690F-49BA-B494-CADA547D0DB9}_is1) (Version: - )
Visual C++ 2008 IA64 Runtime - v9.0.30729.01 (HKLM\...\{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual C++ 2008 x64 Runtime - v9.0.30729.01 (HKLM\...\{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual C++ 2008 x64 Runtime - v9.0.30729.4148 (HKLM\...\{3C11D2DA-6802-3F66-BE6B-B2C046AFE866}.vc_x64runtime_30729_4148) (Version: 9.0.30729.4148 - Microsoft Corporation)
Visual C++ 2008 x64 Runtime - v9.0.30729.6161 (HKLM\...\{E7E58A3A-D9BD-3D4B-9475-AE757454AD82}.vc_x64runtime_30729_6161) (Version: 9.0.30729.6161 - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - v9.0.30729.4148 (HKLM\...\{7B33F480-496D-334A-BAC2-205DEC0CBC2D}.vc_x86runtime_30729_4148) (Version: 9.0.30729.4148 - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - v9.0.30729.6161 (HKLM\...\{3F8D9A47-9C50-3F46-8F12-B92DD5CA0A2E}.vc_x86runtime_30729_6161) (Version: 9.0.30729.6161 - Microsoft Corporation)
VNC Free Edition 4.1.2 (HKLM\...\RealVNC_is1) (Version: 4.1.2 - RealVNC Ltd.)
VSO ConvertXToDVD (HKLM\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.2.0.59 - VSO Software)
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
Where is M13? version 2.3 (HKLM\...\Where is M13?_is1) (Version: - Think Astronomy)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinJUPOS 10.0.16 (HKLM\...\WinJUPOS 10.0.16_is1) (Version: 10.0.16 - Grischa Hahn, Germany)
WordPerfect Office 11 (HKLM\...\{54F90B55-BEB3-4F0D-8802-228822FA5921}) (Version: 11.0 - Corel Corporation)
XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden
XoftSpy (HKLM\...\XoftSpy) (Version: - )
YouCam (Version: 3.1.5324 - CyberLink Corp.) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\MFC42U.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\MFC42U.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\MFC42U.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Documents and Settings\al\Local Settings\Application Data\Google\Update\1.2.183.39\goopdate.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{2B11E9B0-9F09-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\WINDOWS\System32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\al\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\InprocServer32 -> C:\Documents and Settings\al\Local Settings\Application Data\Google\Update\1.2.131.27\goopdate.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{4536918A-95A8-498F-B542-CB906C561A43}\InprocServer32 -> C:\Documents and Settings\al\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\WINDOWS\system32\MSINET.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{699DDBCC-DC7E-11D0-BCF7-00C04FC2FB86}\InprocServer32 -> C:\WINDOWS\System32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{6D835690-900B-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\WINDOWS\System32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{99FF4677-FFC3-11D0-BD02-00C04FC2FB86}\InprocServer32 -> C:\WINDOWS\System32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> C:\WINDOWS\SYSTEM32\msvbvm60.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{D800E6DE-AFD1-4A47-9342-18426F9A50D3}\InprocServer32 -> D:\vs_2008_proj\polygon\polygon\Debug\polygon.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\SYSTEM32\COMDLG32.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\WINDOWS\System32\mscomct2.ocx (Microsoft Corporation)

==================== Restore Points =========================

12-01-2015 09:20:32 Software Distribution Service 3.0
13-01-2015 09:19:29 Software Distribution Service 3.0
13-01-2015 13:39:35 Software Distribution Service 3.0
14-01-2015 14:27:24 System Checkpoint
14-01-2015 23:53:07 Software Distribution Service 3.0
16-01-2015 00:48:57 System Checkpoint
17-01-2015 08:59:10 Software Distribution Service 3.0
18-01-2015 09:17:41 Software Distribution Service 3.0
19-01-2015 10:12:35 System Checkpoint
20-01-2015 09:01:56 Software Distribution Service 3.0
20-01-2015 21:28:57 Software Distribution Service 3.0
21-01-2015 22:57:27 System Checkpoint
22-01-2015 09:29:13 Software Distribution Service 3.0
23-01-2015 10:33:51 Software Distribution Service 3.0
24-01-2015 11:56:23 System Checkpoint
25-01-2015 08:19:14 Software Distribution Service 3.0
26-01-2015 09:34:28 Software Distribution Service 3.0
27-01-2015 10:06:46 Software Distribution Service 3.0
28-01-2015 09:52:52 Software Distribution Service 3.0
29-01-2015 09:54:13 System Checkpoint
30-01-2015 09:35:56 Software Distribution Service 3.0
31-01-2015 10:30:56 Software Distribution Service 3.0
01-02-2015 13:21:10 System Checkpoint
02-02-2015 09:24:53 Software Distribution Service 3.0
03-02-2015 08:48:58 Software Distribution Service 3.0
04-02-2015 09:10:41 System Checkpoint
05-02-2015 07:39:52 Software Distribution Service 3.0
05-02-2015 20:04:23 Installed TurboTax 2014 wrapper
05-02-2015 22:42:34 Installed TurboTax 2014 wmiiper
07-02-2015 07:31:23 Software Distribution Service 3.0
08-02-2015 09:40:00 Software Distribution Service 3.0
09-02-2015 13:16:54 Software Distribution Service 3.0
10-02-2015 13:36:19 System Checkpoint
10-02-2015 23:22:29 Software Distribution Service 3.0
12-02-2015 03:13:46 Software Distribution Service 3.0
12-02-2015 23:01:00 Software Distribution Service 3.0
13-02-2015 13:22:03 Software Distribution Service 3.0
14-02-2015 10:07:13 Software Distribution Service 3.0
15-02-2015 10:36:04 System Checkpoint
16-02-2015 11:55:40 Software Distribution Service 3.0
16-02-2015 14:04:53 Software Distribution Service 3.0
17-02-2015 14:49:58 System Checkpoint
18-02-2015 08:06:40 Software Distribution Service 3.0
19-02-2015 09:05:16 Software Distribution Service 3.0
20-02-2015 11:23:53 System Checkpoint
21-02-2015 08:36:25 Software Distribution Service 3.0
22-02-2015 09:22:19 System Checkpoint
23-02-2015 08:58:17 Software Distribution Service 3.0
24-02-2015 10:41:56 System Checkpoint
25-02-2015 08:08:38 Software Distribution Service 3.0
26-02-2015 08:47:12 Software Distribution Service 3.0
27-02-2015 09:48:46 System Checkpoint
27-02-2015 12:53:18 Software Distribution Service 3.0
28-02-2015 19:20:55 System Checkpoint
01-03-2015 06:33:48 Software Distribution Service 3.0
02-03-2015 07:35:11 Software Distribution Service 3.0
03-03-2015 08:16:02 Software Distribution Service 3.0
04-03-2015 09:01:31 System Checkpoint
05-03-2015 08:54:21 Software Distribution Service 3.0
06-03-2015 09:22:56 System Checkpoint
07-03-2015 07:21:19 Software Distribution Service 3.0
08-03-2015 07:45:00 Software Distribution Service 3.0
09-03-2015 08:49:56 Software Distribution Service 3.0
10-03-2015 09:06:00 System Checkpoint
10-03-2015 16:36:11 Installed Suite2
10-03-2015 16:44:39 Installed Suite2
11-03-2015 07:59:59 Software Distribution Service 3.0
12-03-2015 09:09:04 System Checkpoint
13-03-2015 00:28:48 Installed Suite2
13-03-2015 08:09:04 Software Distribution Service 3.0
14-03-2015 14:50:28 System Checkpoint
15-03-2015 09:01:03 Software Distribution Service 3.0
16-03-2015 09:16:29 System Checkpoint
17-03-2015 08:55:20 Software Distribution Service 3.0
18-03-2015 08:40:02 Software Distribution Service 3.0
19-03-2015 10:15:33 System Checkpoint
20-03-2015 09:30:38 Software Distribution Service 3.0
21-03-2015 16:41:28 System Checkpoint
22-03-2015 08:46:29 Software Distribution Service 3.0
23-03-2015 09:01:11 Software Distribution Service 3.0
24-03-2015 09:22:40 System Checkpoint
24-03-2015 19:59:05 Software Distribution Service 3.0
25-03-2015 09:15:39 Software Distribution Service 3.0
26-03-2015 09:42:49 Software Distribution Service 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-19 09:19 - 2015-03-26 00:37 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\A l e r t s.job => C:\PROGRA~1\Dell\Support\bin\Support.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3960577219-1813400529-1317427278-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3960577219-1813400529-1317427278-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

==================== Loaded Modules (whitelisted) ==============

2009-01-27 17:41 - 2009-01-27 17:41 - 00755712 _____ () C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
2009-01-27 18:41 - 2009-01-27 18:41 - 00471040 _____ () C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2010-01-17 11:14 - 2010-01-17 11:14 - 00854016 _____ () C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2010-01-17 11:14 - 2010-01-17 11:14 - 00471040 _____ () C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2011-02-05 17:08 - 2011-02-05 17:08 - 00476520 _____ () C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2010-12-14 17:58 - 2010-12-08 18:27 - 00208440 _____ () C:\Documents and Settings\al\Local Settings\Application Data\Google\Chrome\Application\8.0.552.224\locales\en-US.dll
2010-12-14 17:58 - 2010-12-08 18:28 - 04050488 _____ () C:\Documents and Settings\al\Local Settings\Application Data\Google\Chrome\Application\8.0.552.224\pdf.dll
2010-12-14 17:58 - 2010-12-08 18:26 - 01840200 _____ () C:\Documents and Settings\al\Local Settings\Application Data\Google\Chrome\Application\8.0.552.224\avcodec-52.dll
2010-12-14 17:58 - 2010-12-08 18:26 - 00105032 _____ () C:\Documents and Settings\al\Local Settings\Application Data\Google\Chrome\Application\8.0.552.224\avutil-50.dll
2010-12-14 17:58 - 2010-12-08 18:26 - 00201800 _____ () C:\Documents and Settings\al\Local Settings\Application Data\Google\Chrome\Application\8.0.552.224\avformat-52.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS\wmsetup.log:ebagsq

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 216.234.97.2 - 216.234.97.3

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3960577219-1813400529-1317427278-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
al (S-1-5-21-3960577219-1813400529-1317427278-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\al
ASPNET (S-1-5-21-3960577219-1813400529-1317427278-1008 - Limited - Enabled)
Guest (S-1-5-21-3960577219-1813400529-1317427278-501 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Guest
HelpAssistant (S-1-5-21-3960577219-1813400529-1317427278-1005 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-3960577219-1813400529-1317427278-1002 - Limited - Enabled)
SUPPORT_3f151ab9 (S-1-5-21-3960577219-1813400529-1317427278-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/25/2015 00:47:25 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/25/2015 00:47:25 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/13/2015 06:07:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application wmplayer.exe, version 9.0.0.4503, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/13/2015 06:06:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application wmplayer.exe, version 9.0.0.4503, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/13/2015 00:23:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application wmplayer.exe, version 9.0.0.4503, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/12/2015 09:24:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mmc.exe, version 5.2.3790.4136, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/12/2015 08:24:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application Power2GoExpress.exe, version 7.0.0.3328, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/12/2015 08:15:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application Power2GoExpress.exe, version 7.0.0.3328, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/12/2015 08:12:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application ConvertXtoDvd.exe, version 5.2.0.59, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/10/2015 08:25:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (03/26/2015 04:18:58 PM) (Source: ipnathlp) (EventID: 31008) (User: )
Description: The DNS proxy agent was unable to read the local list of name-resolution
servers from the registry.
The data is the error code.

Error: (03/26/2015 08:56:41 AM) (Source: ipnathlp) (EventID: 31008) (User: )
Description: The DNS proxy agent was unable to read the local list of name-resolution
servers from the registry.
The data is the error code.

Error: (03/26/2015 08:43:50 AM) (Source: ipnathlp) (EventID: 31008) (User: )
Description: The DNS proxy agent was unable to read the local list of name-resolution
servers from the registry.
The data is the error code.

Error: (03/26/2015 08:41:19 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service ALG with arguments ""
in order to run the server:
{D6015EC3-FA16-4813-9CA1-DA204574F5DA}

Error: (03/26/2015 08:40:59 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Help and Support service terminated with the following error:
%%126

Error: (03/26/2015 08:40:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The adfs service failed to start due to the following error:
%%2

Error: (03/26/2015 08:09:41 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service ALG with arguments ""
in order to run the server:
{D6015EC3-FA16-4813-9CA1-DA204574F5DA}

Error: (03/26/2015 08:09:22 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Help and Support service terminated with the following error:
%%126

Error: (03/26/2015 08:09:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The adfs service failed to start due to the following error:
%%2

Error: (03/26/2015 01:00:19 AM) (Source: ipnathlp) (EventID: 31008) (User: )
Description: The DNS proxy agent was unable to read the local list of name-resolution
servers from the registry.
The data is the error code.


Microsoft Office Sessions:
=========================
Error: (03/25/2015 00:47:25 PM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/25/2015 00:47:25 PM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/13/2015 06:07:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wmplayer.exe9.0.0.4503hungapp0.0.0.000000000

Error: (03/13/2015 06:06:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wmplayer.exe9.0.0.4503hungapp0.0.0.000000000

Error: (03/13/2015 00:23:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wmplayer.exe9.0.0.4503hungapp0.0.0.000000000

Error: (03/12/2015 09:24:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mmc.exe5.2.3790.4136hungapp0.0.0.000000000

Error: (03/12/2015 08:24:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Power2GoExpress.exe7.0.0.3328hungapp0.0.0.000000000

Error: (03/12/2015 08:15:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Power2GoExpress.exe7.0.0.3328hungapp0.0.0.000000000

Error: (03/12/2015 08:12:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: ConvertXtoDvd.exe5.2.0.59hungapp0.0.0.000000000

Error: (03/10/2015 08:25:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: rundll32.exe5.1.2600.5512hungapp0.0.0.000000000


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz
Percentage of memory in use: 21%
Total physical RAM: 2557.98 MB
Available physical RAM: 2010.39 MB
Total Pagefile: 3172.93 MB
Available Pagefile: 2726.35 MB
Total Virtual: 2047.88 MB
Available Virtual: 1929.35 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.47 GB) (Free:7.15 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (New Volume) (Fixed) (Total:111.79 GB) (Free:63.69 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: DBBDF0DD)
Partition 1: (Not Active) - (Size=31 MB) - (Type=DE)
Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 111.8 GB) (Disk ID: 03C16DE5)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[al davis]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by al at 2015-03-26 20:07:42 Run:1
Running from C:\Documents and Settings\al\Desktop
Loaded Profiles: al (Available profiles: al & Administrator & Guest)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
ShortcutTarget: alt_mich.com.lnk -> (No File)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Local Policy Restriction on IP: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385236-70fa-11d1-864c-14a300000000} <======= ATTENTION
Toolbar: HKLM - No Name - {BA52B914-B692-46c4-B683-905236F6F655} - No File
Toolbar: HKU\S-1-5-21-3960577219-1813400529-1317427278-1006 -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File []
S2 helpsvc; %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll [X]
S2 adfs; No ImagePath
S3 catchme; \??\C:\DOCUME~1\al\LOCALS~1\Temp\catchme.sys [X]
S3 EL90X; System32\DRIVERS\el90xnd5.sys [X]
S3 EL90XBC; System32\DRIVERS\el90xbc5.sys [X]
S3 iAimTV2; System32\DRIVERS\wATV03nt.sys [X]
S3 wanatw; System32\DRIVERS\wanatw4.sys [X]
2004-01-13 07:24 - 2004-01-13 08:56 - 0000000 _____ () C:\Documents and Settings\al\Application Data\dm.ini
2015-03-10 17:25 - 2015-03-10 17:32 - 0087608 _____ () C:\Documents and Settings\al\Application Data\inst.exe
2015-03-10 17:25 - 2015-03-10 17:32 - 0007887 _____ () C:\Documents and Settings\al\Application Data\pcouffin.cat
2015-03-10 17:25 - 2015-03-10 17:32 - 0001144 _____ () C:\Documents and Settings\al\Application Data\pcouffin.inf
2015-03-10 17:25 - 2015-03-10 17:32 - 0000055 _____ () C:\Documents and Settings\al\Application Data\pcouffin.log
2015-03-10 17:25 - 2015-03-10 17:32 - 0047360 _____ (VSO Software) C:\Documents and Settings\al\Application Data\pcouffin.sys
2004-12-10 22:01 - 2004-12-10 22:01 - 0012358 _____ () C:\Documents and Settings\al\Application Data\PFP110JCM.{PB
2004-12-10 22:01 - 2004-12-10 22:01 - 0061678 _____ () C:\Documents and Settings\al\Application Data\PFP110JPR.{PB
2004-02-20 23:30 - 2014-10-18 13:40 - 0010752 _____ () C:\Documents and Settings\al\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-10 14:53 - 2012-08-10 14:53 - 0027520 _____ () C:\Documents and Settings\al\Local Settings\Application Data\dt.dat
2004-02-21 12:33 - 2005-01-05 22:28 - 0000125 _____ () C:\Documents and Settings\al\Local Settings\Application Data\fusioncache.dat
2002-12-15 00:10 - 2002-12-15 00:10 - 0001192 ___RH () C:\Documents and Settings\al\Local Settings\Application Data\ntuisl.dat
C:\Windows\System32\addxr32.exe
C:\Windows\System32\netne32.exe
C:\Windows\System32\ofjhl.dll
AlternateDataStreams: C:\WINDOWS\wmsetup.log:ebagsq

*****************

ShortcutTarget: alt_mich.com.lnk -> (No File) not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
Local Policy Restriction on IP: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{72385236-70fa-11d1-864c-14a300000000} <======= ATTENTION => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} => value deleted successfully.
HKCR\CLSID\{BA52B914-B692-46c4-B683-905236F6F655} => Key not found.
HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} => value deleted successfully.
HKCR\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} => Key not found.
"HKCR\PROTOCOLS\Handler\linkscanner" => Key deleted successfully.



Along the way an error window popped up stating :' FRST has encountered a problem and needs to close'. and generated a error report to send to microsoft. I captured the popup window and the error report. Let me know if you want them.

 

[Broni]

I don't need it.

We need to run one more fix.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After restart re-run FRST one more time and post fresh log (I only need one log, FRST.txt)

 

[al davis]

Ix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by al at 2015-03-26 21:14:04 Run:2
Running from C:\Documents and Settings\al\Desktop
Loaded Profiles: al (Available profiles: al & Administrator & Guest)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reboot:
*****************


========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========


The operation completed successfully


========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========


The operation completed successfully


========= End of Reg: =========



The system needed a reboot.

==== End of Fixlog 21:14:04 ====


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by al (administrator) on XP on 26-03-2015 21:23:15
Running from C:\Documents and Settings\al\Desktop
Loaded Profiles: al (Available profiles: al & Administrator & Guest)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\locator.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\wscntfy.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\sstext3d.scr [679936 2008-04-14] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\Documents and Settings\al\Start Menu\Programs\Startup\alt_mich.com.lnk
ShortcutTarget: alt_mich.com.lnk -> (No File)
Startup: C:\Documents and Settings\al\Start Menu\Programs\Startup\Microsoft Security Essentials.lnk
ShortcutTarget: Microsoft Security Essentials.lnk -> C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3960577219-1813400529-1317427278-1006\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-02-12] (RealPlayer)
BHO: No Name -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31] (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2013-06-08] (Sun Microsystems, Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll [2007-08-21] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2013-06-08] (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2013-06-08] (Sun Microsystems, Inc.)
BHO: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files\Google\Chrome\Application\26.0.1410.64\npchrome_frame.dll [2013-04-09] (Google Inc.)
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/oas/ActiveX/MSDcode.cab
DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} http://us.chat1.yimg.com/us.yimg.com/I/chat/applet/v45/yacscom.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} http://chat.yahoo.com/cab/yacsui.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome\Application\26.0.1410.64\npchrome_frame.dll [2013-04-09] (Google Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
ShellExecuteHooks: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\eudora_7\EuShlExt.dll [86016 2005-08-09] (Qualcomm Inc.)
Tcpip\..\Interfaces\{8AA62950-D597-4798-9F57-32AEF4529374}: [NameServer] 216.234.97.2 216.234.97.3

FireFox:
========
FF ProfilePath: C:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\nkz4233i.default
FF Homepage: hxxp://www.cloudynights.com/ubbthreads/|hxxp://www.cloudynights.com/ubbthreads/ubbthreads.php?Cat=
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2010-09-01] (Google)
FF Plugin: @java.com/DTPlugin,version=1.6.0_45 -> C:\WINDOWS\system32\npdeployJava1.dll [2013-06-08] (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2013-06-08] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+(R),version=1.6.2.100 -> C:\Program Files\NOS\bin\np_gp.dll [2011-03-01] (NOS Microsystems Ltd.)
FF Plugin: @pack.google.com/Google Updater;version=11 -> C:\Program Files\Google\Google Updater\2.2.940.34809\npCIDetect11.dll [2007-08-21] (Google)
FF Plugin: @real.com/nppl3260;version=12.0.1.633 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2011-02-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.633 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll [2011-02-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.633 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-02-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.633 -> c:\program files\real\realplayer\Netscape6\nprpjplug.dll [2011-02-12] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=8 -> C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll [2010-10-21] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3960577219-1813400529-1317427278-1006: @tools.google.com/Google Update;version=8 -> C:\Documents and Settings\al\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll [2010-10-20] (Google Inc.)
FF Extension: Adblock Plus - C:\Documents and Settings\al\Application Data\Mozilla\Firefox\Profiles\nkz4233i.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-17]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2008-11-24]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-02-12]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2013-06-08]

Chrome:
=======
CHR Profile: C:\Documents and Settings\al\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\al\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-02-19]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-02-12]
StartMenuInternet: chrome.exe - C:\Documents and Settings\al\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [660576 2011-02-12] (Acronis)
S3 getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [31592 2008-06-26] (NOS Microsystems Ltd.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [158128 2013-06-08] (Sun Microsystems, Inc.)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [335872 2003-03-19] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S3 NetSvc; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [143360 2003-03-03] (Intel(R) Corporation) [File not signed]
S2 helpsvc; %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2003-07-16] (Microsoft Corporation)
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R3 BCMModem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29] (Broadcom Corporation)
R2 BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [19537 2000-07-24] (Brother Industries Ltd.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 DIGIRPS; C:\WINDOWS\System32\DRIVERS\digirlpt.sys [152376 2008-07-10] (Digi International Inc.)
R2 DriverX; C:\WINDOWS\System32\Drivers\driverx.sys [52512 2001-06-11] (Microsoft Corporation) [File not signed]
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [84576 2003-07-31] (Sonic Solutions) [File not signed]
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40448 2003-06-20] (Sonic Solutions) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [383800 2007-02-13] (Symantec Corporation)
S3 evserial; C:\WINDOWS\System32\DRIVERS\evserial.sys [53888 2008-05-19] (ELTIMA Software)
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [57536 2008-03-13] (FTDI Ltd.)
R1 hwinterface; C:\WINDOWS\System32\Drivers\hwinterface.sys [3026 2009-10-09] (Logix4u) [File not signed]
S3 i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [161020 2004-08-03] (Intel(R) Corporation)
S3 iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [12415 2004-08-03] (Intel(R) Corporation)
S3 iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [12127 2004-08-03] (Intel(R) Corporation)
S3 iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [11775 2004-08-03] (Intel(R) Corporation)
S3 iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-03] (Intel(R) Corporation)
S3 iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-03] (Intel(R) Corporation)
S3 iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [29311 2004-08-03] (Intel(R) Corporation)
S3 iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [19551 2004-08-03] (Intel(R) Corporation)
S3 iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [33599 2004-08-03] (Intel(R) Corporation)
S3 iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-03] (Intel(R) Corporation)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R1 MpKsl32e3d120; C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6BDA3295-4761-4846-9282-F3A0059C0FF5}\MpKsl32e3d120.sys [39464 2015-03-26] (Microsoft Corporation)
R3 MxlW2k; C:\WINDOWS\system32\Drivers\MxlW2k.sys [28256 2010-05-07] (MusicMatch, Inc.) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R1 omci; C:\WINDOWS\System32\DRIVERS\omci.sys [17217 2002-11-08] (Dell Computer Corporation) [File not signed]
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-14] (Microsoft Corporation)
R0 PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [17168 2003-07-30] (Sonic Solutions) [File not signed]
R0 snapman; C:\WINDOWS\System32\DRIVERS\snapman.sys [99776 2009-08-04] (Acronis) [File not signed]
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5621 2003-07-14] (Sonic Solutions) [File not signed]
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23219 2003-07-14] (Sonic Solutions) [File not signed]
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25685 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34837 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4117 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2233 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [83284 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [14229 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6357 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98068 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100373 2003-08-06] (Sonic Solutions) [File not signed]
R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [32224 2009-08-04] (Acronis) [File not signed]
R0 timounter; C:\WINDOWS\System32\DRIVERS\timntr.sys [387520 2009-08-04] (Acronis) [File not signed]
S3 TVicHW32; C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [29536 2006-10-13] (EnTech Taiwan)
R2 tviclpt; C:\WINDOWS\system32\Drivers\tviclpt.sys [15536 2003-03-12] (EnTech Taiwan) [File not signed]
S3 USB28xxBGA; C:\WINDOWS\System32\DRIVERS\emBDA.sys [608128 2011-03-10] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\WINDOWS\System32\DRIVERS\emOEM.sys [1038080 2011-03-10] (eMPIA Technology, Inc.)
R1 vcdrom; C:\WINDOWS\SYSTEM32\DRIVERS\VCdRom.sys [8576 2001-12-19] (Microsoft Corporation) [File not signed]
R3 VSBC; C:\WINDOWS\System32\DRIVERS\evsbc.sys [27904 2008-05-19] (ELTIMA Software)
R3 vsbus; C:\WINDOWS\System32\DRIVERS\vsb.sys [18180 2003-03-14] (ELTIMA Software) [File not signed]
S3 vserial; C:\WINDOWS\System32\DRIVERS\vserial.sys [69932 2003-03-14] (ELTIMA Software) [File not signed]
S3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\WINDOWS\System32\drivers\ialmsbw.sys [113504 2003-04-15] (Intel Corporation)
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\WINDOWS\System32\drivers\ialmkchw.sys [78752 2003-04-15] (Intel Corporation)
S2 adfs; No ImagePath
S3 catchme; \??\C:\DOCUME~1\al\LOCALS~1\Temp\catchme.sys [X]
S3 EL90X; System32\DRIVERS\el90xnd5.sys [X]
S3 EL90XBC; System32\DRIVERS\el90xbc5.sys [X]
S3 iAimTV2; System32\DRIVERS\wATV03nt.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S3 wanatw; System32\DRIVERS\wanatw4.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-26 21:23 - 2015-03-26 21:24 - 00019232 _____ () C:\Documents and Settings\al\Desktop\FRST.txt
2015-03-26 19:16 - 2015-03-26 21:23 - 00000000 ____D () C:\FRST
2015-03-26 00:40 - 2015-03-26 21:24 - 00000000 ____D () C:\Documents and Settings\al\Local Settings\temp
2015-03-26 00:40 - 2015-03-26 00:40 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\temp
2015-03-26 00:40 - 2015-03-26 00:40 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\temp
2015-03-26 00:40 - 2015-03-26 00:40 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2015-03-25 22:16 - 2015-03-25 22:33 - 00000000 ____D () C:\AdwCleaner
2015-03-25 18:59 - 2015-03-25 19:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2015-03-25 18:59 - 2015-03-25 18:59 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-03-25 12:29 - 2015-03-25 12:39 - 01135104 _____ (Farbar) C:\Documents and Settings\al\Desktop\FRST.exe
2015-03-13 08:40 - 2015-03-13 21:59 - 00054156 ____H () C:\WINDOWS\QTFont.qfn
2015-03-13 08:40 - 2015-03-13 08:40 - 00001409 _____ () C:\WINDOWS\QTFont.for
2015-03-13 00:32 - 2015-03-13 00:32 - 00001887 _____ () C:\Documents and Settings\All Users\Desktop\CyberLink Media Suite 10.lnk
2015-03-13 00:32 - 2015-03-13 00:32 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CyberLink Media Suite
2015-03-13 00:31 - 2015-03-13 00:31 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\install_clap
2015-03-12 20:05 - 2015-03-12 20:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\vsosdk
2015-03-11 00:32 - 2015-03-14 06:36 - 00181549 _____ () C:\Documents and Settings\al\My Documents\GOPR0105.XtoDVD
2015-03-10 23:34 - 2015-03-10 17:28 - 00001119 _____ () C:\Documents and Settings\al\Desktop\Desktop Burning Gadget.lnk
2015-03-10 18:04 - 2015-03-13 09:31 - 00000000 ____D () C:\Documents and Settings\al\My Documents\ConvertXtoDVD
2015-03-10 17:25 - 2015-03-10 17:32 - 00087608 _____ () C:\Documents and Settings\al\Application Data\inst.exe
2015-03-10 17:25 - 2015-03-10 17:32 - 00047360 _____ (VSO Software) C:\Documents and Settings\al\Application Data\pcouffin.sys
2015-03-10 17:25 - 2015-03-10 17:32 - 00007887 _____ () C:\Documents and Settings\al\Application Data\pcouffin.cat
2015-03-10 17:25 - 2015-03-10 17:32 - 00000055 _____ () C:\Documents and Settings\al\Application Data\pcouffin.log
2015-03-10 17:25 - 2015-03-10 17:32 - 00000000 ____D () C:\Documents and Settings\al\Application Data\Vso
2015-03-10 17:24 - 2015-03-13 18:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\VSO
2015-03-10 17:24 - 2015-03-10 17:32 - 00000889 _____ () C:\Documents and Settings\al\Desktop\ConvertXToDVD 5.lnk
2015-03-10 17:24 - 2015-03-10 17:24 - 00000000 ____D () C:\Program Files\VSO
2015-03-10 17:24 - 2015-03-10 17:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\VSO
2015-03-10 16:52 - 2015-03-10 16:53 - 00000000 ____D () C:\Documents and Settings\al\My Documents\Youcam
2015-03-10 16:52 - 2015-03-10 16:52 - 00000000 ____D () C:\Documents and Settings\al\Local Settings\Application Data\CyberLink
2015-03-10 16:51 - 2015-03-10 16:52 - 00000000 ____D () C:\Program Files\lg_fwupdate
2015-03-10 16:51 - 2015-03-10 16:51 - 00000267 _____ () C:\WINDOWS\lgfwup.ini
2015-03-10 16:51 - 2015-03-10 16:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\LG Tool Kit
2015-03-10 16:51 - 2012-07-11 13:18 - 00023664 _____ (BitLeader) C:\WINDOWS\system32\lgfwunis.exe
2015-03-10 16:51 - 2001-08-29 21:00 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbemdisp.tlb
2015-03-10 16:51 - 1998-07-22 00:00 - 00102160 _____ (Microsoft Corporation) C:\WINDOWS\system32\VB6KO.DLL
2015-03-10 16:50 - 2008-04-14 05:42 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kswdmcap.ax
2015-03-10 16:50 - 2008-04-14 05:42 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kstvtune.ax
2015-03-10 16:50 - 2008-04-14 05:42 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vfwwdm32.dll
2015-03-10 16:50 - 2008-04-14 05:42 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksxbar.ax
2015-03-10 16:50 - 2008-04-14 05:42 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vidcap.ax
2015-03-10 16:46 - 2015-03-10 16:50 - 00000000 ____D () C:\Documents and Settings\Guest\Start Menu\Programs\CyberLink Media Suite
2015-03-10 16:46 - 2015-03-10 16:50 - 00000000 ____D () C:\Documents and Settings\Default User\Start Menu\Programs\CyberLink Media Suite
2015-03-10 16:46 - 2015-03-10 16:50 - 00000000 ____D () C:\Documents and Settings\al\Start Menu\Programs\CyberLink Media Suite
2015-03-10 16:46 - 2015-03-10 16:50 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\CyberLink Media Suite
2015-03-10 16:43 - 2015-03-10 16:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CLSK
2015-03-10 16:35 - 2015-03-13 00:51 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CyberLink

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-26 21:17 - 2004-08-21 08:38 - 01765322 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-26 21:16 - 2011-12-02 21:09 - 00000272 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3960577219-1813400529-1317427278-1006.job
2015-03-26 21:16 - 2004-01-09 06:49 - 00000427 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-03-26 21:15 - 2004-01-08 16:03 - 00000278 ___SH () C:\Documents and Settings\al\NTUSER.INI
2015-03-26 21:15 - 2004-01-03 18:46 - 00032488 _____ () C:\WINDOWS\SchedLgU.Txt
2015-03-26 21:15 - 2004-01-03 18:46 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-26 21:15 - 2004-01-03 18:32 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-03-26 21:15 - 2002-09-03 14:29 - 00000216 _____ () C:\WINDOWS\WIADEBUG.LOG
2015-03-26 21:15 - 2002-09-03 14:29 - 00000049 _____ () C:\WINDOWS\WIASERVC.LOG
2015-03-26 21:09 - 2011-02-06 08:41 - 00000000 ____D () C:\Documents and Settings\al\Desktop\virus_et_al
2015-03-26 20:50 - 2013-04-20 16:27 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-26 16:54 - 2011-02-06 23:45 - 00244107 _____ () C:\WINDOWS\setupapi.log
2015-03-26 00:40 - 2012-07-18 23:56 - 00000000 ____D () C:\Qoobox
2015-03-26 00:40 - 2004-01-03 18:32 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-03-26 00:37 - 2002-09-03 14:26 - 00000227 _____ () C:\WINDOWS\system.ini
2015-03-26 00:36 - 2004-01-08 16:03 - 00000000 ____D () C:\Documents and Settings\al
2015-03-26 00:11 - 2004-01-03 18:32 - 00000000 ____D () C:\WINDOWS\Registration
2015-03-25 22:41 - 2014-06-14 10:17 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-24 21:22 - 2011-10-01 19:00 - 00000280 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3960577219-1813400529-1317427278-1006.job
2015-03-23 01:32 - 2012-02-05 23:31 - 02691628 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3960577219-1813400529-1317427278-1006-0.dat
2015-03-23 01:32 - 2012-02-05 23:31 - 00261318 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-03-22 15:00 - 2015-02-05 20:17 - 00000000 ____D () C:\tTax_2014
2015-03-22 15:00 - 2015-02-05 20:06 - 00002393 _____ () C:\Documents and Settings\All Users\Desktop\TurboTax 2014.lnk
2015-03-21 09:30 - 2013-08-12 14:25 - 00016077 _____ () C:\WINDOWS\al8.xlb
2015-03-17 23:38 - 2014-10-08 15:26 - 00000000 ____D () C:\eudora_7
2015-03-17 20:02 - 2013-04-03 16:51 - 00000718 _____ () C:\Documents and Settings\al\Desktop\New Text Document (2).txt
2015-03-16 21:30 - 2005-04-12 19:38 - 04249909 _____ () C:\winzip.log
2015-03-16 21:28 - 2014-10-18 10:23 - 00000000 ____D () C:\unzipped
2015-03-13 00:31 - 2004-01-03 18:57 - 00000000 ____D () C:\Program Files\CyberLink
2015-03-13 00:31 - 2004-01-03 18:56 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-03-11 08:34 - 2004-09-13 18:43 - 00000000 __SHD () C:\WINDOWS\CSC
2015-03-11 08:34 - 2004-02-17 13:14 - 805306368 _____ () C:\WINDOWS\MEMORY.DMP
2015-03-10 18:05 - 2006-02-11 16:36 - 00000000 ____D () C:\Dextron
2015-03-10 17:01 - 2005-02-25 19:20 - 00000000 ____D () C:\Documents and Settings\al\Application Data\CyberLink
2015-03-05 00:50 - 2013-10-06 09:31 - 00004064 _____ () C:\Documents and Settings\al\Desktop\Empty.txt
2015-03-03 08:16 - 2013-12-05 02:39 - 00246920 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-03-02 07:11 - 2004-01-03 18:43 - 00001170 _____ () C:\WINDOWS\system32\WPA.DBL
2015-02-26 11:59 - 2003-10-16 16:44 - 00258918 _____ () C:\WINDOWS\SETUPACT.LOG

==================== Files in the root of some directories =======

2004-01-13 07:24 - 2004-01-13 08:56 - 0000000 _____ () C:\Documents and Settings\al\Application Data\dm.ini
2015-03-10 17:25 - 2015-03-10 17:32 - 0087608 _____ () C:\Documents and Settings\al\Application Data\inst.exe
2015-03-10 17:25 - 2015-03-10 17:32 - 0007887 _____ () C:\Documents and Settings\al\Application Data\pcouffin.cat
2015-03-10 17:25 - 2015-03-10 17:32 - 0001144 _____ () C:\Documents and Settings\al\Application Data\pcouffin.inf
2015-03-10 17:25 - 2015-03-10 17:32 - 0000055 _____ () C:\Documents and Settings\al\Application Data\pcouffin.log
2015-03-10 17:25 - 2015-03-10 17:32 - 0047360 _____ (VSO Software) C:\Documents and Settings\al\Application Data\pcouffin.sys
2004-12-10 22:01 - 2004-12-10 22:01 - 0012358 _____ () C:\Documents and Settings\al\Application Data\PFP110JCM.{PB
2004-12-10 22:01 - 2004-12-10 22:01 - 0061678 _____ () C:\Documents and Settings\al\Application Data\PFP110JPR.{PB
2004-02-20 23:30 - 2014-10-18 13:40 - 0010752 _____ () C:\Documents and Settings\al\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-10 14:53 - 2012-08-10 14:53 - 0027520 _____ () C:\Documents and Settings\al\Local Settings\Application Data\dt.dat
2004-02-21 12:33 - 2005-01-05 22:28 - 0000125 _____ () C:\Documents and Settings\al\Local Settings\Application Data\fusioncache.dat
2002-12-15 00:10 - 2002-12-15 00:10 - 0001192 ___RH () C:\Documents and Settings\al\Local Settings\Application Data\ntuisl.dat

Some zero byte size files/folders:
==========================
C:\Windows\System32\addxr32.exe
C:\Windows\System32\netne32.exe
C:\Windows\System32\ofjhl.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

[Broni]

The latest fix worked fine but the previous one was partially incomplete so we have to run one more fix.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[al davis]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by al at 2015-03-26 22:21:45 Run:3
Running from C:\Documents and Settings\al\Desktop
Loaded Profiles: al (Available profiles: al & Administrator & Guest)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
S2 helpsvc; %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll [X]
S2 adfs; No ImagePath
S3 catchme; \??\C:\DOCUME~1\al\LOCALS~1\Temp\catchme.sys [X]
S3 EL90X; System32\DRIVERS\el90xnd5.sys [X]
S3 EL90XBC; System32\DRIVERS\el90xbc5.sys [X]
S3 iAimTV2; System32\DRIVERS\wATV03nt.sys [X]
S3 wanatw; System32\DRIVERS\wanatw4.sys [X]
2004-01-13 07:24 - 2004-01-13 08:56 - 0000000 _____ () C:\Documents and Settings\al\Application Data\dm.ini
2015-03-10 17:25 - 2015-03-10 17:32 - 0087608 _____ () C:\Documents and Settings\al\Application Data\inst.exe
2015-03-10 17:25 - 2015-03-10 17:32 - 0007887 _____ () C:\Documents and Settings\al\Application Data\pcouffin.cat
2015-03-10 17:25 - 2015-03-10 17:32 - 0001144 _____ () C:\Documents and Settings\al\Application Data\pcouffin.inf
2015-03-10 17:25 - 2015-03-10 17:32 - 0000055 _____ () C:\Documents and Settings\al\Application Data\pcouffin.log
2015-03-10 17:25 - 2015-03-10 17:32 - 0047360 _____ (VSO Software) C:\Documents and Settings\al\Application Data\pcouffin.sys
2004-12-10 22:01 - 2004-12-10 22:01 - 0012358 _____ () C:\Documents and Settings\al\Application Data\PFP110JCM.{PB
2004-12-10 22:01 - 2004-12-10 22:01 - 0061678 _____ () C:\Documents and Settings\al\Application Data\PFP110JPR.{PB
2004-02-20 23:30 - 2014-10-18 13:40 - 0010752 _____ () C:\Documents and Settings\al\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-10 14:53 - 2012-08-10 14:53 - 0027520 _____ () C:\Documents and Settings\al\Local Settings\Application Data\dt.dat
2004-02-21 12:33 - 2005-01-05 22:28 - 0000125 _____ () C:\Documents and Settings\al\Local Settings\Application Data\fusioncache.dat
2002-12-15 00:10 - 2002-12-15 00:10 - 0001192 ___RH () C:\Documents and Settings\al\Local Settings\Application Data\ntuisl.dat
C:\Windows\System32\addxr32.exe
C:\Windows\System32\netne32.exe
C:\Windows\System32\ofjhl.dll
AlternateDataStreams: C:\WINDOWS\wmsetup.log:ebagsq
*****************

helpsvc => Service deleted successfully.
adfs => Service deleted successfully.
catchme => Service deleted successfully.
EL90X => Service deleted successfully.
EL90XBC => Service deleted successfully.
iAimTV2 => Service deleted successfully.
wanatw => Service deleted successfully.
C:\Documents and Settings\al\Application Data\dm.ini => Moved successfully.
C:\Documents and Settings\al\Application Data\inst.exe => Moved successfully.
C:\Documents and Settings\al\Application Data\pcouffin.cat => Moved successfully.
C:\Documents and Settings\al\Application Data\pcouffin.inf => Moved successfully.
C:\Documents and Settings\al\Application Data\pcouffin.log => Moved successfully.
C:\Documents and Settings\al\Application Data\pcouffin.sys => Moved successfully.
C:\Documents and Settings\al\Application Data\PFP110JCM.{PB => Moved successfully.
C:\Documents and Settings\al\Application Data\PFP110JPR.{PB => Moved successfully.
C:\Documents and Settings\al\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.
C:\Documents and Settings\al\Local Settings\Application Data\dt.dat => Moved successfully.
C:\Documents and Settings\al\Local Settings\Application Data\fusioncache.dat => Moved successfully.
C:\Documents and Settings\al\Local Settings\Application Data\ntuisl.dat => Moved successfully.
C:\Windows\System32\addxr32.exe => Moved successfully.
C:\Windows\System32\netne32.exe => Moved successfully.
C:\Windows\System32\ofjhl.dll => Moved successfully.
C:\WINDOWS\wmsetup.log => ":ebagsq" ADS removed successfully.

==== End of Fixlog 22:21:47 ====

 

[Broni]

Good

How is computer doing?

Last scans....

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[al davis]

Results of screen317's Security Check version 0.99.99
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Please wait while WMIC is being installed.d
I
s
p
l
a
y
N
a
m
e
ECHO is off.
M
I
c
r
o
s
o
f
t
ECHO is off.
S
e
c
u
r
I
t
y
ECHO is off.
E
s
e
n
t
I
a
l
s
ECHO is off.
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Out of date Spybot installed!
Spybot - Search & Destroy 1.4
XoftSpy
Java(TM) 6 Update 45
Java version 32-bit out of Date!
Adobe Reader XI
Mozilla Firefox 30.0 Firefox out of Date!
Google Chrome 26.0.1410.64 Google Chrome out of date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````



The computer may have improved some. What was found?
I'll get thru the latest list as much as I can in the next hour or so but I have to leave town for a couple of days so don't think I dis-appeared, I'll ruturn Saturday pm or sunday.

 

[al davis]

Farbar Service Scanner Version: 17-01-2015
Ran by al (administrator) on 26-03-2015 at 22:56:30
Running from "C:\Documents and Settings\al\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
WAN connected
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
C:\WINDOWS\system32\netman.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\srsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
C:\WINDOWS\system32\qmgr.dll => File is digitally signed
C:\WINDOWS\system32\es.dll => File is digitally signed
C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****