Software Restriction Policy Has Disabled AVG

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

jtsj1

Thread Starter
Joined
Feb 24, 2015
Messages
6
In the past few days AVG has stopped working on my computer and does not show in the System Tray, and my system has been sluggish in general. When I try to launch AVG I get an error message:

"C:\Program Files\AVG\AVG2015\avgui.exe - Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator."

I tried repairing my AVG installation, then a full uninstall/reinstall, but still got the same error. Also tried running Malwarebytes with no luck. Please help!


Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) D CPU 3.20GHz, x86 Family 15 Model 6 Stepping 4
Processor Count: 2
RAM: 2046 Mb
Graphics Card: RADEON X600 256MB HyperMemory, 256 Mb
Hard Drives: C: Total - 111176 MB, Free - 71387 MB; D: Total - 37934 MB, Free - 37835 MB; G: Total - 953835 MB, Free - 832073 MB;
Motherboard: Dell Inc., 0HJ054
Antivirus: AVG AntiVirus Free Edition 2015, Updated: Yes, On-Demand Scanner: Enabled
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Hello and welcome to TSG,

Use the instructions in the following link to show hidden files:

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

Next,

Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

There are three buttons to choose from with different names on, select the first one and save it to your desktop.

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7/8, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
  • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
  • If the tool does not run from any of the links provided, please let me know.

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Thanks,

Kevin..
 

jtsj1

Thread Starter
Joined
Feb 24, 2015
Messages
6
Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/27/2015 05:09:17 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\stsystra.exe (PID: 592) [WD-HEUR]
* C:\DOCUME~1\Joe\LOCALS~1\Temp\clclean.0001 (PID: 240) [SUP-HEUR]
* C:\DOCUME~1\Joe\LOCALS~1\Temp\clclean.0001 (PID: 240) [T-HEUR]
* C:\WINDOWS\system32\CTsvcCDA.exe (PID: 1312) [WD-HEUR]

4 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* System Restore Disabled

[HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableConfig" = dword:00000001

* System Restore Disabled

[HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = dword:00000001

* System Restore Disabled

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = dword:00000001

* Reparse Point/Junctions Found (Most likely legitimate)!

* C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
* C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]

Checking Windows Service Integrity:

* System Restore Service (srservice) is not Running.
Startup Type set to: Automatic

* System Restore Filter Driver (sr) is not Running.
Startup Type set to: Disabled

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com

20 out of 13338 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 02/27/2015 05:16:19 PM
Execution time: 0 hours(s), 7 minute(s), and 1 seconds(s)



Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-02-2015 01
Ran by Joe (administrator) on DESKTOP on 27-02-2015 17:20:03
Running from C:\Documents and Settings\Joe\Desktop
Loaded Profiles: Joe (Available profiles: Joe & Administrator & Guest)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Lavasoft) C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Creative Technology Ltd) C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(CrashPlan) C:\Program Files\CrashPlan\CrashPlanService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Macrovision Corporation) C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
(Virgin HealthMiles Inc.) C:\Program Files\GoZone\GoZone_iSync.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Creative Labs) C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SigmatelSysTrayApp] => C:\WINDOWS\stsystra.exe [339968 2005-03-22] (SigmaTel, Inc.)
HKLM\...\Run: [CTSysVol] => C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [57344 2005-09-15] (Creative Technology Ltd)
HKLM\...\Run: [MBMon] => Rundll32 CTMBHA.DLL,MBMon
HKLM\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe
HKLM\...\Run: [vProt] => "C:\Program Files\AVG Secure Search\vprot.exe"
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3710416 2015-02-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [{adf164a7-59bb-e7d8-5562-7f518844447e}] => C:\Documents and Settings\All Users\Application Data\Microsoft\{adf164a7-59bb-e7d8-5562-7f518844447e}\{adf164a7-59bb-e7d8-5562-7f518844447e}.exe [376872 2015-02-22] ()
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Lavasoft <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG\ <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM\...\Policies\Explorer\Run: [{adf164a7-59bb-e7d8-5562-7f518844447e}] => C:\Documents and Settings\All Users\Application Data\Microsoft\{adf164a7-59bb-e7d8-5562-7f518844447e}\{adf164a7-59bb-e7d8-5562-7f518844447e}.exe [376872 2015-02-22] ( ())
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
HKU\S-1-5-21-4219563000-2888109555-913751894-1005\...\Run: [Google Update] => C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2014-10-24] (Google Inc.)
HKU\S-1-5-21-4219563000-2888109555-913751894-1005\...\Run: [ISUSPM] => C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe [222128 2007-03-29] (Macrovision Corporation)
HKU\S-1-5-21-4219563000-2888109555-913751894-1005\...\Run: [jnmitra] => rundll32 "C:\Documents and Settings\Joe\Local Settings\Application Data\jnmitra.dll",jnmitra
HKU\S-1-5-21-4219563000-2888109555-913751894-1005\...\Run: [kidrahb] => rundll32 "C:\Documents and Settings\Joe\Local Settings\Application Data\kidrahb.dll",kidrahb
HKU\S-1-5-21-4219563000-2888109555-913751894-1005\...\MountPoints2: {fbeb716b-5787-11de-bd8f-001372e23ff8} - F:\LaunchU3.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CrashPlan Tray.lnk
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
Startup: C:\Documents and Settings\Joe\Start Menu\Programs\Startup\GoZone iSync.lnk
ShortcutTarget: GoZone iSync.lnk -> C:\Program Files\GoZone\GoZone_iSync.exe (Virgin HealthMiles Inc.)
BootExecute: autocheck autochk * lsdeleteC:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
HKU\S-1-5-21-4219563000-2888109555-913751894-1005\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-4219563000-2888109555-913751894-1005\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\S-1-5-21-4219563000-2888109555-913751894-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-4219563000-2888109555-913751894-1005\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: No Name -> {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} -> No File
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll No File
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: No Name -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> No File
BHO: No Name -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> No File
BHO: PDFCreator Toolbar Helper -> {C451C08A-EC37-45DF-AAAD-18B51AB5E837} -> C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll ()
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\BAE\BAE.dll (Dell Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\S-1-5-21-4219563000-2888109555-913751894-1005 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\jjy10itr.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://www.cnn.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @movenetworks.com/Quantum Media Player -> C:\Documents and Settings\Joe\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.5.109 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.5.109 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.1 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4219563000-2888109555-913751894-1005: @movenetworks.com/Quantum Media Player -> C:\Documents and Settings\Joe\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF Plugin HKU\S-1-5-21-4219563000-2888109555-913751894-1005: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Joe\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-4219563000-2888109555-913751894-1005: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Joe\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-4219563000-2888109555-913751894-1005: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4219563000-2888109555-913751894-1005: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4219563000-2888109555-913751894-1005: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\DOCUME~1\Joe\APPLIC~1\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npbittorrent.dll (BitTorrent, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npsnapfish.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npunagi2.dll (America Online, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npViewpoint.dll ()
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Joe\Application Data\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Joe\Application Data\mozilla\plugins\npo1d.dll (Google)
FF Extension: Garmin Communicator - C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\jjy10itr.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-18]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-04-01]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-09-17]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKU\S-1-5-21-4219563000-2888109555-913751894-1005\...\Firefox\Extensions: [[email protected]] - C:\Documents and Settings\Joe\Application Data\Move Networks
FF Extension: Move Media Player - C:\Documents and Settings\Joe\Application Data\Move Networks [2008-12-03]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\ChromeExt\14.2.0.1\avg.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aawservice; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [611664 2008-09-20] (Lavasoft)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3411408 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [308720 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [152576 2013-04-08] (CrashPlan) [File not signed]
R3 Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [69632 2006-07-28] (Creative Labs) [File not signed]
S2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [File not signed]
S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [76848 2007-03-07] ()
R2 IAANTMon; C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe [86140 2005-06-17] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2010-07-17] (Sun Microsystems, Inc.)
R2 MSSQL$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe [9158656 2008-12-18] (Microsoft Corporation)
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [73728 2005-05-03] (Microsoft Corporation) [File not signed]
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [786256 2014-07-15] (Nero AG)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel(R) Corporation) [File not signed]
S3 Roxio UPnP Renderer 9; C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe [64248 2006-12-11] (Sonic Solutions)
S2 Roxio Upnp Server 9; C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe [301816 2006-12-11] (Sonic Solutions)
R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-13] (SupportSoft, Inc.)
S3 SQLAgent$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE [323584 2005-05-03] (Microsoft Corporation) [File not signed]
R2 vToolbarUpdater14.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [968880 2013-02-18] ()
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-05-09] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [295800 2014-05-09] (Western Digital Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [202208 2015-02-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [265184 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [107488 2015-01-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [210400 2015-01-16] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [33112 2013-02-18] (AVG Technologies)
R3 CTUSFSYN; C:\WINDOWS\System32\drivers\ctusfsyn.sys [158464 2005-05-25] (Creative Technology Ltd.)
R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [26044 2006-09-21] (Sonic Solutions) [File not signed]
R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5660 2006-03-17] (Sonic Solutions) [File not signed]
R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2006-09-21] (Sonic Solutions) [File not signed]
R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [87004 2006-09-21] (Sonic Solutions) [File not signed]
R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [15068 2006-09-21] (Sonic Solutions) [File not signed]
R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2006-09-21] (Sonic Solutions) [File not signed]
R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2006-03-17] (Sonic Solutions) [File not signed]
R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94460 2006-09-21] (Sonic Solutions) [File not signed]
R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [88476 2006-09-21] (Sonic Solutions) [File not signed]
R0 DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [89456 2006-08-18] (Sonic Solutions) [File not signed]
R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2006-03-17] (Sonic Solutions) [File not signed]
S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
R2 GIVEIO; C:\WINDOWS\system32\Drivers\GIVEIO.sys [5248 1996-04-04] () [File not signed]
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-11] (Malwarebytes Corporation)
R2 PEDRV; C:\WINDOWS\system32\Drivers\PEDRV.sys [23296 2000-08-03] () [File not signed]
R2 PfModNT; C:\WINDOWS\system32\drivers\PfModNT.sys [8704 2004-12-23] (Creative Technology Ltd.) [File not signed]
R3 sigfilt; C:\WINDOWS\System32\drivers\sigfilt.sys [1350272 2005-03-25] (Creative Technology Ltd.)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [180736 2005-06-06] (SigmaTel, Inc.)
R2 VICHW11; C:\WINDOWS\system32\Drivers\VICHW11.sys [5200 1998-10-02] () [File not signed]
R3 WinDriver6; C:\WINDOWS\System32\drivers\windrvr6.sys [333620 2005-03-21] (Jungo) [File not signed]
S3 bvrp_pci; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 VPROEVENTMONITOR; \??\C:\WINDOWS\system32\drivers\VProEventMonitor.sys [X]
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
U1 WS2IFSL; No ImagePath
S0 xtkc; System32\drivers\ykqe.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-27 17:20 - 2015-02-27 17:20 - 00024734 _____ () C:\Documents and Settings\Joe\Desktop\FRST.txt
2015-02-27 17:19 - 2015-02-27 17:20 - 00000000 ____D () C:\FRST
2015-02-27 17:18 - 2015-02-27 17:18 - 01127424 _____ (Farbar) C:\Documents and Settings\Joe\Desktop\FRST.exe
2015-02-27 17:14 - 2015-02-27 17:14 - 00000000 ____D () C:\WINDOWS\LastGood
2015-02-27 17:09 - 2015-02-27 17:16 - 00005996 _____ () C:\Documents and Settings\Joe\Desktop\Rkill.txt
2015-02-27 17:07 - 2015-02-27 17:07 - 01943800 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Joe\Desktop\rkill.exe
2015-02-25 00:52 - 2015-02-25 00:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-25 00:04 - 2015-02-25 00:04 - 00000000 ____D () C:\WINDOWS\Performance
2015-02-25 00:04 - 2015-02-25 00:04 - 00000000 ____D () C:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft Corporation
2015-02-25 00:03 - 2015-02-25 00:03 - 00001868 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
2015-02-25 00:03 - 2015-02-25 00:03 - 00000000 ____D () C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2015-02-24 20:19 - 2015-02-26 19:13 - 00008192 _____ () C:\WINDOWS\system32\WDPABKP.dat
2015-02-20 14:19 - 2015-02-24 20:02 - 00000153 _____ () C:\Documents and Settings\Joe\Local Settings\Application Data\svcxdcl32.dat
2015-02-12 08:10 - 2015-02-12 08:10 - 00049765 _____ (ICQ) C:\Documents and Settings\Joe\Application Data\qmYz10vp8n.exe
2015-02-11 12:34 - 2015-02-11 12:34 - 00032768 _____ () C:\Documents and Settings\Joe\Application Data\Carlito's.Way.1993.720p.BrRip.x264.bitloks.YIFY.mp4
2015-02-11 01:05 - 2015-02-27 17:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2015-02-07 13:32 - 2015-02-11 07:31 - 00000000 ___HD () C:\Documents and Settings\All Users\Application Data\{28D73ACE-CB8D-415F-89D8-6048FCA7E5F6}
2015-02-02 21:47 - 2015-02-15 15:19 - 00000664 _____ () C:\Documents and Settings\Joe\Local Settings\Application Data\d3d9caps.dat

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-27 17:20 - 2006-08-08 00:02 - 00000000 ____D () C:\Documents and Settings\Joe\Local Settings\Temp
2015-02-27 17:18 - 2010-10-20 20:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2015-02-27 17:14 - 2013-09-03 15:23 - 00007680 ___SH () C:\WINDOWS\Thumbs.db
2015-02-27 17:14 - 2009-04-14 22:41 - 00527087 _____ () C:\WINDOWS\setupapi.log
2015-02-27 17:09 - 2010-08-26 14:01 - 00000970 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4219563000-2888109555-913751894-1005UA.job
2015-02-27 17:06 - 2004-08-11 16:13 - 02067997 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-26 19:13 - 2004-08-11 16:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-02-26 19:12 - 2004-08-11 16:09 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-02-26 19:12 - 2004-08-11 16:09 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-02-26 19:11 - 2014-04-09 03:25 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-02-26 19:11 - 2013-04-12 16:45 - 00000274 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4219563000-2888109555-913751894-1005.job
2015-02-26 19:11 - 2012-04-24 19:29 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-26 19:11 - 2011-06-19 16:35 - 00000274 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-4219563000-2888109555-913751894-1005.job
2015-02-26 19:11 - 2004-08-11 16:20 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-25 01:00 - 2012-05-03 08:03 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-24 19:59 - 2006-08-08 00:02 - 00000278 ___SH () C:\Documents and Settings\Joe\ntuser.ini
2015-02-24 19:59 - 2004-08-11 16:20 - 00032488 _____ () C:\WINDOWS\SchedLgU.Txt
2015-02-22 09:24 - 2010-01-30 10:27 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-02-19 21:27 - 2014-12-08 21:25 - 00202208 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdriverlx.sys
2015-02-19 05:09 - 2010-08-26 14:01 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4219563000-2888109555-913751894-1005Core.job
2015-02-16 10:30 - 2011-07-09 19:16 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-02-11 07:26 - 2015-01-05 00:16 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-11 06:58 - 2012-10-10 03:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2749655$
2015-02-11 06:55 - 2013-04-12 16:45 - 00000282 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4219563000-2888109555-913751894-1005.job
2015-02-11 06:55 - 2010-08-12 05:36 - 00000282 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-4219563000-2888109555-913751894-1005.job
2015-02-11 01:06 - 2014-10-27 06:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2015
2015-02-11 01:05 - 2009-11-15 14:17 - 00000000 ___HD () C:\$AVG
2015-02-11 01:04 - 2009-08-29 14:30 - 00000000 ____D () C:\Program Files\AVG
2015-02-11 00:46 - 2013-08-12 05:55 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-11 00:32 - 2010-02-27 18:28 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-02-11 00:32 - 2006-08-30 01:09 - 113756392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-08 15:00 - 2014-04-09 03:25 - 00000212 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-02-05 21:00 - 2012-05-03 08:03 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-05 21:00 - 2011-07-14 07:39 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-02-03 10:47 - 2014-07-18 14:55 - 00265184 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avglogx.sys
2015-01-31 09:04 - 2006-08-29 21:19 - 00000000 ____D () C:\Documents and Settings\Joe\Application Data\Mozilla
2015-01-29 23:10 - 2014-05-24 19:25 - 00457696 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-4219563000-2888109555-913751894-1005-0.dat
2015-01-29 23:10 - 2010-11-13 06:48 - 00328862 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-01-29 22:35 - 2014-12-30 15:18 - 00000000 ____D () C:\Program Files\Nero
2015-01-29 22:34 - 2014-12-30 15:18 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Nero
2015-01-29 22:34 - 2004-08-11 16:02 - 00000000 ____D () C:\WINDOWS\Cursors
2015-01-29 22:33 - 2014-12-30 15:18 - 00000000 ____D () C:\Program Files\Common Files\Nero

==================== Files in the root of some directories =======

2015-02-11 12:34 - 2015-02-11 12:34 - 0032768 _____ () C:\Documents and Settings\Joe\Application Data\Carlito's.Way.1993.720p.BrRip.x264.bitloks.YIFY.mp4
2006-08-27 21:23 - 2006-08-27 21:23 - 0003072 _____ () C:\Documents and Settings\Joe\Application Data\dvd.bmk
2015-02-12 08:10 - 2015-02-12 08:10 - 0049765 _____ (ICQ) C:\Documents and Settings\Joe\Application Data\qmYz10vp8n.exe
2009-08-26 12:08 - 2009-08-26 12:08 - 0000268 ___RH () C:\Documents and Settings\Joe\Application Data\Speech Enhancer
2009-08-26 12:14 - 2009-08-26 12:14 - 0000268 ___RH () C:\Documents and Settings\Joe\Application Data\Standard
2014-10-09 21:32 - 2014-10-09 21:32 - 0893239 _____ () C:\Documents and Settings\Joe\Local Settings\Application Data\a.zip
2014-10-09 21:32 - 2014-10-09 21:32 - 2162416 _____ (Catalina Marketing Corp) C:\Documents and Settings\Joe\Local Settings\Application Data\BcsKtYcHW.dll
2015-02-02 21:47 - 2015-02-15 15:19 - 0000664 _____ () C:\Documents and Settings\Joe\Local Settings\Application Data\d3d9caps.dat
2006-08-26 02:37 - 2014-02-03 09:10 - 0082432 _____ () C:\Documents and Settings\Joe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-11 23:15 - 2012-08-11 23:15 - 0027520 _____ () C:\Documents and Settings\Joe\Local Settings\Application Data\dt.dat
2006-08-08 00:19 - 2006-08-08 00:19 - 0000126 _____ () C:\Documents and Settings\Joe\Local Settings\Application Data\fusioncache.dat
2009-11-16 18:12 - 2013-09-18 14:15 - 0000000 _____ () C:\Documents and Settings\Joe\Local Settings\Application Data\prvlcl.dat
2015-02-20 14:19 - 2015-02-24 20:02 - 0000153 _____ () C:\Documents and Settings\Joe\Local Settings\Application Data\svcxdcl32.dat

Some content of TEMP:
====================
C:\Documents and Settings\Joe\Local Settings\Temp\235bacf7ee826d.exe
C:\Documents and Settings\Joe\Local Settings\Temp\avguidx.dll
C:\Documents and Settings\Joe\Local Settings\Temp\Bootstrapper.exe
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperARA.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperARU.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperCHS.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperCHT.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperCSY.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperDAN.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperDEU.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperELL.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperENU.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperESN.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperESP.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperFIN.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperFRA.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperHEB.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperHRV.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperHUN.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperITA.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperJPN.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperKOR.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperLOC.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperNLD.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperNOR.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperPLK.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperPTB.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperPTG.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperRUS.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperSKY.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperSLV.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperSVE.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperTHA.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperTRK.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperUKR.dll
C:\Documents and Settings\Joe\Local Settings\Temp\CommonInstaller.exe
C:\Documents and Settings\Joe\Local Settings\Temp\converter.exe
C:\Documents and Settings\Joe\Local Settings\Temp\dotNetFx40_Client_setup.exe
C:\Documents and Settings\Joe\Local Settings\Temp\Garmin.Cartography.DeviceInteraction.dll
C:\Documents and Settings\Joe\Local Settings\Temp\GarminMapUpdater.exe
C:\Documents and Settings\Joe\Local Settings\Temp\GpsImgWrapper.dll
C:\Documents and Settings\Joe\Local Settings\Temp\iGearedHelper.dll
C:\Documents and Settings\Joe\Local Settings\Temp\Interop.IWshRuntimeLibrary.dll
C:\Documents and Settings\Joe\Local Settings\Temp\jre-6u19-windows-i586-iftw-rv.exe
C:\Documents and Settings\Joe\Local Settings\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Documents and Settings\Joe\Local Settings\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Documents and Settings\Joe\Local Settings\Temp\lowproc.exe
C:\Documents and Settings\Joe\Local Settings\Temp\MachineIdCreator.exe
C:\Documents and Settings\Joe\Local Settings\Temp\mfc100.dll
C:\Documents and Settings\Joe\Local Settings\Temp\msvcp100.dll
C:\Documents and Settings\Joe\Local Settings\Temp\msvcr100.dll
C:\Documents and Settings\Joe\Local Settings\Temp\MyDownloader.Core.dll
C:\Documents and Settings\Joe\Local Settings\Temp\rad1703D.tmp.exe
C:\Documents and Settings\Joe\Local Settings\Temp\rad6D64D.tmp.exe
C:\Documents and Settings\Joe\Local Settings\Temp\radA8893.tmp.exe
C:\Documents and Settings\Joe\Local Settings\Temp\radBF40D.tmp.exe
C:\Documents and Settings\Joe\Local Settings\Temp\radC7CCF.tmp.exe
C:\Documents and Settings\Joe\Local Settings\Temp\rnsetup0.exe
C:\Documents and Settings\Joe\Local Settings\Temp\stubhelper.dll
C:\Documents and Settings\Joe\Local Settings\Temp\tmpCC9(1).exe
C:\Documents and Settings\Joe\Local Settings\Temp\ToolbarInstaller.exe
C:\Documents and Settings\Joe\Local Settings\Temp\usb_lib.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================



Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-02-2015 01
Ran by Joe at 2015-02-27 17:21:14
Running from C:\Documents and Settings\Joe\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.65 (HKLM\...\7-Zip) (Version: - )
Ad-Aware (HKLM\...\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}) (Version: 7.1.0.7 - Lavasoft)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 2 (HKLM\...\{531BC138-F1F7-496B-879C-F039ECEF438D}) (Version: 2 - Adobe)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Album Cover Art Downloader 1.6.0 (HKLM\...\Album Cover Art Downloader_is1) (Version: - Sami Kyöstilä)
Andrea VoiceCenter (HKLM\...\{8D2AE3F6-79DF-423C-91CB-389F6FB5837B}) (Version: - )
AOLIcon (Version: 1.00.0000 - Dell) Hidden
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS E-Green Uninstall (HKLM\...\EGREEN) (Version: - )
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5160 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.162-050803a2-025672C-Dell - )
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.5.0 - Auslogics Labs Pty Ltd)
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5751 - AVG Technologies)
AVG 2015 (Version: 15.0.4299 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5751 - AVG Technologies) Hidden
AxIDE (HKLM\...\{5FABA366-B80C-11D5-983E-00A0CC379110}) (Version: 3.8.500 - Axiom Manufacturing Inc.)
BASC-2 ASSIST (HKLM\...\BASC-2 ASSIST) (Version: 1.0.0.0 - AGS Publishing)
BitTorrent (HKU\S-1-5-21-4219563000-2888109555-913751894-1005\...\BitTorrent) (Version: - BitTorrent, Inc)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scan Utility (HKLM\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MP Navigator EX 2.0 (HKLM\...\MP Navigator EX 2.0) (Version: - )
Canon MP620 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series) (Version: - )
Canon MP620 series User Registration (HKLM\...\Canon MP620 series User Registration) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version: - )
Catalina Savings Printer (HKLM\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
CinepPlayer 30 Update (HKLM\...\{C41F4616-44B6-4E8D-BFC7-4267862A2CE1}) (Version: - )
CodeWarrior Development Studio for HC12 V4.5 (HKLM\...\{C3CDD3EA-DEA3-493E-848C-5CA4E5502031}) (Version: 4.5 - Freescale)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version: - )
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
CrashPlan (HKLM\...\{42E52398-5674-414E-892C-907BF65CA46E}) (Version: 3.5.3 - CrashPlan)
Creative MediaSource (HKLM\...\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}) (Version: 3.00 - )
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com)
DeductionPro 2009 (HKLM\...\{97F4D62E-5AEB-4649-BABF-4712C6EF6845}) (Version: 17.04 - HRB Technology, LLC.)
Dell Digital Jukebox Driver (HKLM\...\Dell Digital Jukebox Driver) (Version: - )
Dell Driver Reset Tool (HKLM\...\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}) (Version: 1.02.0000 - Dell Inc.)
Dell Game Console (HKLM\...\Dell Game Console) (Version: - WildTangent)
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.09085 - Dell)
Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
DellSupport (HKLM\...\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}) (Version: 6.0.3062 - Dell)
Digital Content Portal (HKLM\...\{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}) (Version: 1.00.0000 - Dell)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.10 - BVRP Software, Inc)
DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.8.5 - DivX, Inc.)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.2 - DivX, Inc.)
Documentation & Support Launcher (HKLM\...\{B0DF58A2-40DF-4465-AA56-38623EC9938C}) (Version: 1.00.0000 - Dell Inc.)
EducateU (HKLM\...\{A683A2C0-821C-486F-858C-FA634DB5E864}) (Version: 1.00.0000 - Dell)
E-Hammer (HKLM\...\E-Hammer1.0.0) (Version: 1.0.0 - Asus)
ELIcon (Version: 1.00.0000 - Dell) Hidden
ExpressPCB (HKLM\...\{F6F61F83-DE8D-4A4E-B2CD-E3F382C79AE6}) (Version: 5.6.0 - ExpressPCB)
File Uploader (HKLM\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.5 - Nikon)
Games, Music, & Photos Launcher (HKLM\...\{B6884A07-0305-47AE-9969-8F26FADC17DE}) (Version: 1.00.0000 - Dell Inc.)
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{D17111CB-C992-42A9-9D56-C19395102AAA}) (Version: 2.4.2 - Garmin Ltd or its subsidiaries)
Google Talk Plugin (HKLM\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
GoZone iSync (HKLM\...\GoZone iSync) (Version: 2.0.1 - Virgin HealthMiles)
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.3.194 - SurfRight B.V.)
Hotfix 2050 for SQL Server 2000 ENU (KB948110) (HKLM\...\KB948110(ENU)) (Version: 1 - Microsoft Corporation)
Hotfix 2055 for SQL Server 2000 ENU (KB960082) (HKLM\...\KB960082(ENU)) (Version: 1 - Microsoft Corporation)
Intel Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
Intel(R) PRO Network Connections Drivers (HKLM\...\PROSet) (Version: - )
Intel(R) PROSet for Wired Connections (HKLM\...\{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}) (Version: 9.20.0000 - Dell)
Intervention Report Upgrade for BASC-2 ASSIST (HKLM\...\Intervention Report Upgrade for BASC-2 ASSIST) (Version: 1.2.0.0 - Pearson Assessments)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 2 Runtime Environment, SE v1.4.2_03 (HKLM\...\{7148F0A8-6813-11D6-A77B-00B0D0142030}) (Version: 1.4.2_03 - Sun Microsystems, Inc.)
Java 2 Runtime Environment, SE v1.4.2_08 (HKLM\...\{7148F0A8-6813-11D6-A77B-00B0D0142080}) (Version: 1.4.2_08 - Sun Microsystems, Inc.)
Java(TM) 6 Update 2 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160020}) (Version: 1.6.0.20 - Sun Microsystems, Inc.)
Java(TM) 6 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216019FF}) (Version: 6.0.210 - Sun Microsystems, Inc.)
Java(TM) 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
LeapFrog Connect (HKLM\...\UPCShell) (Version: 4.0.33.15045 - LeapFrog)
LeapFrog Connect (Version: 4.0.33.15045 - LeapFrog) Hidden
LeapFrog My Pals Plugin (Version: 4.0.33.15045 - LeapFrog) Hidden
Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version: - )
LimeWire 4.18.8 (HKLM\...\LimeWire) (Version: 4.18.8 - Lime Wire, LLC)
LiveUpdate 2.6 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 2.6.14.0 - Symantec Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MATLAB Component Runtime (HKLM\...\{C059544C-3949-4BFB-9398-41232B4016D5}) (Version: 7.3 - MathWorks)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
MCU (Version: 1.00.0000 - Dell) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30730 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook 2003 with Business Contact Manager Update (HKLM\...\{BA68600E-96D9-4E92-80F2-26B9681B5A63}) (Version: 2.0.5324.0 - Microsoft Corporation)
Microsoft Office Visio Professional 2003 (HKLM\...\{90510409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Plus! Digital Media Edition Installer (HKLM\...\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}) (Version: 1.1.0.3514 - Microsoft Corporation)
Microsoft Plus! Photo Story 2 LE (HKLM\...\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}) (Version: 1.1.0.3463 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ) (HKLM\...\{E09B48B5-E141-427A-AB0C-D3605127224A}) (Version: 8.00.2039 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: 2.40 - BVRP Software)
Move Media Player (HKU\S-1-5-21-4219563000-2888109555-913751894-1005\...\Move Media Player) (Version: - Move Networks)
Mozilla Firefox 36.0 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0 (x86 en-US)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird (1.5.0.12) (HKLM\...\Mozilla Thunderbird (1.5.0.12)) (Version: 1.5.0.12 (en-US) - Mozilla)
MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero BurnRights 10 (HKLM\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10400.2.100 - Nero AG)
Nero CoverDesigner 10 (HKLM\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.6.10600.4.100 - Nero AG)
Nero DiscSpeed 10 (HKLM\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10500.1.100 - Nero AG)
Nero Express 10 (HKLM\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10800.6.100 - Nero AG)
Nero InfoTool 10 (HKLM\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10300.1.100 - Nero AG)
Nero Kwik Media (HKLM\...\{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}) (Version: 1.6.16600.75.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM\...\{7D0A13FA-56BC-4755-8BAF-45A69BA6A5C8}) (Version: 10.0.10300 - Nero AG)
Nero StartSmart 10 (HKLM\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10500.3.100 - Nero AG)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.12 - BVRP Software, Inc)
NexDef Plug-in (HKLM\...\Autobahn) (Version: - )
Nikon Message Center (HKLM\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Transfer (HKLM\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.5.3 - Nikon)
Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-4219563000-2888109555-913751894-1005\...\Octoshape add-in for Adobe Flash Player) (Version: - )
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 0.9.3 - Frank Heindörfer, Philip Chinery)
PDFCreator Toolbar (HKLM\...\PDFCreator Toolbar) (Version: 3.0.0.0 - )
Photomatix Pro version 3.2.9 (HKLM\...\PhotomatixPro3x32_is1) (Version: 3.2.9 - HDRsoft Sarl)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Picture Control Utility (HKLM\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.0.3 - Nikon)
PsychCorpCenter (HKLM\...\InstallShield_{CEA790EA-8282-4AD8-9883-14E86DAAC2C2}) (Version: 3.3.3 - Pearson)
PsychCorpCenter (Version: 3.3.3 - Pearson) Hidden
PsychCorpCenter-II (HKLM\...\InstallShield_{BCF3A585-39F5-4F8D-BC2B-4DAE1EA0F06F}) (Version: 1.0.14 - Pearson)
PsychCorpCenter-II (Version: 1.0.14 - Pearson) Hidden
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Rhapsody Player Engine (HKLM\...\{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}) (Version: 1.1.0 - RealNetworks)
Roxio Backup MyPC (HKLM\...\{637099FB-45FD-4BC7-9651-6FB540DBB749}) (Version: 6.0.0 - Roxio)
Roxio DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 5.2.0 - Roxio)
Roxio Media Experience (HKLM\...\{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}) (Version: 3.5 - Roxio)
Roxio MyDVD LE (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.6 - Roxio)
Roxio RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.4 - Roxio)
Roxio RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.4 - Roxio)
Roxio RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.4 - Roxio)
ScanTools Plus Link Runtime (HKLM\...\{265F31FE-5731-424E-8B55-E2E1F17E5F3E}) (Version: 7.0 - Pearson Assessments)
ScanTools Plus Link Runtime (Version: 1.0 - Pearson NCS) Hidden
SCRABBLE (HKLM\...\6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA) (Version: 09/20/2005 12:02 AM - WildTangent)
Search Assist (HKLM\...\{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}) (Version: 1.00.0000 - Dell)
Shutterfly Express Uploader (HKLM\...\com.Shutterfly.ExpressUploader) (Version: 1.2.0.0 - Shutterfly, Inc.)
Shutterfly Express Uploader (Version: 1.2.0 - Shutterfly, Inc.) Hidden
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Sonic Advanced Decoder (HKLM\...\{46C73DE4-E96D-4F7C-8371-F28052183B12}) (Version: - )
Sonic CinePlayer Decoder Pack (HKLM\...\{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}) (Version: 4.2.0 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Sound Blaster Audigy ADVANCED MB (HKLM\...\{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}) (Version: 1.0 - )
Sound Blaster Audigy ADVANCED MB Product Registration (HKLM\...\Sound Blaster Audigy ADVANCED MB Product Registration) (Version: - )
Spotify (HKLM\...\Spotify) (Version: 0.5.2 - )
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SSH Secure Shell (HKLM\...\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}) (Version: - )
StarUML 5.0.2.1570 (HKLM\...\StarUML_is1) (Version: - Plastic Software, Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
URL Assistant (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version: - )
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin) (HKLM\...\MyPalsPlugin) (Version: - LeapFrog)
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0 - DivX, Inc) Hidden
ViewNX (HKLM\...\{F007CBCE-D714-4C0B-8CE9-9B0D78116468}) (Version: 1.0.3 - Nikon)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vz In Home Agent (HKLM\...\{FF0D5234-E7D8-41DA-9287-C89C3B045ADC}) (Version: 7.04.14 - Verizon)
WD Drive Utilities (HKLM\...\{72E40002-8CEC-47C1-A099-83AC8E173BF0}) (Version: 1.0.3.3 - Western Digital Technologies, Inc.)
WD Quick View (HKLM\...\{F181233F-67DF-4995-A159-EB81F2B5500B}) (Version: 2.4.0.39 - Western Digital Technologies, Inc.)
WD Security (HKLM\...\{83270912-15C7-4336-822E-E8F1B1BBCA60}) (Version: 1.0.3.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{A24D2799-843D-4352-8D6C-B980833E9BBD}) (Version: 2.4.0.39 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM\...\{9af08980-8d36-4304-a8d0-53dc0c7d93a5}) (Version: 2.4.0.39 - Western Digital Technologies, Inc.)
WebCyberCoach 3.2 Dell (HKLM\...\WebCyberCoach_wtrb) (Version: - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WIAT-III Scoring Assistant (HKLM\...\InstallShield_{C28CCFC3-68E4-4066-908B-8104AEDD207F}) (Version: 2.0.01 - Pearson)
WIAT-III Scoring Assistant (Version: 2.0.01 - Pearson) Hidden
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0036.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WISC-IV Scoring Assistant (HKLM\...\InstallShield_{9182A4B3-CF11-43D2-BDCA-4FE418BD35BB}) (Version: 2.0.01 - The Psychological Corporation)
WISC-IV Scoring Assistant (Version: 2.0.01 - The Psychological Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.21.135\psuser.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{0713E8A8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.21.99\psuser.dll No (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.21.57\psuser.dll No (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.25.5\psuser.dll No F (the data entry has 3 more characters).
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{1995BE3C-B47D-11D0-A052-444553540000}\InprocServer32 -> C:\WINDOWS\system32\CommX.ocx (Greenleaf Software, Inc.)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.21.69\psuser.dll No (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32 -> C:\WINDOWS\system32\mswinsck.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32 -> C:\WINDOWS\system32\mswinsck.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.2.183.39\goopdate.dll (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.21.79\psuser.dll No (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dll No F (the data entry has 3 more characters).
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{373FF7F4-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{386D1283-2E62-11D1-A052-444553540000}\InprocServer32 -> C:\WINDOWS\system32\CommX.ocx (Greenleaf Software, Inc.)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{46345E81-69FB-11D1-9481-00A0247B7657}\InprocServer32 -> C:\WINDOWS\system32\CommX.ocx (Greenleaf Software, Inc.)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{576B8362-B743-11D0-A052-444553540000}\InprocServer32 -> C:\WINDOWS\system32\CommX.ocx (Greenleaf Software, Inc.)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{5ACBB955-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{5ACBB956-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{5DC9C941-73E7-11D1-9481-00A0247B7657}\InprocServer32 -> C:\WINDOWS\system32\CommX.ocx (Greenleaf Software, Inc.)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{612A8628-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.21.145\psuser.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.21.123\psuser.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{6B7E63A3-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.21.153\psuser.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{7DA06D40-54A0-11CF-A521-0080C77A7786}\InprocServer32 -> C:\WINDOWS\system32\tabctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{897AE71E-350F-40CB-8AF0-0E647B5346E6}\InprocServer32 -> C:\Documents and Settings\All Users\Application Data\{28D73ACE-CB8D-415F-89D8-6048FCA7E5F6}\qwave.dll ()
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{8B3F8A21-B6D9-11D0-A052-444553540000}\InprocServer32 -> C:\WINDOWS\system32\CommX.ocx (Greenleaf Software, Inc.)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll No (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.21.149\psuser.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{9BE647A1-BC75-11D0-A052-444553540000}\InprocServer32 -> C:\WINDOWS\system32\CommX.ocx (Greenleaf Software, Inc.)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll No F (the data entry has 3 more characters).
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{AD848A76-F236-5EE2-819B-2BDE7ED40AE7}\InprocServer32 -> C:\Documents and Settings\Joe\Application Data\Catalina &#8211; Print Savings\npBcsKtTcHW.dll (Catalina Marketing Corporation)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{B66834C6-2E60-11CE-8748-524153480004}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}\InprocServer32 -> C:\WINDOWS\system32\tabctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.21.115\psuser.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{C606CB41-51CB-11D1-A053-444553540000}\InprocServer32 -> C:\WINDOWS\system32\CommX.ocx (Greenleaf Software, Inc.)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll No (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{D1034EC1-750B-11D1-9481-00A0247B7657}\InprocServer32 -> C:\WINDOWS\system32\CommX.ocx (Greenleaf Software, Inc.)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{D1034EC2-750B-11D1-9481-00A0247B7657}\InprocServer32 -> C:\WINDOWS\system32\CommX.ocx (Greenleaf Software, Inc.)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.21.65\psuser.dll No (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\InprocServer32 -> C:\Documents and Settings\Joe\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\InprocServer32 -> C:\Documents and Settings\Joe\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dll No F (the data entry has 3 more characters).
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{F22F6CE5-F6CC-11D0-A052-00A0247B7657}\InprocServer32 -> C:\WINDOWS\system32\CommX.ocx (Greenleaf Software, Inc.)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.21.111\psuser.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\InprocServer32 -> C:\Documents and Settings\Joe\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\InprocServer32 -> C:\Documents and Settings\Joe\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.24.7\psuser.dll No F (the data entry has 3 more characters).

==================== Restore Points =========================

ATTENTION: System Restore is disabled.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-11 16:00 - 2010-04-10 10:51 - 00386002 ___RA C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.163ns.com
127.0.0.1 163ns.com
127.0.0.1 171203.com
127.0.0.1 17-plus.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4219563000-2888109555-913751894-1005Core.job => C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4219563000-2888109555-913751894-1005UA.job => C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4219563000-2888109555-913751894-1005.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4219563000-2888109555-913751894-1005.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-4219563000-2888109555-913751894-1005.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-4219563000-2888109555-913751894-1005.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

==================== Loaded Modules (whitelisted) ==============

2004-08-11 16:00 - 2014-02-05 03:55 - 00562688 _____ () C:\WINDOWS\system32\qedit.dll
2004-08-11 16:00 - 2013-01-02 01:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2004-08-11 16:00 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-11 16:00 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2007-04-10 06:54 - 2007-04-10 06:54 - 00207608 _____ () C:\Program Files\Common Files\Sonic Shared\SonicHDDemuxer.dll
2012-11-14 23:39 - 2012-10-04 19:50 - 00088688 _____ () C:\WINDOWS\system32\cpwmon2k.dll
2006-09-04 23:37 - 2001-10-28 16:42 - 00116224 _____ () C:\WINDOWS\system32\pdfcmnnt.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2006-07-28 07:47 - 2005-05-19 07:54 - 01345520 _____ () C:\WINDOWS\system32\CTMBHA.DLL
2015-02-26 19:12 - 2015-02-26 19:12 - 00697884 _____ () C:\Documents and Settings\Joe\Local Settings\Temp\clclean.0001.dir.0029\~df394b.tmp
2013-04-08 18:35 - 2013-04-08 18:35 - 00013312 _____ () C:\Program Files\CrashPlan\md5.dll
2015-01-14 07:18 - 2015-01-14 07:18 - 00197120 _____ () C:\Program Files\CrashPlan\cpnative.dll
2013-02-18 21:49 - 2013-02-18 21:49 - 00968880 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aawservice => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4219563000-2888109555-913751894-1005\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk => C:\WINDOWS\pss\Service Manager.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Joe^Start Menu^Programs^Startup^NexDef Plug-in.lnk => C:\WINDOWS\pss\NexDef Plug-in.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Joe^Start Menu^Programs^Startup^Nikon Monitor.lnk => C:\WINDOWS\pss\Nikon Monitor.lnkStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Aim6 =>
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ATIPTA => "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: Creative Detector => "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: DellSupport => "C:\Program Files\DellSupport\DSAgnt.exe" /startup
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
MSCONFIG\startupreg: DLA => C:\WINDOWS\System32\DLA\DLACTRLW.EXE
MSCONFIG\startupreg: DMXLauncher => "C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe"
MSCONFIG\startupreg: dscactivate => "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
MSCONFIG\startupreg: ECenter => "c:\dell\E-Center\gtb.exe"
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HPDJ Taskbar Utility => C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: IJNetworkScanUtility => C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
MSCONFIG\startupreg: ISUSPM => "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
MSCONFIG\startupreg: ISUSPM Startup => "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Monitor => "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: Nikon Transfer Monitor => C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: SetDefaultMIDI => MIDIDef.exe
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: VoiceCenter => "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
MSCONFIG\startupreg: WD Drive Unlocker => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
MSCONFIG\startupreg: WD Quick View => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe

==================== Accounts: =============================

Administrator (S-1-5-21-4219563000-2888109555-913751894-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-4219563000-2888109555-913751894-1007 - Limited - Enabled)
Guest (S-1-5-21-4219563000-2888109555-913751894-501 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Guest
HelpAssistant (S-1-5-21-4219563000-2888109555-913751894-1004 - Limited - Disabled)
Joe (S-1-5-21-4219563000-2888109555-913751894-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Joe
SUPPORT_388945a0 (S-1-5-21-4219563000-2888109555-913751894-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/27/2015 05:00:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 78112313

Error: (02/27/2015 05:00:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 78112313

Error: (02/27/2015 05:00:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/24/2015 11:05:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6903859

Error: (02/24/2015 11:05:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6903859

Error: (02/24/2015 11:05:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/24/2015 11:05:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6888469

Error: (02/24/2015 11:05:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6888469

Error: (02/24/2015 11:05:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/24/2015 09:10:38 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: WDBackupEngine.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AggregateException
Stack:
at System.Threading.Tasks.TaskExceptionHolder.Finalize()


System errors:
=============
Error: (02/27/2015 05:17:13 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error 3758213661 (0xE001CA1D).

Error: (02/27/2015 05:17:02 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error 3758213661 (0xE001CA1D).

Error: (02/27/2015 05:16:52 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error 3758213661 (0xE001CA1D).

Error: (02/27/2015 05:16:50 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error 3758213661 (0xE001CA1D).

Error: (02/27/2015 05:16:40 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error 3758213661 (0xE001CA1D).

Error: (02/27/2015 05:16:30 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error 3758213661 (0xE001CA1D).

Error: (02/27/2015 05:16:19 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error 3758213661 (0xE001CA1D).

Error: (02/27/2015 05:16:09 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error 3758213661 (0xE001CA1D).

Error: (02/27/2015 05:15:59 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error 3758213661 (0xE001CA1D).

Error: (02/27/2015 05:15:48 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error 3758213661 (0xE001CA1D).


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) D CPU 3.20GHz
Percentage of memory in use: 49%
Total physical RAM: 2046.07 MB
Available physical RAM: 1024.75 MB
Total Pagefile: 3937.75 MB
Available Pagefile: 2674.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911.91 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:108.57 GB) (Free:69.6 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Local Disk 2) (Fixed) (Total:37.05 GB) (Free:36.95 GB) NTFS
Drive g: (My Passport) (Fixed) (Total:931.48 GB) (Free:812.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Active) - (Size=108.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=37 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3.3 GB) - (Type=DB)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00023F15)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Thanks for the logs, continue as follows:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

1.Download Malwarebytes Anti-Rootkit from this link:

http://www.malwarebytes.org/products/mbar/

2. Unzip the File to a convenient location. (Recommend the Desktop)
3. Open the folder where the contents were unzipped to run mbar.exe



4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:



5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.



7. The following image opens, select Update



8. When the update completes select Next.



9. In the following window ensure "Targets" are ticked. Then select "Scan"



10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.



11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.
12. If no threats were found you will see the following image, Select Exit:



13. Verify that your system is now running normally, making sure that the following items are functional:

  • Internet access
  • Windows Update
  • Windows Firewall

14. If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

15. Select "Y" from your Keyboard, tap Enter.

16. The fix will be applied, select any key to Exit.

17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

System - log
Mbar - log Date and time of scan will also be shown

Thanks,

Kevin...
 

Attachments

jtsj1

Thread Starter
Joined
Feb 24, 2015
Messages
6
Thanks, that seems to have done the trick. Everything seems back to normal now -- AVG is running, and the excessive slowness has gone away. Internet access, Windows Update and Windows Firewall are all operating normally.



---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_21

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, G:\ DRIVE_FIXED
CPU speed: 3.192000 GHz
Memory total: 2145456128, free: 1187418112

Downloaded database version: v2015.02.27.08
Downloaded database version: v2015.02.25.01
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
------------ Kernel report ------------
02/27/2015 19:51:50
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
iastor.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
DRVMCDB.SYS
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
avgrkx86.sys
avglogx.sys
avgmfx86.sys
avgidshx.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HSFHWBS2.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\HSF_DP.sys
\SystemRoot\system32\DRIVERS\HSF_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\e100b325.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\System32\Drivers\DLACDBHM.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\drivers\windrvr6.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\sthda.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\sigfilt.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\MODEMCSA.sys
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\DLARTL_N.SYS
\??\C:\WINDOWS\system32\drivers\avgtpx86.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\avgtdix.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\avgldx86.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\wdcsam.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\avgidsshimx.sys
\SystemRoot\system32\DRIVERS\avgidsdriverlx.sys
\SystemRoot\system32\DRIVERS\avgdiskx.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_iastor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\Drivers\DRVNDDM.SYS
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\DLA\DLADResN.SYS
\SystemRoot\System32\DLA\DLAIFS_M.SYS
\SystemRoot\System32\DLA\DLAOPIOM.SYS
\SystemRoot\System32\DLA\DLAPoolM.SYS
\SystemRoot\System32\DLA\DLABOIOM.SYS
\SystemRoot\System32\DLA\DLAUDFAM.SYS
\SystemRoot\System32\DLA\DLAUDF_M.SYS
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\drivers\ctusfsyn.sys
\SystemRoot\system32\DRIVERS\ctoss2k.sys
\SystemRoot\system32\DRIVERS\ctsfm2k.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\GIVEIO.SYS
\SystemRoot\System32\Drivers\VICHW11.SYS
\SystemRoot\system32\DRIVERS\dsunidrv.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\System32\Drivers\PEDRV.SYS
\??\C:\WINDOWS\system32\drivers\PfModNT.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!

Scan started
Database versions:
main: v2015.02.27.08
rootkit: v2015.02.25.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a7c3ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a7bb908, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a7c3ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a7a3030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iastor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 41AB2316

Partition information:

Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 112392

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 112455 Numsec = 227689245
Partition file system is NTFS
Partition is bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 227801700 Numsec = 77690340

Partition 3 type is Other (0xdb)
Partition is NOT ACTIVE.
Partition starts at LBA: 305492040 Numsec = 6988275

Disk Size: 159996968960 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8975eab8, DeviceName: \Device\Harddisk1\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89d277a8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8975eab8, DeviceName: \Device\Harddisk1\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff897d34f0, DeviceName: \Device\00000067\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR5\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 23F15

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 1953456128

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000170586112 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff8965f030, DeviceName: \Device\Harddisk2\DR7\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff897d8728, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8965f030, DeviceName: \Device\Harddisk2\DR7\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff89622c40, DeviceName: Unknown, DriverName: \Driver\DRVMCDB\
DevicePointer: 0xffffffff89660c10, DeviceName: \Device\0000006e\, DriverName: \Driver\USBSTOR\
------------ End ----------
File "c:\documents and settings\all users\application data\avg2015\chjw\4e1aea7b1aea6007.dat:135d0834-34fd-4e2e-9ff9-ae58c7b55d0b" is sparse (flags = 32768)
File "c:\documents and settings\all users\application data\avg2015\chjw\4e1aea7b1aea6007.dat:d03d3c2d-9928-4401-ae51-887a72415f63" is sparse (flags = 32768)
File "c:\documents and settings\all users\application data\avg2015\chjw\9c206d0a206ceca8.dat:b2914d43-13f8-423c-8afa-833844a22974" is sparse (flags = 32768)
File "c:\documents and settings\all users\application data\avg2015\chjw\b0241ff7241fbef2.dat:097e5c69-89dc-4861-82c3-cb4ff3383378" is sparse (flags = 32768)
Infected: C:\Documents and Settings\Joe\Local Settings\Application Data\svcxdcl32.dat --> [Trojan.Agent]
Scan finished
Creating System Restore point...
Could not create restore point...
Cleaning up...
Removal successful. No system shutdown is required.
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-1-112455-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_21

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, G:\ DRIVE_FIXED
CPU speed: 3.192000 GHz
Memory total: 2145456128, free: 929271808

Downloaded database version: v2015.02.28.01
Initializing...
======================
------------ Kernel report ------------
02/27/2015 22:21:11
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
iastor.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
DRVMCDB.SYS
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
avgrkx86.sys
avglogx.sys
avgmfx86.sys
avgidshx.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HSFHWBS2.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\HSF_DP.sys
\SystemRoot\system32\DRIVERS\HSF_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\e100b325.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\System32\Drivers\DLACDBHM.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\drivers\windrvr6.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\sthda.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\sigfilt.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\MODEMCSA.sys
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\DLARTL_N.SYS
\??\C:\WINDOWS\system32\drivers\avgtpx86.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\avgtdix.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\avgldx86.sys
\SystemRoot\system32\DRIVERS\wdcsam.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\avgidsshimx.sys
\SystemRoot\system32\DRIVERS\avgidsdriverlx.sys
\SystemRoot\system32\DRIVERS\avgdiskx.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_iastor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\Drivers\DRVNDDM.SYS
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\DLA\DLADResN.SYS
\SystemRoot\System32\DLA\DLAIFS_M.SYS
\SystemRoot\System32\DLA\DLAOPIOM.SYS
\SystemRoot\System32\DLA\DLAPoolM.SYS
\SystemRoot\System32\DLA\DLABOIOM.SYS
\SystemRoot\System32\DLA\DLAUDFAM.SYS
\SystemRoot\System32\DLA\DLAUDF_M.SYS
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\drivers\ctusfsyn.sys
\SystemRoot\system32\DRIVERS\ctoss2k.sys
\SystemRoot\system32\DRIVERS\ctsfm2k.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\GIVEIO.SYS
\SystemRoot\System32\Drivers\VICHW11.SYS
\SystemRoot\system32\DRIVERS\dsunidrv.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\System32\Drivers\PEDRV.SYS
\??\C:\WINDOWS\system32\drivers\PfModNT.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!

Scan started
Database versions:
main: v2015.02.28.01
rootkit: v2015.02.25.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a7d4ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a7aa908, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a7d4ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a7c2030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iastor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 41AB2316

Partition information:

Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 112392

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 112455 Numsec = 227689245
Partition file system is NTFS
Partition is bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 227801700 Numsec = 77690340

Partition 3 type is Other (0xdb)
Partition is NOT ACTIVE.
Partition starts at LBA: 305492040 Numsec = 6988275

Disk Size: 159996968960 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff89719030, DeviceName: \Device\Harddisk1\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8952a020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff89719030, DeviceName: \Device\Harddisk1\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff899e9a30, DeviceName: \Device\00000067\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR5\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 23F15

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 1953456128

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000170586112 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff89a112d8, DeviceName: \Device\Harddisk2\DR7\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89670020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff89a112d8, DeviceName: \Device\Harddisk2\DR7\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff89680d38, DeviceName: Unknown, DriverName: \Driver\DRVMCDB\
DevicePointer: 0xffffffff898449c0, DeviceName: \Device\0000006e\, DriverName: \Driver\USBSTOR\
------------ End ----------
File "c:\documents and settings\all users\application data\avg2015\chjw\4e1aea7b1aea6007.dat:c276c343-3403-4f25-97c6-667463d20b3d" is sparse (flags = 32768)
File "c:\documents and settings\all users\application data\avg2015\chjw\9c206d0a206ceca8.dat:b2914d43-13f8-423c-8afa-833844a22974" is sparse (flags = 32768)
File "c:\documents and settings\all users\application data\avg2015\chjw\b0241ff7241fbef2.dat:097e5c69-89dc-4861-82c3-cb4ff3383378" is sparse (flags = 32768)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-1-112455-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished



Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
main: v2015.02.27.08
rootkit: v2015.02.25.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Joe :: DESKTOP [administrator]

2/27/2015 7:52:42 PM
mbar-log-2015-02-27 (19-52-42).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 419956
Time elapsed: 36 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Joe\Local Settings\Application Data\svcxdcl32.dat (Trojan.Agent) -> Delete on reboot. [bdb7e0437416ed4925a5507a966d5ca4]

Physical Sectors Detected: 0
(No malicious items detected)

(end)



Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
main: v2015.02.28.01
rootkit: v2015.02.25.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Joe :: DESKTOP [administrator]

2/27/2015 10:22:03 PM
mbar-log-2015-02-27 (22-22-03).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 419896
Time elapsed: 28 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Can I see the log from FRST fix, it will have saved to the same folder as FRST.exe. Also run the following:

Download Security Check by screen317 from either of the following:

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop
Ensure to get the correct version for your system....
32 Bit version:
https://www.microsoft.com/downloads...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
64 Bit version:
https://www.microsoft.com/downloads...DE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.
Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

Next,

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)
Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...

Let me see those logs,

Kevin...
 

jtsj1

Thread Starter
Joined
Feb 24, 2015
Messages
6
Sorry about that, here are the logs from FRST Fix, as well as MRST and Security Check:



Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 25-02-2015 01
Ran by Joe at 2015-02-27 19:15:53 Run:1
Running from C:\Documents and Settings\Joe\Desktop
Loaded Profiles: Joe (Available profiles: Joe & Administrator & Guest)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
HKLM\...\Run: [{adf164a7-59bb-e7d8-5562-7f518844447e}] => C:\Documents and Settings\All Users\Application Data\Microsoft\{adf164a7-59bb-e7d8-5562-7f518844447e}\{adf164a7-59bb-e7d8-5562-7f518844447e}.exe [376872 2015-02-22] ()
C:\Documents and Settings\All Users\Application Data\Microsoft\{adf164a7-59bb-e7d8-5562-7f518844447e}\{adf164a7-59bb-e7d8-5562-7f518844447e}.exe
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Lavasoft <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG\ <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM\...\Policies\Explorer\Run: [{adf164a7-59bb-e7d8-5562-7f518844447e}] => C:\Documents and Settings\All Users\Application Data\Microsoft\{adf164a7-59bb-e7d8-5562-7f518844447e}\{adf164a7-59bb-e7d8-5562-7f518844447e}.exe [376872 2015-02-22] ( ())
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
HKU\S-1-5-21-4219563000-2888109555-913751894-1005\...\Run: [jnmitra] => rundll32 "C:\Documents and Settings\Joe\Local Settings\Application Data\jnmitra.dll",jnmitra
C:\Documents and Settings\Joe\Local Settings\Application Data\jnmitra.dll
HKU\S-1-5-21-4219563000-2888109555-913751894-1005\...\Run: [kidrahb] => rundll32 "C:\Documents and Settings\Joe\Local Settings\Application Data\kidrahb.dll",kidrahb
C:\Documents and Settings\Joe\Local Settings\Application Data\kidrahb.dll
HKU\S-1-5-21-4219563000-2888109555-913751894-1005\...\MountPoints2: {fbeb716b-5787-11de-bd8f-001372e23ff8} - F:\LaunchU3.exe
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npbittorrent.dll (BitTorrent, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
S3 bvrp_pci; No ImagePath
S3 VPROEVENTMONITOR; \??\C:\WINDOWS\system32\drivers\VProEventMonitor.sys [X]
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
U1 WS2IFSL; No ImagePath
S0 xtkc; System32\drivers\ykqe.sys [X]
C:\Documents and Settings\Joe\Application Data\qmYz10vp8n.exe
C:\Documents and Settings\Joe\Local Settings\Temp\235bacf7ee826d.exe
C:\Documents and Settings\Joe\Local Settings\Temp\avguidx.dll
C:\Documents and Settings\Joe\Local Settings\Temp\Bootstrapper.exe
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperARA.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperARU.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperCHS.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperCHT.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperCSY.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperDAN.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperDEU.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperELL.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperENU.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperESN.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperESP.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperFIN.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperFRA.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperHEB.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperHRV.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperHUN.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperITA.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperJPN.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperKOR.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperLOC.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperNLD.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperNOR.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperPLK.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperPTB.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperPTG.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperRUS.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperSKY.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperSLV.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperSVE.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperTHA.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperTRK.dll
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperUKR.dll
C:\Documents and Settings\Joe\Local Settings\Temp\CommonInstaller.exe
C:\Documents and Settings\Joe\Local Settings\Temp\converter.exe
C:\Documents and Settings\Joe\Local Settings\Temp\dotNetFx40_Client_setup.exe
C:\Documents and Settings\Joe\Local Settings\Temp\Garmin.Cartography.DeviceInteraction.dll
C:\Documents and Settings\Joe\Local Settings\Temp\GarminMapUpdater.exe
C:\Documents and Settings\Joe\Local Settings\Temp\GpsImgWrapper.dll
C:\Documents and Settings\Joe\Local Settings\Temp\iGearedHelper.dll
C:\Documents and Settings\Joe\Local Settings\Temp\Interop.IWshRuntimeLibrary.dll
C:\Documents and Settings\Joe\Local Settings\Temp\jre-6u19-windows-i586-iftw-rv.exe
C:\Documents and Settings\Joe\Local Settings\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Documents and Settings\Joe\Local Settings\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Documents and Settings\Joe\Local Settings\Temp\lowproc.exe
C:\Documents and Settings\Joe\Local Settings\Temp\MachineIdCreator.exe
C:\Documents and Settings\Joe\Local Settings\Temp\mfc100.dll
C:\Documents and Settings\Joe\Local Settings\Temp\msvcp100.dll
C:\Documents and Settings\Joe\Local Settings\Temp\msvcr100.dll
C:\Documents and Settings\Joe\Local Settings\Temp\MyDownloader.Core.dll
C:\Documents and Settings\Joe\Local Settings\Temp\rad1703D.tmp.exe
C:\Documents and Settings\Joe\Local Settings\Temp\rad6D64D.tmp.exe
C:\Documents and Settings\Joe\Local Settings\Temp\radA8893.tmp.exe
C:\Documents and Settings\Joe\Local Settings\Temp\radBF40D.tmp.exe
C:\Documents and Settings\Joe\Local Settings\Temp\radC7CCF.tmp.exe
C:\Documents and Settings\Joe\Local Settings\Temp\rnsetup0.exe
C:\Documents and Settings\Joe\Local Settings\Temp\stubhelper.dll
C:\Documents and Settings\Joe\Local Settings\Temp\tmpCC9(1).exe
C:\Documents and Settings\Joe\Local Settings\Temp\ToolbarInstaller.exe
C:\Documents and Settings\Joe\Local Settings\Temp\usb_lib.dll
EmptyTemp:
end



*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\{adf164a7-59bb-e7d8-5562-7f518844447e} => value deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\{adf164a7-59bb-e7d8-5562-7f518844447e}\{adf164a7-59bb-e7d8-5562-7f518844447e}.exe => Moved successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{adf164a7-59bb-e7d8-5562-7f518844447e} => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoCDBurning => value deleted successfully.
"HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore" => Key deleted successfully.
HKU\S-1-5-21-4219563000-2888109555-913751894-1005\Software\Microsoft\Windows\CurrentVersion\Run\\jnmitra => value deleted successfully.
"C:\Documents and Settings\Joe\Local Settings\Application Data\jnmitra.dll" => File/Directory not found.
HKU\S-1-5-21-4219563000-2888109555-913751894-1005\Software\Microsoft\Windows\CurrentVersion\Run\\kidrahb => value deleted successfully.
"C:\Documents and Settings\Joe\Local Settings\Application Data\kidrahb.dll" => File/Directory not found.
"HKU\S-1-5-21-4219563000-2888109555-913751894-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fbeb716b-5787-11de-bd8f-001372e23ff8}" => Key deleted successfully.
HKCR\CLSID\{fbeb716b-5787-11de-bd8f-001372e23ff8} => Key not found.
C:\Program Files\mozilla firefox\plugins\npbittorrent.dll => Moved successfully.
C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll => Moved successfully.
C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll => Moved successfully.
bvrp_pci => Service deleted successfully.
VPROEVENTMONITOR => Service deleted successfully.
wanatw => Service deleted successfully.
WS2IFSL => Service deleted successfully.
xtkc => Service deleted successfully.
C:\Documents and Settings\Joe\Application Data\qmYz10vp8n.exe => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\235bacf7ee826d.exe => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\avguidx.dll => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\Bootstrapper.exe => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperARA.dll => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperARU.dll => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperCHS.dll => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperCHT.dll => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperCSY.dll => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperDAN.dll => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperDEU.dll => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperELL.dll => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperENU.dll => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperESN.dll => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperESP.dll => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperFIN.dll => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperFRA.dll => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperHEB.dll => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperHRV.dll => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperHUN.dll => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperITA.dll => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperJPN.dll => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperKOR.dll => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperLOC.dll => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperNLD.dll => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperNOR.dll => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperPLK.dll => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperPTB.dll => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperPTG.dll => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperRUS.dll => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperSKY.dll => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperSLV.dll => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperSVE.dll => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperTHA.dll => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperTRK.dll => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperUKR.dll => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\CommonInstaller.exe => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\converter.exe => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\dotNetFx40_Client_setup.exe => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\Garmin.Cartography.DeviceInteraction.dll => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\GarminMapUpdater.exe => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\GpsImgWrapper.dll => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\iGearedHelper.dll => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\Interop.IWshRuntimeLibrary.dll => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\jre-6u19-windows-i586-iftw-rv.exe => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\jre-6u20-windows-i586-iftw-rv.exe => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\jre-6u21-windows-i586-iftw-rv.exe => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\lowproc.exe => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\MachineIdCreator.exe => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\mfc100.dll => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\msvcp100.dll => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\msvcr100.dll => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\MyDownloader.Core.dll => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\rad1703D.tmp.exe => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\rad6D64D.tmp.exe => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\radA8893.tmp.exe => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\radBF40D.tmp.exe => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\radC7CCF.tmp.exe => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\rnsetup0.exe => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\stubhelper.dll => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\tmpCC9(1).exe => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\ToolbarInstaller.exe => Moved successfully.
C:\Documents and Settings\Joe\Local Settings\Temp\usb_lib.dll => Moved successfully.
EmptyTemp: => Removed 4.8 GB temporary data.


The system needed a reboot.

==== End of Fixlog 19:22:25 ====




---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.19, August 2006
Started On Wed Aug 30 02:09:10 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 30 02:09:27 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.20, September 2006
Started On Wed Sep 13 18:10:33 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 13 18:10:47 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.21, October 2006
Started On Sat Oct 14 04:01:14 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Oct 14 04:01:30 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.22, November 2006
Started On Sat Nov 18 01:58:35 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Nov 18 01:58:52 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.23, December 2006
Started On Wed Dec 13 02:33:43 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Dec 13 02:33:58 2006


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.24, January 2007
Started On Sat Jan 13 05:07:48 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Jan 13 05:08:00 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.24, January 2007
Started On Sun Jan 14 22:28:11 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Jan 14 22:28:29 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.25, February 2007
Started On Thu Feb 15 04:02:06 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 15 04:02:21 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.27, March 2007
Started On Fri Mar 16 04:02:18 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Mar 16 04:02:39 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.28, April 2007
Started On Fri Apr 13 04:01:33 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Apr 13 04:01:53 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.29, May 2007
Started On Tue May 08 19:32:13 2007
->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000B (11))
->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000B (11))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue May 08 19:33:11 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.30, June 2007
Started On Wed Jun 13 19:52:33 2007
->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000B (11))
->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000B (11))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jun 13 19:53:31 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.31, July 2007
Started On Thu Jul 12 18:18:27 2007
->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000B (11))
->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000B (11))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jul 12 18:19:30 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.32, August 2007
Started On Wed Aug 15 04:01:48 2007
->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000B (11))
->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000B (11))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 15 04:02:39 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.33, September 2007
Started On Tue Sep 11 23:11:43 2007
->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000B (11))
->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000B (11))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Sep 11 23:12:38 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.34, October 2007
Started On Wed Oct 10 04:01:40 2007
->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))
->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 10 04:02:42 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.35, November 2007
Started On Wed Nov 14 04:00:40 2007
->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))
->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Nov 14 04:01:43 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.36, December 2007
Started On Thu Dec 13 04:02:16 2007
->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))
->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Dec 13 04:03:22 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.37, January 2008
Started On Wed Jan 09 04:00:55 2008
->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))
->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jan 09 04:02:00 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.38, February 2008
Started On Sat Feb 16 11:11:17 2008
->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))
->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Feb 16 11:12:20 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.39, March 2008
Started On Thu Mar 13 04:01:26 2008
->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))
->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Mar 13 04:02:43 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.40, April 2008
Started On Wed Apr 09 04:00:56 2008
->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))
->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 09 04:02:15 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.41, May 2008
Started On Fri May 16 20:02:45 2008
->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))
->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Fri May 16 20:03:46 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.42, June 2008
Started On Wed Jun 11 04:01:36 2008
->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))
->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jun 11 04:02:44 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.0, July 2008
Started On Thu Jul 10 21:46:58 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jul 10 21:48:02 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.1, August 2008
Started On Wed Aug 13 04:04:36 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 13 04:05:39 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.2, September 2008
Started On Wed Sep 10 04:04:04 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 10 04:05:15 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.3, October 2008
Started On Wed Oct 15 04:01:09 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 15 04:02:28 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.4, November 2008
Started On Thu Nov 13 04:03:50 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Nov 13 04:05:13 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.5, December 2008
Started On Fri Dec 12 04:02:44 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Dec 12 04:04:25 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.6, January 2009
Started On Wed Jan 14 04:00:27 2009

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jan 14 04:01:58 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.7, February 2009
Started On Wed Feb 11 18:14:19 2009

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 11 18:15:55 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.8, March 2009
Started On Sun Mar 15 04:00:20 2009

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Mar 15 04:01:48 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.9, April 2009
Started On Tue Apr 14 21:13:03 2009
Security policy adjusted. Engine requests reboot and try again, ignoring.->Scan ERROR: resource process://pid:2580 (code 0x00000057 (87))
->Scan ERROR: resource process://pid:3136 (code 0x00000057 (87))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Apr 14 21:14:45 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.10, May 2009
Started On Thu May 14 04:00:30 2009
WARNING: Security policy doesn't allow for all actions MSRT may require.
Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 04:02:04 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.11, June 2009
Started On Thu Jun 11 04:02:11 2009
WARNING: Security policy doesn't allow for all actions MSRT may require.
Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jun 11 04:03:56 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.11, June 2009
Started On Thu Jun 25 23:29:23 2009
WARNING: Security policy doesn't allow for all actions MSRT may require.
Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jun 25 23:31:18 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.12, July 2009
Started On Wed Jul 15 04:00:42 2009
WARNING: Security policy doesn't allow for all actions MSRT may require.
Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jul 15 04:02:27 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.13, August 2009
Started On Wed Aug 12 23:13:25 2009
WARNING: Security policy doesn't allow for all actions MSRT may require.
Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 12 23:15:09 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.14, September 2009
Started On Tue Sep 08 17:08:58 2009
WARNING: Security policy doesn't allow for all actions MSRT may require.
Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Sep 08 17:11:29 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.0, October 2009
Started On Thu Oct 15 04:04:25 2009
WARNING: Security policy doesn't allow for all actions MSRT may require.
Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 15 04:06:41 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.1, November 2009
Started On Wed Nov 11 20:50:42 2009
WARNING: Security policy doesn't allow for all actions MSRT may require.
Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Nov 11 20:53:15 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.2, December 2009
Started On Thu Dec 10 04:00:29 2009
WARNING: Security policy doesn't allow for all actions MSRT may require.
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Dec 10 04:02:51 2009


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.3, January 2010
Started On Wed Jan 13 04:00:25 2010
WARNING: Security policy doesn't allow for all actions MSRT may require.
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jan 13 04:02:48 2010


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.4, February 2010
Started On Thu Feb 11 09:01:57 2010
WARNING: Security policy doesn't allow for all actions MSRT may require.
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 11 09:04:17 2010


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.5, March 2010
Started On Tue Mar 09 22:09:05 2010
WARNING: Security policy doesn't allow for all actions MSRT may require.
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Tue Mar 09 22:11:20 2010


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.6, April 2010
Started On Thu Apr 15 00:01:20 2010
WARNING: Security policy doesn't allow for all actions MSRT may require.
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 15 00:03:39 2010


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.7, May 2010
Started On Tue May 18 04:01:37 2010
WARNING: Security policy doesn't allow for all actions MSRT may require.
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Tue May 18 04:03:55 2010


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.8, June 2010
Started On Tue Jun 08 21:17:38 2010
WARNING: Security policy doesn't allow for all actions MSRT may require.
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Tue Jun 08 21:19:58 2010


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.9, July 2010
Started On Wed Jul 14 04:02:25 2010
WARNING: Security policy doesn't allow for all actions MSRT may require.-> Sysclean ERROR: Internal error, code = 80508015

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jul 14 04:04:47 2010


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.10, August 2010
Started On Thu Aug 12 04:01:51 2010
WARNING: Security policy doesn't allow for all actions MSRT may require.-> Sysclean ERROR: Internal error, code = 80508015

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Aug 12 04:04:17 2010


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.11, September 2010
Started On Thu Sep 16 04:01:40 2010
WARNING: Security policy doesn't allow for all actions MSRT may require.
Engine internal result code = 80508015

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 16 04:04:16 2010


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.12, October 2010
Started On Wed Oct 13 21:04:18 2010
WARNING: Security policy doesn't allow for all actions MSRT may require.
Engine internal result code = 80508015

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 13 21:08:22 2010


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.13, November 2010
Started On Tue Nov 09 18:01:34 2010
->Scan ERROR: resource process://pid:3336 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:5828 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1516 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:5828 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1516 (code 0x00000005 (5))

Engine internal result code = 80508015

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Tue Nov 09 18:04:31 2010


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.14, December 2010
Started On Wed Dec 15 08:13:20 2010
->Scan ERROR: resource process://pid:516 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:2664 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:4068 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:2664 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:516 (code 0x00000005 (5))

Engine internal result code = 80508015

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Dec 15 08:16:10 2010


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.15, January 2011
Started On Tue Jan 11 19:00:35 2011
->Scan ERROR: resource process://pid:512 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:2888 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:424 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:2888 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:512 (code 0x00000005 (5))

Engine internal result code = 80508015

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Tue Jan 11 19:04:00 2011


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.16, February 2011
Started On Wed Feb 09 18:39:23 2011
->Scan ERROR: resource process://pid:556 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:2532 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:3928 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:5916 (code 0x00000490 (1168))
->Scan ERROR: resource process://pid:2532 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:556 (code 0x00000005 (5))

Engine internal result code = 80508015

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 09 18:42:30 2011


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.17, March 2011
Started On Wed Mar 09 20:39:27 2011
->Scan ERROR: resource process://pid:536 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:3236 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:4044 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:3236 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:536 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Mar 09 20:41:51 2011


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.18, April 2011
Started On Fri Apr 15 00:03:12 2011
->Scan ERROR: resource process://pid:9684 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:9852 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:856 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:11272 (code 0x00000490 (1168))
->Scan ERROR: resource process://pid:856 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:9852 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Fri Apr 15 00:05:49 2011


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.18, April 2011
Started On Thu Apr 28 04:00:32 2011
->Scan ERROR: resource process://pid:548 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:3416 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1436 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:3416 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:548 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 28 04:03:05 2011


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.19, May 2011
Started On Wed May 11 04:01:45 2011
->Scan ERROR: resource process://pid:712 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:2880 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:3960 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:2880 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:712 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 11 04:04:18 2011


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.20, June 2011
Started On Thu Jun 16 04:06:27 2011
->Scan ERROR: resource process://pid:760 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:2780 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:3172 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:3172 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:760 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jun 16 04:08:52 2011


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.21, July 2011
Started On Thu Jul 14 04:02:02 2011
->Scan ERROR: resource process://pid:10232 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:6300 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:4312 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:10232 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:6300 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jul 14 04:04:43 2011


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.22, August 2011
Started On Wed Aug 10 15:20:17 2011
->Scan ERROR: resource process://pid:9336 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:11288 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:11876 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:6612 (code 0x00000490 (1168))
->Scan ERROR: resource process://pid:9336 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:11288 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 10 15:23:32 2011


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.0, September 2011
Started On Fri Sep 16 04:03:15 2011

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Fri Sep 16 04:06:18 2011


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.0, September 2011
Started On Wed Sep 28 20:50:58 2011

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 28 20:54:37 2011


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.1, October 2011
Started On Wed Oct 12 19:27:05 2011

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 12 19:30:06 2011


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.2, November 2011
Started On Wed Nov 09 04:00:31 2011

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Nov 09 04:03:25 2011


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.3, December 2011
Started On Thu Dec 15 04:04:32 2011

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Dec 15 04:07:21 2011


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.4, January 2012
Started On Thu Jan 12 04:02:07 2012

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 12 04:05:04 2012


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.5, February 2012
Started On Thu Feb 16 01:40:18 2012
->Scan ERROR: resource process://pid:11160 (code 0x00000490 (1168))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 16 01:43:37 2012


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.6, March 2012
Started On Thu Mar 15 04:01:53 2012

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Mar 15 04:04:54 2012


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.7, April 2012
Started On Wed Apr 11 23:41:14 2012

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 11 23:43:54 2012


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.8, May 2012
Started On Sat May 12 04:16:48 2012
->Scan ERROR: resource process://pid:3848 (code 0x00000490 (1168))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Sat May 12 04:20:24 2012


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.9, June 2012
Started On Thu Jun 14 04:09:15 2012

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jun 14 04:13:23 2012


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.10, July 2012
Started On Wed Jul 11 04:02:38 2012

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jul 11 04:06:27 2012


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.11, August 2012
Started On Wed Aug 15 23:24:36 2012

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 15 23:28:15 2012


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.12, September 2012
Started On Wed Sep 12 23:31:31 2012

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 12 23:34:38 2012


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.13, October 2012
Started On Wed Oct 10 04:03:51 2012

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 10 04:06:49 2012


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.14, November 2012
Started On Tue Nov 13 17:32:45 2012
->Scan ERROR: resource process://pid:656 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:248 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:324 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:2040 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:2228 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:3956 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:6444 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:248 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:324 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Tue Nov 13 17:36:10 2012


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.15, December 2012
Started On Wed Dec 12 04:01:47 2012
->Scan ERROR: resource process://pid:8900 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:7848 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:4792 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:2888 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1912 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1760 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:4164 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:8900 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:7848 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Dec 12 04:05:07 2012


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.16, January 2013
Started On Thu Jan 10 04:01:39 2013
->Scan ERROR: resource process://pid:656 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:696 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:240 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:300 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1020 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1948 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:3624 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:240 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:300 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 10 04:04:47 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.17, February 2013
Started On Wed Feb 13 04:18:37 2013
->Scan ERROR: resource process://pid:656 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:696 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:272 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:360 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1940 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1952 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:3788 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:272 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:360 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 13 04:22:26 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.18, March 2013
Started On Thu Mar 14 04:06:31 2013
->Scan ERROR: resource process://pid:7656 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:7868 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:7556 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:4984 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:6920 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:7852 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:7656 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:7868 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Mar 14 04:10:16 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.19, April 2013
Started On Wed Apr 10 04:01:44 2013
->Scan ERROR: resource process://pid:4532 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:4692 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:4860 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:3824 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:5028 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:4972 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:3952 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:4532 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:4692 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 10 04:05:55 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.20, May 2013
Started On Wed May 15 00:58:27 2013
->Scan ERROR: resource process://pid:664 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:704 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:236 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:348 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:592 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:772 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:3280 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:4056 (code 0x00000490 (1168))
->Scan ERROR: resource process://pid:2644 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:236 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:348 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 15 01:04:11 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.21, June 2013
Started On Wed Jun 12 04:01:31 2013
->Scan ERROR: resource process://pid:8408 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:4472 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:9500 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:3104 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:8736 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:6536 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:7816 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:8408 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:4472 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jun 12 04:05:44 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.22, July 2013
Started On Sat Jul 13 07:29:27 2013
->Scan ERROR: resource process://pid:656 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:696 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:324 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:368 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1808 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1996 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:3504 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:324 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:368 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Sat Jul 13 07:33:26 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.2, July 2013 (build 5.2.9201.0)
Started On Mon Aug 12 06:55:20 2013


Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Mon Aug 12 07:00:19 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.3, August 2013 (build 5.3.9301.0)
Started On Sat Aug 24 23:53:31 2013


Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Sat Aug 24 23:57:22 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.4, September 2013 (build 5.4.9400.0)
Started On Fri Sep 13 18:01:55 2013

Engine: 1.1.9800.0
Signatures: 1.157.932.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Fri Sep 13 18:05:34 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.5, October 2013 (build 5.5.9502.0)
Started On Thu Oct 10 04:15:30 2013

Engine: 1.1.9901.0
Signatures: 1.159.530.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 10 04:19:59 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.6, November 2013 (build 5.6.9603.0)
Started On Fri Nov 22 21:48:37 2013

Engine: 1.1.10003.0
Signatures: 1.161.1618.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Fri Nov 22 21:52:35 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.7, December 2013 (build 5.7.9701.0)
Started On Wed Dec 11 21:21:49 2013

Engine: 1.1.10100.0
Signatures: 1.163.1013.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Dec 11 21:26:15 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.8, January 2014 (build 5.8.9803.0)
Started On Thu Jan 16 04:01:29 2014

Engine: 1.1.10201.0
Signatures: 1.165.1273.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 16 04:04:30 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.9, February 2014 (build 5.9.9902.0)
Started On Wed Feb 12 04:08:07 2014

Engine: 1.1.10201.0
Signatures: 1.165.3163.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 12 04:11:34 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.10, March 2014 (build 5.10.10001.0)
Started On Tue Mar 18 04:00:45 2014

Engine: 1.1.10302.0
Signatures: 1.167.1001.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Tue Mar 18 04:04:23 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.11, April 2014 (build 5.11.10100.0)
Started On Wed Apr 09 04:02:22 2014

Engine: 1.1.10401.0
Signatures: 1.169.1258.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 09 04:06:27 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.12, May 2014 (build 5.12.10200.0)
Started On Thu May 15 04:04:49 2014

Engine: 1.1.10502.0
Signatures: 1.173.1305.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 15 04:09:14 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.13, June 2014 (build 5.13.10300.0)
Started On Thu Jun 12 07:37:42 2014

Engine: 1.1.10600.0
Signatures: 1.175.1113.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jun 12 07:43:42 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.14, July 2014 (build 5.14.10402.0)
Started On Wed Jul 09 00:02:35 2014

Engine: 1.1.10701.0
Signatures: 1.177.949.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jul 09 00:06:50 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.15, August 2014 (build 5.15.10500.0)
Started On Wed Aug 13 08:48:42 2014

Engine: 1.1.10802.0
Signatures: 1.179.1796.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 13 08:54:01 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)
Started On Wed Sep 10 04:00:57 2014

Engine: 1.1.10904.0
Signatures: 1.183.882.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 10 04:06:47 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)
Started On Thu Oct 16 16:49:43 2014

Engine: 1.1.11005.0
Signatures: 1.185.2035.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 16 17:01:11 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)
Started On Thu Nov 13 17:24:00 2014

Engine: 1.1.11104.0
Signatures: 1.187.1116.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Nov 13 17:29:33 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Thu Dec 11 21:43:20 2014

Engine: 1.1.11202.0
Signatures: 1.189.872.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Dec 11 21:48:51 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Wed Jan 14 08:03:26 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jan 14 08:11:18 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)
Started On Wed Feb 11 00:33:10 2015

Engine: 1.1.11302.0
Signatures: 1.191.3593.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 11 00:46:51 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)
Started On Sat Feb 28 06:58:47 2015

Engine: 1.1.11302.0
Signatures: 1.191.3593.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Sat Feb 28 07:41:20 2015


Return code: 0 (0x0)



Results of screen317's Security Check version 0.99.97
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG AntiVirus Free Edition 2015
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Spybot - Search & Destroy
Java(TM) 6 Update 21
Java(TM) 6 Update 2
Java(TM) 6 Update 7
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_08
Java version 32-bit out of Date!
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.305
Adobe Reader XI
Mozilla Firefox (36.0)
Mozilla Thunderbird (1.5.0 Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 7%
````````````````````End of Log``````````````````````
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Java is outdated, also there are several old versions showing as installed. All olversions need to be removed....Your Java
is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

Go to http://java.com/en/ and click on "Do I have Java"
It will check your current version and then offer to update to the latest version
Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them. <<-- Very Important

Next,

If no remaining issues or concerns run the following to clean up:

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:


  • Remove disinfection tools
  • Purge System Restore
  • Reset system settings

Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

If no issues remain hit the "Mark Solved" tab at the top of the thread....

Thank you,

Kevin.....
 

jtsj1

Thread Starter
Joined
Feb 24, 2015
Messages
6
I downloaded the latest Java and removed all old versions, and ran DelFix. Everything is running smoothly now.

Thanks very much for your help!
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top