1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Software Restriction Policy Has Disabled AVG

Discussion in 'Virus & Other Malware Removal' started by jtsj1, Feb 24, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. jtsj1

    jtsj1 Thread Starter

    Joined:
    Feb 24, 2015
    Messages:
    6
    In the past few days AVG has stopped working on my computer and does not show in the System Tray, and my system has been sluggish in general. When I try to launch AVG I get an error message:

    "C:\Program Files\AVG\AVG2015\avgui.exe - Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator."

    I tried repairing my AVG installation, then a full uninstall/reinstall, but still got the same error. Also tried running Malwarebytes with no luck. Please help!


    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
    Processor: Intel(R) Pentium(R) D CPU 3.20GHz, x86 Family 15 Model 6 Stepping 4
    Processor Count: 2
    RAM: 2046 Mb
    Graphics Card: RADEON X600 256MB HyperMemory, 256 Mb
    Hard Drives: C: Total - 111176 MB, Free - 71387 MB; D: Total - 37934 MB, Free - 37835 MB; G: Total - 953835 MB, Free - 832073 MB;
    Motherboard: Dell Inc., 0HJ054
    Antivirus: AVG AntiVirus Free Edition 2015, Updated: Yes, On-Demand Scanner: Enabled
     
  2. jtsj1

    jtsj1 Thread Starter

    Joined:
    Feb 24, 2015
    Messages:
    6
    bump
     
  3. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hello and welcome to TSG,

    Use the instructions in the following link to show hidden files:

    http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

    Next,

    Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

    There are three buttons to choose from with different names on, select the first one and save it to your desktop.

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7/8, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
    • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
    • If the tool does not run from any of the links provided, please let me know.

    Next,

    Download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

    Thanks,

    Kevin..
     
  4. jtsj1

    jtsj1 Thread Starter

    Joined:
    Feb 24, 2015
    Messages:
    6
    Rkill 2.7.0 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2015 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 02/27/2015 05:09:17 PM in x86 mode.
    Windows Version: Microsoft Windows XP Service Pack 3

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * C:\WINDOWS\stsystra.exe (PID: 592) [WD-HEUR]
    * C:\DOCUME~1\Joe\LOCALS~1\Temp\clclean.0001 (PID: 240) [SUP-HEUR]
    * C:\DOCUME~1\Joe\LOCALS~1\Temp\clclean.0001 (PID: 240) [T-HEUR]
    * C:\WINDOWS\system32\CTsvcCDA.exe (PID: 1312) [WD-HEUR]

    4 proccesses terminated!

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * System Restore Disabled

    [HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
    "DisableConfig" = dword:00000001

    * System Restore Disabled

    [HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
    "DisableSR" = dword:00000001

    * System Restore Disabled

    [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = dword:00000001

    * Reparse Point/Junctions Found (Most likely legitimate)!

    * C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
    * C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]

    Checking Windows Service Integrity:

    * System Restore Service (srservice) is not Running.
    Startup Type set to: Automatic

    * System Restore Filter Driver (sr) is not Running.
    Startup Type set to: Disabled

    Searching for Missing Digital Signatures:

    * No issues found.

    Checking HOSTS File:

    * Cannot edit the HOSTS file.
    * Permissions Fixed. Administrators can now edit the HOSTS file.

    * HOSTS file entries found:

    127.0.0.1 localhost
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 www.10sek.com
    127.0.0.1 10sek.com
    127.0.0.1 www.123topsearch.com

    20 out of 13338 HOSTS entries shown.
    Please review HOSTS file for further entries.

    Program finished at: 02/27/2015 05:16:19 PM
    Execution time: 0 hours(s), 7 minute(s), and 1 seconds(s)



    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-02-2015 01
    Ran by Joe (administrator) on DESKTOP on 27-02-2015 17:20:03
    Running from C:\Documents and Settings\Joe\Desktop
    Loaded Profiles: Joe (Available profiles: Joe & Administrator & Guest)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 8 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
    (Lavasoft) C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Creative Technology Ltd) C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
    (CrashPlan) C:\Program Files\CrashPlan\CrashPlanService.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    (Macrovision Corporation) C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
    (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
    (Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
    (Virgin HealthMiles Inc.) C:\Program Files\GoZone\GoZone_iSync.exe
    (LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    (Nero AG) C:\Program Files\Nero\Update\NASvc.exe
    (SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
    (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
    (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Creative Labs) C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SigmatelSysTrayApp] => C:\WINDOWS\stsystra.exe [339968 2005-03-22] (SigmaTel, Inc.)
    HKLM\...\Run: [CTSysVol] => C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [57344 2005-09-15] (Creative Technology Ltd)
    HKLM\...\Run: [MBMon] => Rundll32 CTMBHA.DLL,MBMon
    HKLM\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe
    HKLM\...\Run: [vProt] => "C:\Program Files\AVG Secure Search\vprot.exe"
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3710416 2015-02-19] (AVG Technologies CZ, s.r.o.)
    HKLM\...\Run: [{adf164a7-59bb-e7d8-5562-7f518844447e}] => C:\Documents and Settings\All Users\Application Data\Microsoft\{adf164a7-59bb-e7d8-5562-7f518844447e}\{adf164a7-59bb-e7d8-5562-7f518844447e}.exe [376872 2015-02-22] ()
    HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files\Lavasoft <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files\AVG\ <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
    HKLM\...\Policies\Explorer\Run: [{adf164a7-59bb-e7d8-5562-7f518844447e}] => C:\Documents and Settings\All Users\Application Data\Microsoft\{adf164a7-59bb-e7d8-5562-7f518844447e}\{adf164a7-59bb-e7d8-5562-7f518844447e}.exe [376872 2015-02-22] ( ())
    HKLM\...\Policies\Explorer: [NoCDBurning] 0
    HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
    HKU\S-1-5-21-4219563000-2888109555-913751894-1005\...\Run: [Google Update] => C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2014-10-24] (Google Inc.)
    HKU\S-1-5-21-4219563000-2888109555-913751894-1005\...\Run: [ISUSPM] => C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe [222128 2007-03-29] (Macrovision Corporation)
    HKU\S-1-5-21-4219563000-2888109555-913751894-1005\...\Run: [jnmitra] => rundll32 "C:\Documents and Settings\Joe\Local Settings\Application Data\jnmitra.dll",jnmitra
    HKU\S-1-5-21-4219563000-2888109555-913751894-1005\...\Run: [kidrahb] => rundll32 "C:\Documents and Settings\Joe\Local Settings\Application Data\kidrahb.dll",kidrahb
    HKU\S-1-5-21-4219563000-2888109555-913751894-1005\...\MountPoints2: {fbeb716b-5787-11de-bd8f-001372e23ff8} - F:\LaunchU3.exe
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CrashPlan Tray.lnk
    ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
    Startup: C:\Documents and Settings\Joe\Start Menu\Programs\Startup\GoZone iSync.lnk
    ShortcutTarget: GoZone iSync.lnk -> C:\Program Files\GoZone\GoZone_iSync.exe (Virgin HealthMiles Inc.)
    BootExecute: autocheck autochk * lsdeleteC:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restart

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    HKU\S-1-5-21-4219563000-2888109555-913751894-1005\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    HKU\S-1-5-21-4219563000-2888109555-913751894-1005\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    HKU\S-1-5-21-4219563000-2888109555-913751894-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    HKU\S-1-5-21-4219563000-2888109555-913751894-1005\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    BHO: No Name -> {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} -> No File
    BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll No File
    BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
    BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
    BHO: No Name -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> No File
    BHO: No Name -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> No File
    BHO: PDFCreator Toolbar Helper -> {C451C08A-EC37-45DF-AAAD-18B51AB5E837} -> C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll ()
    BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\BAE\BAE.dll (Dell Inc.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    Toolbar: HKU\S-1-5-21-4219563000-2888109555-913751894-1005 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    DPF: {CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
    Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\jjy10itr.default
    FF DefaultSearchEngine: Google
    FF DefaultSearchEngine.US: Google
    FF Homepage: hxxp://www.cnn.com/
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @movenetworks.com/Quantum Media Player -> C:\Documents and Settings\Joe\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
    FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
    FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.5.109 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprphtml5videoshim;version=15.0.5.109 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.1 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-4219563000-2888109555-913751894-1005: @movenetworks.com/Quantum Media Player -> C:\Documents and Settings\Joe\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
    FF Plugin HKU\S-1-5-21-4219563000-2888109555-913751894-1005: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Joe\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKU\S-1-5-21-4219563000-2888109555-913751894-1005: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Joe\Application Data\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKU\S-1-5-21-4219563000-2888109555-913751894-1005: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-4219563000-2888109555-913751894-1005: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-4219563000-2888109555-913751894-1005: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\DOCUME~1\Joe\APPLIC~1\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npbittorrent.dll (BitTorrent, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npsnapfish.dll ( )
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npunagi2.dll (America Online, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npViewpoint.dll ()
    FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Joe\Application Data\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Joe\Application Data\mozilla\plugins\npo1d.dll (Google)
    FF Extension: Garmin Communicator - C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\jjy10itr.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-18]
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
    FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-04-01]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-09-17]
    FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF HKU\S-1-5-21-4219563000-2888109555-913751894-1005\...\Firefox\Extensions: [[email protected]] - C:\Documents and Settings\Joe\Application Data\Move Networks
    FF Extension: Move Media Player - C:\Documents and Settings\Joe\Application Data\Move Networks [2008-12-03]

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
    CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\ChromeExt\14.2.0.1\avg.crx [Not Found]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aawservice; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [611664 2008-09-20] (Lavasoft)
    S2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3411408 2015-02-19] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [308720 2015-02-19] (AVG Technologies CZ, s.r.o.)
    R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [152576 2013-04-08] (CrashPlan) [File not signed]
    R3 Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [69632 2006-07-28] (Creative Labs) [File not signed]
    S2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [File not signed]
    S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [76848 2007-03-07] ()
    R2 IAANTMon; C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe [86140 2005-06-17] (Intel Corporation) [File not signed]
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
    R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2010-07-17] (Sun Microsystems, Inc.)
    R2 MSSQL$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe [9158656 2008-12-18] (Microsoft Corporation)
    S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [73728 2005-05-03] (Microsoft Corporation) [File not signed]
    R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [786256 2014-07-15] (Nero AG)
    S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel(R) Corporation) [File not signed]
    S3 Roxio UPnP Renderer 9; C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe [64248 2006-12-11] (Sonic Solutions)
    S2 Roxio Upnp Server 9; C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe [301816 2006-12-11] (Sonic Solutions)
    R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-13] (SupportSoft, Inc.)
    S3 SQLAgent$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE [323584 2005-05-03] (Microsoft Corporation) [File not signed]
    R2 vToolbarUpdater14.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [968880 2013-02-18] ()
    R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-05-09] (Western Digital Technologies, Inc.)
    R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [295800 2014-05-09] (Western Digital Technologies, Inc.)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
    R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [202208 2015-02-19] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
    R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [265184 2015-02-03] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [107488 2015-01-23] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
    R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [210400 2015-01-16] (AVG Technologies CZ, s.r.o.)
    R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [33112 2013-02-18] (AVG Technologies)
    R3 CTUSFSYN; C:\WINDOWS\System32\drivers\ctusfsyn.sys [158464 2005-05-25] (Creative Technology Ltd.)
    R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [26044 2006-09-21] (Sonic Solutions) [File not signed]
    R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5660 2006-03-17] (Sonic Solutions) [File not signed]
    R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2006-09-21] (Sonic Solutions) [File not signed]
    R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [87004 2006-09-21] (Sonic Solutions) [File not signed]
    R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [15068 2006-09-21] (Sonic Solutions) [File not signed]
    R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2006-09-21] (Sonic Solutions) [File not signed]
    R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2006-03-17] (Sonic Solutions) [File not signed]
    R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94460 2006-09-21] (Sonic Solutions) [File not signed]
    R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [88476 2006-09-21] (Sonic Solutions) [File not signed]
    R0 DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [89456 2006-08-18] (Sonic Solutions) [File not signed]
    R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2006-03-17] (Sonic Solutions) [File not signed]
    S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
    R2 GIVEIO; C:\WINDOWS\system32\Drivers\GIVEIO.sys [5248 1996-04-04] () [File not signed]
    S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-11] (Malwarebytes Corporation)
    R2 PEDRV; C:\WINDOWS\system32\Drivers\PEDRV.sys [23296 2000-08-03] () [File not signed]
    R2 PfModNT; C:\WINDOWS\system32\drivers\PfModNT.sys [8704 2004-12-23] (Creative Technology Ltd.) [File not signed]
    R3 sigfilt; C:\WINDOWS\System32\drivers\sigfilt.sys [1350272 2005-03-25] (Creative Technology Ltd.)
    R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [180736 2005-06-06] (SigmaTel, Inc.)
    R2 VICHW11; C:\WINDOWS\system32\Drivers\VICHW11.sys [5200 1998-10-02] () [File not signed]
    R3 WinDriver6; C:\WINDOWS\System32\drivers\windrvr6.sys [333620 2005-03-21] (Jungo) [File not signed]
    S3 bvrp_pci; No ImagePath
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
    S3 VPROEVENTMONITOR; \??\C:\WINDOWS\system32\drivers\VProEventMonitor.sys [X]
    S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
    U1 WS2IFSL; No ImagePath
    S0 xtkc; System32\drivers\ykqe.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-27 17:20 - 2015-02-27 17:20 - 00024734 _____ () C:\Documents and Settings\Joe\Desktop\FRST.txt
    2015-02-27 17:19 - 2015-02-27 17:20 - 00000000 ____D () C:\FRST
    2015-02-27 17:18 - 2015-02-27 17:18 - 01127424 _____ (Farbar) C:\Documents and Settings\Joe\Desktop\FRST.exe
    2015-02-27 17:14 - 2015-02-27 17:14 - 00000000 ____D () C:\WINDOWS\LastGood
    2015-02-27 17:09 - 2015-02-27 17:16 - 00005996 _____ () C:\Documents and Settings\Joe\Desktop\Rkill.txt
    2015-02-27 17:07 - 2015-02-27 17:07 - 01943800 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Joe\Desktop\rkill.exe
    2015-02-25 00:52 - 2015-02-25 00:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2015-02-25 00:04 - 2015-02-25 00:04 - 00000000 ____D () C:\WINDOWS\Performance
    2015-02-25 00:04 - 2015-02-25 00:04 - 00000000 ____D () C:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft Corporation
    2015-02-25 00:03 - 2015-02-25 00:03 - 00001868 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
    2015-02-25 00:03 - 2015-02-25 00:03 - 00000000 ____D () C:\Program Files\Microsoft Windows 7 Upgrade Advisor
    2015-02-24 20:19 - 2015-02-26 19:13 - 00008192 _____ () C:\WINDOWS\system32\WDPABKP.dat
    2015-02-20 14:19 - 2015-02-24 20:02 - 00000153 _____ () C:\Documents and Settings\Joe\Local Settings\Application Data\svcxdcl32.dat
    2015-02-12 08:10 - 2015-02-12 08:10 - 00049765 _____ (ICQ) C:\Documents and Settings\Joe\Application Data\qmYz10vp8n.exe
    2015-02-11 12:34 - 2015-02-11 12:34 - 00032768 _____ () C:\Documents and Settings\Joe\Application Data\Carlito's.Way.1993.720p.BrRip.x264.bitloks.YIFY.mp4
    2015-02-11 01:05 - 2015-02-27 17:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
    2015-02-07 13:32 - 2015-02-11 07:31 - 00000000 ___HD () C:\Documents and Settings\All Users\Application Data\{28D73ACE-CB8D-415F-89D8-6048FCA7E5F6}
    2015-02-02 21:47 - 2015-02-15 15:19 - 00000664 _____ () C:\Documents and Settings\Joe\Local Settings\Application Data\d3d9caps.dat

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-27 17:20 - 2006-08-08 00:02 - 00000000 ____D () C:\Documents and Settings\Joe\Local Settings\Temp
    2015-02-27 17:18 - 2010-10-20 20:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
    2015-02-27 17:14 - 2013-09-03 15:23 - 00007680 ___SH () C:\WINDOWS\Thumbs.db
    2015-02-27 17:14 - 2009-04-14 22:41 - 00527087 _____ () C:\WINDOWS\setupapi.log
    2015-02-27 17:09 - 2010-08-26 14:01 - 00000970 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4219563000-2888109555-913751894-1005UA.job
    2015-02-27 17:06 - 2004-08-11 16:13 - 02067997 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-02-26 19:13 - 2004-08-11 16:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
    2015-02-26 19:12 - 2004-08-11 16:09 - 00000159 _____ () C:\WINDOWS\wiadebug.log
    2015-02-26 19:12 - 2004-08-11 16:09 - 00000049 _____ () C:\WINDOWS\wiaservc.log
    2015-02-26 19:11 - 2014-04-09 03:25 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    2015-02-26 19:11 - 2013-04-12 16:45 - 00000274 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4219563000-2888109555-913751894-1005.job
    2015-02-26 19:11 - 2012-04-24 19:29 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2015-02-26 19:11 - 2011-06-19 16:35 - 00000274 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-4219563000-2888109555-913751894-1005.job
    2015-02-26 19:11 - 2004-08-11 16:20 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2015-02-25 01:00 - 2012-05-03 08:03 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-02-24 19:59 - 2006-08-08 00:02 - 00000278 ___SH () C:\Documents and Settings\Joe\ntuser.ini
    2015-02-24 19:59 - 2004-08-11 16:20 - 00032488 _____ () C:\WINDOWS\SchedLgU.Txt
    2015-02-22 09:24 - 2010-01-30 10:27 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
    2015-02-19 21:27 - 2014-12-08 21:25 - 00202208 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdriverlx.sys
    2015-02-19 05:09 - 2010-08-26 14:01 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4219563000-2888109555-913751894-1005Core.job
    2015-02-16 10:30 - 2011-07-09 19:16 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    2015-02-11 07:26 - 2015-01-05 00:16 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-02-11 06:58 - 2012-10-10 03:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2749655$
    2015-02-11 06:55 - 2013-04-12 16:45 - 00000282 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4219563000-2888109555-913751894-1005.job
    2015-02-11 06:55 - 2010-08-12 05:36 - 00000282 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-4219563000-2888109555-913751894-1005.job
    2015-02-11 01:06 - 2014-10-27 06:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2015
    2015-02-11 01:05 - 2009-11-15 14:17 - 00000000 ___HD () C:\$AVG
    2015-02-11 01:04 - 2009-08-29 14:30 - 00000000 ____D () C:\Program Files\AVG
    2015-02-11 00:46 - 2013-08-12 05:55 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2015-02-11 00:32 - 2010-02-27 18:28 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2015-02-11 00:32 - 2006-08-30 01:09 - 113756392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2015-02-08 15:00 - 2014-04-09 03:25 - 00000212 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    2015-02-05 21:00 - 2012-05-03 08:03 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2015-02-05 21:00 - 2011-07-14 07:39 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2015-02-03 10:47 - 2014-07-18 14:55 - 00265184 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avglogx.sys
    2015-01-31 09:04 - 2006-08-29 21:19 - 00000000 ____D () C:\Documents and Settings\Joe\Application Data\Mozilla
    2015-01-29 23:10 - 2014-05-24 19:25 - 00457696 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-4219563000-2888109555-913751894-1005-0.dat
    2015-01-29 23:10 - 2010-11-13 06:48 - 00328862 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    2015-01-29 22:35 - 2014-12-30 15:18 - 00000000 ____D () C:\Program Files\Nero
    2015-01-29 22:34 - 2014-12-30 15:18 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Nero
    2015-01-29 22:34 - 2004-08-11 16:02 - 00000000 ____D () C:\WINDOWS\Cursors
    2015-01-29 22:33 - 2014-12-30 15:18 - 00000000 ____D () C:\Program Files\Common Files\Nero

    ==================== Files in the root of some directories =======

    2015-02-11 12:34 - 2015-02-11 12:34 - 0032768 _____ () C:\Documents and Settings\Joe\Application Data\Carlito's.Way.1993.720p.BrRip.x264.bitloks.YIFY.mp4
    2006-08-27 21:23 - 2006-08-27 21:23 - 0003072 _____ () C:\Documents and Settings\Joe\Application Data\dvd.bmk
    2015-02-12 08:10 - 2015-02-12 08:10 - 0049765 _____ (ICQ) C:\Documents and Settings\Joe\Application Data\qmYz10vp8n.exe
    2009-08-26 12:08 - 2009-08-26 12:08 - 0000268 ___RH () C:\Documents and Settings\Joe\Application Data\Speech Enhancer
    2009-08-26 12:14 - 2009-08-26 12:14 - 0000268 ___RH () C:\Documents and Settings\Joe\Application Data\Standard
    2014-10-09 21:32 - 2014-10-09 21:32 - 0893239 _____ () C:\Documents and Settings\Joe\Local Settings\Application Data\a.zip
    2014-10-09 21:32 - 2014-10-09 21:32 - 2162416 _____ (Catalina Marketing Corp) C:\Documents and Settings\Joe\Local Settings\Application Data\BcsKtYcHW.dll
    2015-02-02 21:47 - 2015-02-15 15:19 - 0000664 _____ () C:\Documents and Settings\Joe\Local Settings\Application Data\d3d9caps.dat
    2006-08-26 02:37 - 2014-02-03 09:10 - 0082432 _____ () C:\Documents and Settings\Joe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-08-11 23:15 - 2012-08-11 23:15 - 0027520 _____ () C:\Documents and Settings\Joe\Local Settings\Application Data\dt.dat
    2006-08-08 00:19 - 2006-08-08 00:19 - 0000126 _____ () C:\Documents and Settings\Joe\Local Settings\Application Data\fusioncache.dat
    2009-11-16 18:12 - 2013-09-18 14:15 - 0000000 _____ () C:\Documents and Settings\Joe\Local Settings\Application Data\prvlcl.dat
    2015-02-20 14:19 - 2015-02-24 20:02 - 0000153 _____ () C:\Documents and Settings\Joe\Local Settings\Application Data\svcxdcl32.dat

    Some content of TEMP:
    ====================
    C:\Documents and Settings\Joe\Local Settings\Temp\235bacf7ee826d.exe
    C:\Documents and Settings\Joe\Local Settings\Temp\avguidx.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\Bootstrapper.exe
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperARA.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperARU.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperCHS.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperCHT.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperCSY.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperDAN.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperDEU.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperELL.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperENU.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperESN.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperESP.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperFIN.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperFRA.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperHEB.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperHRV.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperHUN.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperITA.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperJPN.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperKOR.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperLOC.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperNLD.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperNOR.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperPLK.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperPTB.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperPTG.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperRUS.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperSKY.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperSLV.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperSVE.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperTHA.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperTRK.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperUKR.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\CommonInstaller.exe
    C:\Documents and Settings\Joe\Local Settings\Temp\converter.exe
    C:\Documents and Settings\Joe\Local Settings\Temp\dotNetFx40_Client_setup.exe
    C:\Documents and Settings\Joe\Local Settings\Temp\Garmin.Cartography.DeviceInteraction.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\GarminMapUpdater.exe
    C:\Documents and Settings\Joe\Local Settings\Temp\GpsImgWrapper.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\iGearedHelper.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\Interop.IWshRuntimeLibrary.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\jre-6u19-windows-i586-iftw-rv.exe
    C:\Documents and Settings\Joe\Local Settings\Temp\jre-6u20-windows-i586-iftw-rv.exe
    C:\Documents and Settings\Joe\Local Settings\Temp\jre-6u21-windows-i586-iftw-rv.exe
    C:\Documents and Settings\Joe\Local Settings\Temp\lowproc.exe
    C:\Documents and Settings\Joe\Local Settings\Temp\MachineIdCreator.exe
    C:\Documents and Settings\Joe\Local Settings\Temp\mfc100.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\msvcp100.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\msvcr100.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\MyDownloader.Core.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\rad1703D.tmp.exe
    C:\Documents and Settings\Joe\Local Settings\Temp\rad6D64D.tmp.exe
    C:\Documents and Settings\Joe\Local Settings\Temp\radA8893.tmp.exe
    C:\Documents and Settings\Joe\Local Settings\Temp\radBF40D.tmp.exe
    C:\Documents and Settings\Joe\Local Settings\Temp\radC7CCF.tmp.exe
    C:\Documents and Settings\Joe\Local Settings\Temp\rnsetup0.exe
    C:\Documents and Settings\Joe\Local Settings\Temp\stubhelper.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\tmpCC9(1).exe
    C:\Documents and Settings\Joe\Local Settings\Temp\ToolbarInstaller.exe
    C:\Documents and Settings\Joe\Local Settings\Temp\usb_lib.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End Of Log ============================



    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-02-2015 01
    Ran by Joe at 2015-02-27 17:21:14
    Running from C:\Documents and Settings\Joe\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 4.65 (HKLM\...\7-Zip) (Version: - )
    Ad-Aware (HKLM\...\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}) (Version: 7.1.0.7 - Lavasoft)
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
    Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Photoshop Lightroom 2 (HKLM\...\{531BC138-F1F7-496B-879C-F039ECEF438D}) (Version: 2 - Adobe)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Album Cover Art Downloader 1.6.0 (HKLM\...\Album Cover Art Downloader_is1) (Version: - Sami Kyöstilä)
    Andrea VoiceCenter (HKLM\...\{8D2AE3F6-79DF-423C-91CB-389F6FB5837B}) (Version: - )
    AOLIcon (Version: 1.00.0000 - Dell) Hidden
    Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ASUS E-Green Uninstall (HKLM\...\EGREEN) (Version: - )
    ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5160 - )
    ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.162-050803a2-025672C-Dell - )
    Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.5.0 - Auslogics Labs Pty Ltd)
    AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
    AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5751 - AVG Technologies)
    AVG 2015 (Version: 15.0.4299 - AVG Technologies) Hidden
    AVG 2015 (Version: 15.0.5751 - AVG Technologies) Hidden
    AxIDE (HKLM\...\{5FABA366-B80C-11D5-983E-00A0CC379110}) (Version: 3.8.500 - Axiom Manufacturing Inc.)
    BASC-2 ASSIST (HKLM\...\BASC-2 ASSIST) (Version: 1.0.0.0 - AGS Publishing)
    BitTorrent (HKU\S-1-5-21-4219563000-2888109555-913751894-1005\...\BitTorrent) (Version: - BitTorrent, Inc)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    Canon IJ Network Scan Utility (HKLM\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
    Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: - )
    Canon MP Navigator EX 2.0 (HKLM\...\MP Navigator EX 2.0) (Version: - )
    Canon MP620 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series) (Version: - )
    Canon MP620 series User Registration (HKLM\...\Canon MP620 series User Registration) (Version: - )
    Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
    Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version: - )
    Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version: - )
    Catalina Savings Printer (HKLM\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
    CinepPlayer 30 Update (HKLM\...\{C41F4616-44B6-4E8D-BFC7-4267862A2CE1}) (Version: - )
    CodeWarrior Development Studio for HC12 V4.5 (HKLM\...\{C3CDD3EA-DEA3-493E-848C-5CA4E5502031}) (Version: 4.5 - Freescale)
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version: - )
    Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
    CrashPlan (HKLM\...\{42E52398-5674-414E-892C-907BF65CA46E}) (Version: 3.5.3 - CrashPlan)
    Creative MediaSource (HKLM\...\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}) (Version: 3.00 - )
    Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation)
    CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com)
    DeductionPro 2009 (HKLM\...\{97F4D62E-5AEB-4649-BABF-4712C6EF6845}) (Version: 17.04 - HRB Technology, LLC.)
    Dell Digital Jukebox Driver (HKLM\...\Dell Digital Jukebox Driver) (Version: - )
    Dell Driver Reset Tool (HKLM\...\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}) (Version: 1.02.0000 - Dell Inc.)
    Dell Game Console (HKLM\...\Dell Game Console) (Version: - WildTangent)
    Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.09085 - Dell)
    Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
    DellSupport (HKLM\...\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}) (Version: 6.0.3062 - Dell)
    Digital Content Portal (HKLM\...\{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}) (Version: 1.00.0000 - Dell)
    Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.10 - BVRP Software, Inc)
    DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.8.5 - DivX, Inc.)
    DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.2 - DivX, Inc.)
    Documentation & Support Launcher (HKLM\...\{B0DF58A2-40DF-4465-AA56-38623EC9938C}) (Version: 1.00.0000 - Dell Inc.)
    EducateU (HKLM\...\{A683A2C0-821C-486F-858C-FA634DB5E864}) (Version: 1.00.0000 - Dell)
    E-Hammer (HKLM\...\E-Hammer1.0.0) (Version: 1.0.0 - Asus)
    ELIcon (Version: 1.00.0000 - Dell) Hidden
    ExpressPCB (HKLM\...\{F6F61F83-DE8D-4A4E-B2CD-E3F382C79AE6}) (Version: 5.6.0 - ExpressPCB)
    File Uploader (HKLM\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.5 - Nikon)
    Games, Music, & Photos Launcher (HKLM\...\{B6884A07-0305-47AE-9969-8F26FADC17DE}) (Version: 1.00.0000 - Dell Inc.)
    Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
    Garmin WebUpdater (HKLM\...\{D17111CB-C992-42A9-9D56-C19395102AAA}) (Version: 2.4.2 - Garmin Ltd or its subsidiaries)
    Google Talk Plugin (HKLM\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
    GoZone iSync (HKLM\...\GoZone iSync) (Version: 2.0.1 - Virgin HealthMiles)
    High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
    HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.3.194 - SurfRight B.V.)
    Hotfix 2050 for SQL Server 2000 ENU (KB948110) (HKLM\...\KB948110(ENU)) (Version: 1 - Microsoft Corporation)
    Hotfix 2055 for SQL Server 2000 ENU (KB960082) (HKLM\...\KB960082(ENU)) (Version: 1 - Microsoft Corporation)
    Intel Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
    Intel(R) PRO Network Connections Drivers (HKLM\...\PROSet) (Version: - )
    Intel(R) PROSet for Wired Connections (HKLM\...\{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}) (Version: 9.20.0000 - Dell)
    Intervention Report Upgrade for BASC-2 ASSIST (HKLM\...\Intervention Report Upgrade for BASC-2 ASSIST) (Version: 1.2.0.0 - Pearson Assessments)
    iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
    Java 2 Runtime Environment, SE v1.4.2_03 (HKLM\...\{7148F0A8-6813-11D6-A77B-00B0D0142030}) (Version: 1.4.2_03 - Sun Microsystems, Inc.)
    Java 2 Runtime Environment, SE v1.4.2_08 (HKLM\...\{7148F0A8-6813-11D6-A77B-00B0D0142080}) (Version: 1.4.2_08 - Sun Microsystems, Inc.)
    Java(TM) 6 Update 2 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160020}) (Version: 1.6.0.20 - Sun Microsystems, Inc.)
    Java(TM) 6 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216019FF}) (Version: 6.0.210 - Sun Microsystems, Inc.)
    Java(TM) 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
    LeapFrog Connect (HKLM\...\UPCShell) (Version: 4.0.33.15045 - LeapFrog)
    LeapFrog Connect (Version: 4.0.33.15045 - LeapFrog) Hidden
    LeapFrog My Pals Plugin (Version: 4.0.33.15045 - LeapFrog) Hidden
    Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version: - )
    LimeWire 4.18.8 (HKLM\...\LimeWire) (Version: 4.18.8 - Lime Wire, LLC)
    LiveUpdate 2.6 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 2.6.14.0 - Symantec Corporation)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    MATLAB Component Runtime (HKLM\...\{C059544C-3949-4BFB-9398-41232B4016D5}) (Version: 7.3 - MathWorks)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
    MCU (Version: 1.00.0000 - Dell) Hidden
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30730 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft Office 2003 Web Components (HKLM\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Outlook 2003 with Business Contact Manager Update (HKLM\...\{BA68600E-96D9-4E92-80F2-26B9681B5A63}) (Version: 2.0.5324.0 - Microsoft Corporation)
    Microsoft Office Visio Professional 2003 (HKLM\...\{90510409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Plus! Digital Media Edition Installer (HKLM\...\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}) (Version: 1.1.0.3514 - Microsoft Corporation)
    Microsoft Plus! Photo Story 2 LE (HKLM\...\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}) (Version: 1.1.0.3463 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ) (HKLM\...\{E09B48B5-E141-427A-AB0C-D3605127224A}) (Version: 8.00.2039 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: 2.40 - BVRP Software)
    Move Media Player (HKU\S-1-5-21-4219563000-2888109555-913751894-1005\...\Move Media Player) (Version: - Move Networks)
    Mozilla Firefox 36.0 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0 (x86 en-US)) (Version: 36.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    Mozilla Thunderbird (1.5.0.12) (HKLM\...\Mozilla Thunderbird (1.5.0.12)) (Version: 1.5.0.12 (en-US) - Mozilla)
    MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Nero BurnRights 10 (HKLM\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10400.2.100 - Nero AG)
    Nero CoverDesigner 10 (HKLM\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.6.10600.4.100 - Nero AG)
    Nero DiscSpeed 10 (HKLM\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10500.1.100 - Nero AG)
    Nero Express 10 (HKLM\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10800.6.100 - Nero AG)
    Nero InfoTool 10 (HKLM\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10300.1.100 - Nero AG)
    Nero Kwik Media (HKLM\...\{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}) (Version: 1.6.16600.75.100 - Nero AG)
    Nero Multimedia Suite 10 Essentials (HKLM\...\{7D0A13FA-56BC-4755-8BAF-45A69BA6A5C8}) (Version: 10.0.10300 - Nero AG)
    Nero StartSmart 10 (HKLM\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10500.3.100 - Nero AG)
    NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.12 - BVRP Software, Inc)
    NexDef Plug-in (HKLM\...\Autobahn) (Version: - )
    Nikon Message Center (HKLM\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
    Nikon Transfer (HKLM\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.5.3 - Nikon)
    Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-4219563000-2888109555-913751894-1005\...\Octoshape add-in for Adobe Flash Player) (Version: - )
    OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
    PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 0.9.3 - Frank Heindörfer, Philip Chinery)
    PDFCreator Toolbar (HKLM\...\PDFCreator Toolbar) (Version: 3.0.0.0 - )
    Photomatix Pro version 3.2.9 (HKLM\...\PhotomatixPro3x32_is1) (Version: 3.2.9 - HDRsoft Sarl)
    Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    Picture Control Utility (HKLM\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.0.3 - Nikon)
    PsychCorpCenter (HKLM\...\InstallShield_{CEA790EA-8282-4AD8-9883-14E86DAAC2C2}) (Version: 3.3.3 - Pearson)
    PsychCorpCenter (Version: 3.3.3 - Pearson) Hidden
    PsychCorpCenter-II (HKLM\...\InstallShield_{BCF3A585-39F5-4F8D-BC2B-4DAE1EA0F06F}) (Version: 1.0.14 - Pearson)
    PsychCorpCenter-II (Version: 1.0.14 - Pearson) Hidden
    QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Rhapsody Player Engine (HKLM\...\{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}) (Version: 1.1.0 - RealNetworks)
    Roxio Backup MyPC (HKLM\...\{637099FB-45FD-4BC7-9651-6FB540DBB749}) (Version: 6.0.0 - Roxio)
    Roxio DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 5.2.0 - Roxio)
    Roxio Media Experience (HKLM\...\{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}) (Version: 3.5 - Roxio)
    Roxio MyDVD LE (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.6 - Roxio)
    Roxio RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.4 - Roxio)
    Roxio RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.4 - Roxio)
    Roxio RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.4 - Roxio)
    ScanTools Plus Link Runtime (HKLM\...\{265F31FE-5731-424E-8B55-E2E1F17E5F3E}) (Version: 7.0 - Pearson Assessments)
    ScanTools Plus Link Runtime (Version: 1.0 - Pearson NCS) Hidden
    SCRABBLE (HKLM\...\6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA) (Version: 09/20/2005 12:02 AM - WildTangent)
    Search Assist (HKLM\...\{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}) (Version: 1.00.0000 - Dell)
    Shutterfly Express Uploader (HKLM\...\com.Shutterfly.ExpressUploader) (Version: 1.2.0.0 - Shutterfly, Inc.)
    Shutterfly Express Uploader (Version: 1.2.0 - Shutterfly, Inc.) Hidden
    Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
    Sonic Advanced Decoder (HKLM\...\{46C73DE4-E96D-4F7C-8371-F28052183B12}) (Version: - )
    Sonic CinePlayer Decoder Pack (HKLM\...\{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}) (Version: 4.2.0 - Sonic Solutions)
    Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
    Sound Blaster Audigy ADVANCED MB (HKLM\...\{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}) (Version: 1.0 - )
    Sound Blaster Audigy ADVANCED MB Product Registration (HKLM\...\Sound Blaster Audigy ADVANCED MB Product Registration) (Version: - )
    Spotify (HKLM\...\Spotify) (Version: 0.5.2 - )
    Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
    SSH Secure Shell (HKLM\...\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}) (Version: - )
    StarUML 5.0.2.1570 (HKLM\...\StarUML_is1) (Version: - Plastic Software, Inc.)
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    URL Assistant (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version: - )
    Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin) (HKLM\...\MyPalsPlugin) (Version: - LeapFrog)
    VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0 - DivX, Inc) Hidden
    ViewNX (HKLM\...\{F007CBCE-D714-4C0B-8CE9-9B0D78116468}) (Version: 1.0.3 - Nikon)
    Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    Vz In Home Agent (HKLM\...\{FF0D5234-E7D8-41DA-9287-C89C3B045ADC}) (Version: 7.04.14 - Verizon)
    WD Drive Utilities (HKLM\...\{72E40002-8CEC-47C1-A099-83AC8E173BF0}) (Version: 1.0.3.3 - Western Digital Technologies, Inc.)
    WD Quick View (HKLM\...\{F181233F-67DF-4995-A159-EB81F2B5500B}) (Version: 2.4.0.39 - Western Digital Technologies, Inc.)
    WD Security (HKLM\...\{83270912-15C7-4336-822E-E8F1B1BBCA60}) (Version: 1.0.3.3 - Western Digital Technologies, Inc.)
    WD SmartWare (HKLM\...\{A24D2799-843D-4352-8D6C-B980833E9BBD}) (Version: 2.4.0.39 - Western Digital Technologies, Inc.)
    WD SmartWare Installer (HKLM\...\{9af08980-8d36-4304-a8d0-53dc0c7d93a5}) (Version: 2.4.0.39 - Western Digital Technologies, Inc.)
    WebCyberCoach 3.2 Dell (HKLM\...\WebCyberCoach_wtrb) (Version: - )
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    WIAT-III Scoring Assistant (HKLM\...\InstallShield_{C28CCFC3-68E4-4066-908B-8104AEDD207F}) (Version: 2.0.01 - Pearson)
    WIAT-III Scoring Assistant (Version: 2.0.01 - Pearson) Hidden
    Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
    Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
    Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0036.0 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
    Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
    WISC-IV Scoring Assistant (HKLM\...\InstallShield_{9182A4B3-CF11-43D2-BDCA-4FE418BD35BB}) (Version: 2.0.01 - The Psychological Corporation)
    WISC-IV Scoring Assistant (Version: 2.0.01 - The Psychological Corporation) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.21.135\psuser.dll No (the data entry has 5 more characters).
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{0713E8A8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.21.99\psuser.dll No (the data entry has 4 more characters).
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.21.57\psuser.dll No (the data entry has 4 more characters).
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.25.5\psuser.dll No F (the data entry has 3 more characters).
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{1995BE3C-B47D-11D0-A052-444553540000}\InprocServer32 -> C:\WINDOWS\system32\CommX.ocx (Greenleaf Software, Inc.)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.21.69\psuser.dll No (the data entry has 4 more characters).
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32 -> C:\WINDOWS\system32\mswinsck.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32 -> C:\WINDOWS\system32\mswinsck.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.2.183.39\goopdate.dll (the data entry has 7 more characters).
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.21.79\psuser.dll No (the data entry has 4 more characters).
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dll No F (the data entry has 3 more characters).
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{373FF7F4-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{386D1283-2E62-11D1-A052-444553540000}\InprocServer32 -> C:\WINDOWS\system32\CommX.ocx (Greenleaf Software, Inc.)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Google Talk Plugin\googletalkax.dll (Google)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{46345E81-69FB-11D1-9481-00A0247B7657}\InprocServer32 -> C:\WINDOWS\system32\CommX.ocx (Greenleaf Software, Inc.)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{576B8362-B743-11D0-A052-444553540000}\InprocServer32 -> C:\WINDOWS\system32\CommX.ocx (Greenleaf Software, Inc.)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{5ACBB955-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{5ACBB956-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{5DC9C941-73E7-11D1-9481-00A0247B7657}\InprocServer32 -> C:\WINDOWS\system32\CommX.ocx (Greenleaf Software, Inc.)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{612A8628-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.21.145\psuser.dll No (the data entry has 5 more characters).
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.21.123\psuser.dll No (the data entry has 5 more characters).
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{6B7E63A3-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.21.153\psuser.dll No (the data entry has 5 more characters).
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{7DA06D40-54A0-11CF-A521-0080C77A7786}\InprocServer32 -> C:\WINDOWS\system32\tabctl32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{897AE71E-350F-40CB-8AF0-0E647B5346E6}\InprocServer32 -> C:\Documents and Settings\All Users\Application Data\{28D73ACE-CB8D-415F-89D8-6048FCA7E5F6}\qwave.dll ()
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{8B3F8A21-B6D9-11D0-A052-444553540000}\InprocServer32 -> C:\WINDOWS\system32\CommX.ocx (Greenleaf Software, Inc.)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll No (the data entry has 4 more characters).
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.21.149\psuser.dll No (the data entry has 5 more characters).
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{9BE647A1-BC75-11D0-A052-444553540000}\InprocServer32 -> C:\WINDOWS\system32\CommX.ocx (Greenleaf Software, Inc.)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll No F (the data entry has 3 more characters).
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dll No (the data entry has 5 more characters).
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Google Talk Plugin\o1dax.dll (Google)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{AD848A76-F236-5EE2-819B-2BDE7ED40AE7}\InprocServer32 -> C:\Documents and Settings\Joe\Application Data\Catalina &#8211; Print Savings\npBcsKtTcHW.dll (Catalina Marketing Corporation)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{B66834C6-2E60-11CE-8748-524153480004}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}\InprocServer32 -> C:\WINDOWS\system32\tabctl32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.21.115\psuser.dll No (the data entry has 5 more characters).
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{C606CB41-51CB-11D1-A053-444553540000}\InprocServer32 -> C:\WINDOWS\system32\CommX.ocx (Greenleaf Software, Inc.)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll No (the data entry has 4 more characters).
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{D1034EC1-750B-11D1-9481-00A0247B7657}\InprocServer32 -> C:\WINDOWS\system32\CommX.ocx (Greenleaf Software, Inc.)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{D1034EC2-750B-11D1-9481-00A0247B7657}\InprocServer32 -> C:\WINDOWS\system32\CommX.ocx (Greenleaf Software, Inc.)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.21.65\psuser.dll No (the data entry has 4 more characters).
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\InprocServer32 -> C:\Documents and Settings\Joe\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\InprocServer32 -> C:\Documents and Settings\Joe\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dll No F (the data entry has 3 more characters).
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{F22F6CE5-F6CC-11D0-A052-00A0247B7657}\InprocServer32 -> C:\WINDOWS\system32\CommX.ocx (Greenleaf Software, Inc.)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.21.111\psuser.dll No (the data entry has 5 more characters).
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\InprocServer32 -> C:\Documents and Settings\Joe\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\InprocServer32 -> C:\Documents and Settings\Joe\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
    CustomCLSID: HKU\S-1-5-21-4219563000-2888109555-913751894-1005_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\1.3.24.7\psuser.dll No F (the data entry has 3 more characters).

    ==================== Restore Points =========================

    ATTENTION: System Restore is disabled.

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2004-08-11 16:00 - 2010-04-10 10:51 - 00386002 ___RA C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 www.10sek.com
    127.0.0.1 10sek.com
    127.0.0.1 www.123topsearch.com
    127.0.0.1 123topsearch.com
    127.0.0.1 www.132.com
    127.0.0.1 132.com
    127.0.0.1 www.136136.net
    127.0.0.1 136136.net
    127.0.0.1 www.163ns.com
    127.0.0.1 163ns.com
    127.0.0.1 171203.com
    127.0.0.1 17-plus.com

    There are 1000 more lines.


    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4219563000-2888109555-913751894-1005Core.job => C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4219563000-2888109555-913751894-1005UA.job => C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4219563000-2888109555-913751894-1005.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4219563000-2888109555-913751894-1005.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-4219563000-2888109555-913751894-1005.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-4219563000-2888109555-913751894-1005.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

    ==================== Loaded Modules (whitelisted) ==============

    2004-08-11 16:00 - 2014-02-05 03:55 - 00562688 _____ () C:\WINDOWS\system32\qedit.dll
    2004-08-11 16:00 - 2013-01-02 01:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
    2004-08-11 16:00 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
    2004-08-11 16:00 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
    2007-04-10 06:54 - 2007-04-10 06:54 - 00207608 _____ () C:\Program Files\Common Files\Sonic Shared\SonicHDDemuxer.dll
    2012-11-14 23:39 - 2012-10-04 19:50 - 00088688 _____ () C:\WINDOWS\system32\cpwmon2k.dll
    2006-09-04 23:37 - 2001-10-28 16:42 - 00116224 _____ () C:\WINDOWS\system32\pdfcmnnt.dll
    2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2006-07-28 07:47 - 2005-05-19 07:54 - 01345520 _____ () C:\WINDOWS\system32\CTMBHA.DLL
    2015-02-26 19:12 - 2015-02-26 19:12 - 00697884 _____ () C:\Documents and Settings\Joe\Local Settings\Temp\clclean.0001.dir.0029\~df394b.tmp
    2013-04-08 18:35 - 2013-04-08 18:35 - 00013312 _____ () C:\Program Files\CrashPlan\md5.dll
    2015-01-14 07:18 - 2015-01-14 07:18 - 00197120 _____ () C:\Program Files\CrashPlan\cpnative.dll
    2013-02-18 21:49 - 2013-02-18 21:49 - 00968880 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aawservice => ""="Service"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-4219563000-2888109555-913751894-1005\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Desktop Background.bmp
    DNS Servers: 192.168.1.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk => C:\WINDOWS\pss\Service Manager.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^Joe^Start Menu^Programs^Startup^NexDef Plug-in.lnk => C:\WINDOWS\pss\NexDef Plug-in.lnkStartup
    MSCONFIG\startupfolder: C:^Documents and Settings^Joe^Start Menu^Programs^Startup^Nikon Monitor.lnk => C:\WINDOWS\pss\Nikon Monitor.lnkStartup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Aim6 =>
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: ATIPTA => "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    MSCONFIG\startupreg: Creative Detector => "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
    MSCONFIG\startupreg: DellSupport => "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    MSCONFIG\startupreg: DLA => C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    MSCONFIG\startupreg: DMXLauncher => "C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe"
    MSCONFIG\startupreg: dscactivate => "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    MSCONFIG\startupreg: ECenter => "c:\dell\E-Center\gtb.exe"
    MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Joe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    MSCONFIG\startupreg: HPDJ Taskbar Utility => C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    MSCONFIG\startupreg: IAAnotif => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    MSCONFIG\startupreg: IJNetworkScanUtility => C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    MSCONFIG\startupreg: ISUSPM => "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
    MSCONFIG\startupreg: ISUSPM Startup => "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: Monitor => "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
    MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
    MSCONFIG\startupreg: Nikon Transfer Monitor => C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
    MSCONFIG\startupreg: SetDefaultMIDI => MIDIDef.exe
    MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    MSCONFIG\startupreg: VoiceCenter => "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
    MSCONFIG\startupreg: WD Drive Unlocker => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
    MSCONFIG\startupreg: WD Quick View => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe

    ==================== Accounts: =============================

    Administrator (S-1-5-21-4219563000-2888109555-913751894-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
    ASPNET (S-1-5-21-4219563000-2888109555-913751894-1007 - Limited - Enabled)
    Guest (S-1-5-21-4219563000-2888109555-913751894-501 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Guest
    HelpAssistant (S-1-5-21-4219563000-2888109555-913751894-1004 - Limited - Disabled)
    Joe (S-1-5-21-4219563000-2888109555-913751894-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Joe
    SUPPORT_388945a0 (S-1-5-21-4219563000-2888109555-913751894-1002 - Limited - Disabled)

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/27/2015 05:00:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 78112313

    Error: (02/27/2015 05:00:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 78112313

    Error: (02/27/2015 05:00:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (02/24/2015 11:05:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 6903859

    Error: (02/24/2015 11:05:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 6903859

    Error: (02/24/2015 11:05:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (02/24/2015 11:05:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 6888469

    Error: (02/24/2015 11:05:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 6888469

    Error: (02/24/2015 11:05:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (02/24/2015 09:10:38 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: WDBackupEngine.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.AggregateException
    Stack:
    at System.Threading.Tasks.TaskExceptionHolder.Finalize()


    System errors:
    =============
    Error: (02/27/2015 05:17:13 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The AVGIDSAgent service terminated with service-specific error 3758213661 (0xE001CA1D).

    Error: (02/27/2015 05:17:02 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The AVGIDSAgent service terminated with service-specific error 3758213661 (0xE001CA1D).

    Error: (02/27/2015 05:16:52 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The AVGIDSAgent service terminated with service-specific error 3758213661 (0xE001CA1D).

    Error: (02/27/2015 05:16:50 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The AVGIDSAgent service terminated with service-specific error 3758213661 (0xE001CA1D).

    Error: (02/27/2015 05:16:40 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The AVGIDSAgent service terminated with service-specific error 3758213661 (0xE001CA1D).

    Error: (02/27/2015 05:16:30 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The AVGIDSAgent service terminated with service-specific error 3758213661 (0xE001CA1D).

    Error: (02/27/2015 05:16:19 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The AVGIDSAgent service terminated with service-specific error 3758213661 (0xE001CA1D).

    Error: (02/27/2015 05:16:09 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The AVGIDSAgent service terminated with service-specific error 3758213661 (0xE001CA1D).

    Error: (02/27/2015 05:15:59 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The AVGIDSAgent service terminated with service-specific error 3758213661 (0xE001CA1D).

    Error: (02/27/2015 05:15:48 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The AVGIDSAgent service terminated with service-specific error 3758213661 (0xE001CA1D).


    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Processor: Intel(R) Pentium(R) D CPU 3.20GHz
    Percentage of memory in use: 49%
    Total physical RAM: 2046.07 MB
    Available physical RAM: 1024.75 MB
    Total Pagefile: 3937.75 MB
    Available Pagefile: 2674.29 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1911.91 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:108.57 GB) (Free:69.6 GB) NTFS ==>[Drive with boot components (Windows XP)]
    Drive d: (Local Disk 2) (Fixed) (Total:37.05 GB) (Free:36.95 GB) NTFS
    Drive g: (My Passport) (Fixed) (Total:931.48 GB) (Free:812.57 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 149 GB) (Disk ID: 41AB2316)
    Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
    Partition 2: (Active) - (Size=108.6 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=37 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=3.3 GB) - (Type=DB)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00023F15)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  5. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Thanks for the logs, continue as follows:

    Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
    NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

    Next,

    1.Download Malwarebytes Anti-Rootkit from this link:

    http://www.malwarebytes.org/products/mbar/

    2. Unzip the File to a convenient location. (Recommend the Desktop)
    3. Open the folder where the contents were unzipped to run mbar.exe

    [​IMG]

    4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

    [​IMG]

    5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

    6. The following image opens, select Next.

    [​IMG]

    7. The following image opens, select Update

    [​IMG]

    8. When the update completes select Next.

    [​IMG]

    9. In the following window ensure "Targets" are ticked. Then select "Scan"

    [​IMG]

    10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.

    [​IMG]

    11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.
    12. If no threats were found you will see the following image, Select Exit:

    [​IMG]

    13. Verify that your system is now running normally, making sure that the following items are functional:

    • Internet access
    • Windows Update
    • Windows Firewall

    14. If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

    15. Select "Y" from your Keyboard, tap Enter.

    16. The fix will be applied, select any key to Exit.

    17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

    System - log
    Mbar - log Date and time of scan will also be shown

    Thanks,

    Kevin...
     

    Attached Files:

  6. jtsj1

    jtsj1 Thread Starter

    Joined:
    Feb 24, 2015
    Messages:
    6
    Thanks, that seems to have done the trick. Everything seems back to normal now -- AVG is running, and the excessive slowness has gone away. Internet access, Windows Update and Windows Firewall are all operating normally.



    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.09.1.1004

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    Java version: 1.6.0_21

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, G:\ DRIVE_FIXED
    CPU speed: 3.192000 GHz
    Memory total: 2145456128, free: 1187418112

    Downloaded database version: v2015.02.27.08
    Downloaded database version: v2015.02.25.01
    Downloaded database version: v2014.12.06.01
    =======================================
    Initializing...
    ------------ Kernel report ------------
    02/27/2015 19:51:50
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntkrnlpa.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    ACPI.sys
    \WINDOWS\system32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    pciide.sys
    \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    MountMgr.sys
    ftdisk.sys
    dmload.sys
    dmio.sys
    PartMgr.sys
    VolSnap.sys
    atapi.sys
    iastor.sys
    disk.sys
    \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    fltmgr.sys
    DRVMCDB.SYS
    PxHelp20.sys
    KSecDD.sys
    Ntfs.sys
    NDIS.sys
    Mup.sys
    avgrkx86.sys
    avglogx.sys
    avgmfx86.sys
    avgidshx.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\ati2mtag.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\HSF_DP.sys
    \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
    \SystemRoot\System32\Drivers\Modem.SYS
    \SystemRoot\system32\DRIVERS\e100b325.sys
    \SystemRoot\system32\DRIVERS\imapi.sys
    \SystemRoot\System32\Drivers\DLACDBHM.SYS
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\redbook.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\serscan.sys
    \SystemRoot\system32\DRIVERS\audstub.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\psched.sys
    \SystemRoot\system32\DRIVERS\msgpc.sys
    \SystemRoot\system32\DRIVERS\ptilink.sys
    \SystemRoot\system32\DRIVERS\raspti.sys
    \SystemRoot\system32\DRIVERS\rdpdr.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\update.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\drivers\windrvr6.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\sthda.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\sigfilt.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\drivers\MODEMCSA.sys
    \SystemRoot\System32\Drivers\i2omgmt.SYS
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\Drivers\DLARTL_N.SYS
    \??\C:\WINDOWS\system32\drivers\avgtpx86.sys
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \SystemRoot\system32\DRIVERS\tcpip.sys
    \SystemRoot\system32\DRIVERS\avgtdix.sys
    \SystemRoot\system32\DRIVERS\ipnat.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\netbt.sys
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\System32\Drivers\Fips.SYS
    \SystemRoot\system32\DRIVERS\avgldx86.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\wdcsam.sys
    \SystemRoot\system32\DRIVERS\usbscan.sys
    \SystemRoot\system32\DRIVERS\usbprint.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\avgidsshimx.sys
    \SystemRoot\system32\DRIVERS\avgidsdriverlx.sys
    \SystemRoot\system32\DRIVERS\avgdiskx.sys
    \SystemRoot\System32\Drivers\Cdfs.SYS
    \SystemRoot\System32\Drivers\dump_iastor.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\ati2dvag.dll
    \SystemRoot\System32\ati2cqag.dll
    \SystemRoot\System32\atikvmag.dll
    \SystemRoot\System32\ati3duag.dll
    \SystemRoot\System32\ativvaxx.dll
    \SystemRoot\System32\Drivers\DRVNDDM.SYS
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\System32\DLA\DLADResN.SYS
    \SystemRoot\System32\DLA\DLAIFS_M.SYS
    \SystemRoot\System32\DLA\DLAOPIOM.SYS
    \SystemRoot\System32\DLA\DLAPoolM.SYS
    \SystemRoot\System32\DLA\DLABOIOM.SYS
    \SystemRoot\System32\DLA\DLAUDFAM.SYS
    \SystemRoot\System32\DLA\DLAUDF_M.SYS
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\system32\drivers\ctusfsyn.sys
    \SystemRoot\system32\DRIVERS\ctoss2k.sys
    \SystemRoot\system32\DRIVERS\ctsfm2k.sys
    \SystemRoot\system32\DRIVERS\mrxdav.sys
    \SystemRoot\System32\Drivers\GIVEIO.SYS
    \SystemRoot\System32\Drivers\VICHW11.SYS
    \SystemRoot\system32\DRIVERS\dsunidrv.sys
    \SystemRoot\system32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    \SystemRoot\System32\Drivers\PEDRV.SYS
    \??\C:\WINDOWS\system32\drivers\PfModNT.sys
    \SystemRoot\System32\Drivers\HTTP.sys
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
    \WINDOWS\system32\ntdll.dll
    ----------- End -----------
    Done!

    Scan started
    Database versions:
    main: v2015.02.27.08
    rootkit: v2015.02.25.01

    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff8a7c3ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8a7bb908, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8a7c3ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8a7a3030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iastor\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 41AB2316

    Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 112392

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 112455 Numsec = 227689245
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 227801700 Numsec = 77690340

    Partition 3 type is Other (0xdb)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 305492040 Numsec = 6988275

    Disk Size: 159996968960 bytes
    Sector size: 512 bytes

    Done!
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xffffffff8975eab8, DeviceName: \Device\Harddisk1\DR5\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff89d277a8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8975eab8, DeviceName: \Device\Harddisk1\DR5\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff897d34f0, DeviceName: \Device\00000067\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk1\DR5\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 23F15

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 1953456128

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 1000170586112 bytes
    Sector size: 512 bytes

    Done!
    Physical Sector Size: 0
    Drive: 2, DevicePointer: 0xffffffff8965f030, DeviceName: \Device\Harddisk2\DR7\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff897d8728, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8965f030, DeviceName: \Device\Harddisk2\DR7\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff89622c40, DeviceName: Unknown, DriverName: \Driver\DRVMCDB\
    DevicePointer: 0xffffffff89660c10, DeviceName: \Device\0000006e\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    File "c:\documents and settings\all users\application data\avg2015\chjw\4e1aea7b1aea6007.dat:135d0834-34fd-4e2e-9ff9-ae58c7b55d0b" is sparse (flags = 32768)
    File "c:\documents and settings\all users\application data\avg2015\chjw\4e1aea7b1aea6007.dat:d03d3c2d-9928-4401-ae51-887a72415f63" is sparse (flags = 32768)
    File "c:\documents and settings\all users\application data\avg2015\chjw\9c206d0a206ceca8.dat:b2914d43-13f8-423c-8afa-833844a22974" is sparse (flags = 32768)
    File "c:\documents and settings\all users\application data\avg2015\chjw\b0241ff7241fbef2.dat:097e5c69-89dc-4861-82c3-cb4ff3383378" is sparse (flags = 32768)
    Infected: C:\Documents and Settings\Joe\Local Settings\Application Data\svcxdcl32.dat --> [Trojan.Agent]
    Scan finished
    Creating System Restore point...
    Could not create restore point...
    Cleaning up...
    Removal successful. No system shutdown is required.
    =======================================


    Removal queue found; removal started
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-1-112455-i.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
    Removal finished
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.09.1.1004

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    Java version: 1.6.0_21

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, G:\ DRIVE_FIXED
    CPU speed: 3.192000 GHz
    Memory total: 2145456128, free: 929271808

    Downloaded database version: v2015.02.28.01
    Initializing...
    ======================
    ------------ Kernel report ------------
    02/27/2015 22:21:11
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntkrnlpa.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    ACPI.sys
    \WINDOWS\system32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    pciide.sys
    \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    MountMgr.sys
    ftdisk.sys
    dmload.sys
    dmio.sys
    PartMgr.sys
    VolSnap.sys
    atapi.sys
    iastor.sys
    disk.sys
    \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    fltmgr.sys
    DRVMCDB.SYS
    PxHelp20.sys
    KSecDD.sys
    Ntfs.sys
    NDIS.sys
    Mup.sys
    avgrkx86.sys
    avglogx.sys
    avgmfx86.sys
    avgidshx.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\ati2mtag.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\HSF_DP.sys
    \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
    \SystemRoot\System32\Drivers\Modem.SYS
    \SystemRoot\system32\DRIVERS\e100b325.sys
    \SystemRoot\system32\DRIVERS\imapi.sys
    \SystemRoot\System32\Drivers\DLACDBHM.SYS
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\redbook.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\serscan.sys
    \SystemRoot\system32\DRIVERS\audstub.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\psched.sys
    \SystemRoot\system32\DRIVERS\msgpc.sys
    \SystemRoot\system32\DRIVERS\ptilink.sys
    \SystemRoot\system32\DRIVERS\raspti.sys
    \SystemRoot\system32\DRIVERS\rdpdr.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\update.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\drivers\windrvr6.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\sthda.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\sigfilt.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\drivers\MODEMCSA.sys
    \SystemRoot\System32\Drivers\i2omgmt.SYS
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\Drivers\DLARTL_N.SYS
    \??\C:\WINDOWS\system32\drivers\avgtpx86.sys
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \SystemRoot\system32\DRIVERS\tcpip.sys
    \SystemRoot\system32\DRIVERS\avgtdix.sys
    \SystemRoot\system32\DRIVERS\ipnat.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\system32\DRIVERS\netbt.sys
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\System32\Drivers\Fips.SYS
    \SystemRoot\system32\DRIVERS\avgldx86.sys
    \SystemRoot\system32\DRIVERS\wdcsam.sys
    \SystemRoot\system32\DRIVERS\usbscan.sys
    \SystemRoot\system32\DRIVERS\usbprint.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\avgidsshimx.sys
    \SystemRoot\system32\DRIVERS\avgidsdriverlx.sys
    \SystemRoot\system32\DRIVERS\avgdiskx.sys
    \SystemRoot\System32\Drivers\Cdfs.SYS
    \SystemRoot\System32\Drivers\dump_iastor.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\ati2dvag.dll
    \SystemRoot\System32\ati2cqag.dll
    \SystemRoot\System32\atikvmag.dll
    \SystemRoot\System32\ati3duag.dll
    \SystemRoot\System32\ativvaxx.dll
    \SystemRoot\System32\Drivers\DRVNDDM.SYS
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\System32\DLA\DLADResN.SYS
    \SystemRoot\System32\DLA\DLAIFS_M.SYS
    \SystemRoot\System32\DLA\DLAOPIOM.SYS
    \SystemRoot\System32\DLA\DLAPoolM.SYS
    \SystemRoot\System32\DLA\DLABOIOM.SYS
    \SystemRoot\System32\DLA\DLAUDFAM.SYS
    \SystemRoot\System32\DLA\DLAUDF_M.SYS
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\system32\drivers\ctusfsyn.sys
    \SystemRoot\system32\DRIVERS\ctoss2k.sys
    \SystemRoot\system32\DRIVERS\ctsfm2k.sys
    \SystemRoot\system32\DRIVERS\mrxdav.sys
    \SystemRoot\System32\Drivers\GIVEIO.SYS
    \SystemRoot\System32\Drivers\VICHW11.SYS
    \SystemRoot\system32\DRIVERS\dsunidrv.sys
    \SystemRoot\system32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    \SystemRoot\System32\Drivers\PEDRV.SYS
    \??\C:\WINDOWS\system32\drivers\PfModNT.sys
    \SystemRoot\System32\Drivers\HTTP.sys
    \SystemRoot\system32\drivers\kmixer.sys
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
    \WINDOWS\system32\ntdll.dll
    ----------- End -----------
    Done!

    Scan started
    Database versions:
    main: v2015.02.28.01
    rootkit: v2015.02.25.01

    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff8a7d4ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8a7aa908, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8a7d4ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8a7c2030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iastor\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 41AB2316

    Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 112392

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 112455 Numsec = 227689245
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 227801700 Numsec = 77690340

    Partition 3 type is Other (0xdb)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 305492040 Numsec = 6988275

    Disk Size: 159996968960 bytes
    Sector size: 512 bytes

    Done!
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xffffffff89719030, DeviceName: \Device\Harddisk1\DR5\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8952a020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff89719030, DeviceName: \Device\Harddisk1\DR5\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff899e9a30, DeviceName: \Device\00000067\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk1\DR5\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 23F15

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 1953456128

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 1000170586112 bytes
    Sector size: 512 bytes

    Done!
    Physical Sector Size: 0
    Drive: 2, DevicePointer: 0xffffffff89a112d8, DeviceName: \Device\Harddisk2\DR7\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff89670020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff89a112d8, DeviceName: \Device\Harddisk2\DR7\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff89680d38, DeviceName: Unknown, DriverName: \Driver\DRVMCDB\
    DevicePointer: 0xffffffff898449c0, DeviceName: \Device\0000006e\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    File "c:\documents and settings\all users\application data\avg2015\chjw\4e1aea7b1aea6007.dat:c276c343-3403-4f25-97c6-667463d20b3d" is sparse (flags = 32768)
    File "c:\documents and settings\all users\application data\avg2015\chjw\9c206d0a206ceca8.dat:b2914d43-13f8-423c-8afa-833844a22974" is sparse (flags = 32768)
    File "c:\documents and settings\all users\application data\avg2015\chjw\b0241ff7241fbef2.dat:097e5c69-89dc-4861-82c3-cb4ff3383378" is sparse (flags = 32768)
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-1-112455-i.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
    Removal finished



    Malwarebytes Anti-Rootkit BETA 1.09.1.1004
    www.malwarebytes.org

    Database version:
    main: v2015.02.27.08
    rootkit: v2015.02.25.01

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Joe :: DESKTOP [administrator]

    2/27/2015 7:52:42 PM
    mbar-log-2015-02-27 (19-52-42).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 419956
    Time elapsed: 36 minute(s), 59 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Documents and Settings\Joe\Local Settings\Application Data\svcxdcl32.dat (Trojan.Agent) -> Delete on reboot. [bdb7e0437416ed4925a5507a966d5ca4]

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)



    Malwarebytes Anti-Rootkit BETA 1.09.1.1004
    www.malwarebytes.org

    Database version:
    main: v2015.02.28.01
    rootkit: v2015.02.25.01

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Joe :: DESKTOP [administrator]

    2/27/2015 10:22:03 PM
    mbar-log-2015-02-27 (22-22-03).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 419896
    Time elapsed: 28 minute(s), 13 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Can I see the log from FRST fix, it will have saved to the same folder as FRST.exe. Also run the following:

    Download Security Check by screen317 from either of the following:

    Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop
    Ensure to get the correct version for your system....
    32 Bit version:
    https://www.microsoft.com/downloads...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
    64 Bit version:
    https://www.microsoft.com/downloads...DE-367F-495E-94E7-6349F4EFFC74&displaylang=en

    Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
    In the "Scan Type" window, select Quick Scan
    Perform a scan and Click Finish when the scan is done.
    Retrieve the MSRT log as follows, and post it in your next reply:

    1) Select the Windows key and R key together to open the "Run" function
    2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

    notepad c:\windows\debug\mrt.log

    Next,

    http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

    Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)
    Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...

    Let me see those logs,

    Kevin...
     
  8. jtsj1

    jtsj1 Thread Starter

    Joined:
    Feb 24, 2015
    Messages:
    6
    Sorry about that, here are the logs from FRST Fix, as well as MRST and Security Check:



    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 25-02-2015 01
    Ran by Joe at 2015-02-27 19:15:53 Run:1
    Running from C:\Documents and Settings\Joe\Desktop
    Loaded Profiles: Joe (Available profiles: Joe & Administrator & Guest)
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    start
    HKLM\...\Run: [{adf164a7-59bb-e7d8-5562-7f518844447e}] => C:\Documents and Settings\All Users\Application Data\Microsoft\{adf164a7-59bb-e7d8-5562-7f518844447e}\{adf164a7-59bb-e7d8-5562-7f518844447e}.exe [376872 2015-02-22] ()
    C:\Documents and Settings\All Users\Application Data\Microsoft\{adf164a7-59bb-e7d8-5562-7f518844447e}\{adf164a7-59bb-e7d8-5562-7f518844447e}.exe
    HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files\Lavasoft <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files\AVG\ <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
    HKLM\...\Policies\Explorer\Run: [{adf164a7-59bb-e7d8-5562-7f518844447e}] => C:\Documents and Settings\All Users\Application Data\Microsoft\{adf164a7-59bb-e7d8-5562-7f518844447e}\{adf164a7-59bb-e7d8-5562-7f518844447e}.exe [376872 2015-02-22] ( ())
    HKLM\...\Policies\Explorer: [NoCDBurning] 0
    HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
    HKU\S-1-5-21-4219563000-2888109555-913751894-1005\...\Run: [jnmitra] => rundll32 "C:\Documents and Settings\Joe\Local Settings\Application Data\jnmitra.dll",jnmitra
    C:\Documents and Settings\Joe\Local Settings\Application Data\jnmitra.dll
    HKU\S-1-5-21-4219563000-2888109555-913751894-1005\...\Run: [kidrahb] => rundll32 "C:\Documents and Settings\Joe\Local Settings\Application Data\kidrahb.dll",kidrahb
    C:\Documents and Settings\Joe\Local Settings\Application Data\kidrahb.dll
    HKU\S-1-5-21-4219563000-2888109555-913751894-1005\...\MountPoints2: {fbeb716b-5787-11de-bd8f-001372e23ff8} - F:\LaunchU3.exe
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npbittorrent.dll (BitTorrent, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
    S3 bvrp_pci; No ImagePath
    S3 VPROEVENTMONITOR; \??\C:\WINDOWS\system32\drivers\VProEventMonitor.sys [X]
    S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
    U1 WS2IFSL; No ImagePath
    S0 xtkc; System32\drivers\ykqe.sys [X]
    C:\Documents and Settings\Joe\Application Data\qmYz10vp8n.exe
    C:\Documents and Settings\Joe\Local Settings\Temp\235bacf7ee826d.exe
    C:\Documents and Settings\Joe\Local Settings\Temp\avguidx.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\Bootstrapper.exe
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperARA.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperARU.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperCHS.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperCHT.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperCSY.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperDAN.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperDEU.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperELL.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperENU.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperESN.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperESP.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperFIN.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperFRA.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperHEB.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperHRV.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperHUN.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperITA.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperJPN.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperKOR.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperLOC.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperNLD.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperNOR.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperPLK.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperPTB.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperPTG.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperRUS.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperSKY.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperSLV.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperSVE.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperTHA.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperTRK.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperUKR.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\CommonInstaller.exe
    C:\Documents and Settings\Joe\Local Settings\Temp\converter.exe
    C:\Documents and Settings\Joe\Local Settings\Temp\dotNetFx40_Client_setup.exe
    C:\Documents and Settings\Joe\Local Settings\Temp\Garmin.Cartography.DeviceInteraction.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\GarminMapUpdater.exe
    C:\Documents and Settings\Joe\Local Settings\Temp\GpsImgWrapper.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\iGearedHelper.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\Interop.IWshRuntimeLibrary.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\jre-6u19-windows-i586-iftw-rv.exe
    C:\Documents and Settings\Joe\Local Settings\Temp\jre-6u20-windows-i586-iftw-rv.exe
    C:\Documents and Settings\Joe\Local Settings\Temp\jre-6u21-windows-i586-iftw-rv.exe
    C:\Documents and Settings\Joe\Local Settings\Temp\lowproc.exe
    C:\Documents and Settings\Joe\Local Settings\Temp\MachineIdCreator.exe
    C:\Documents and Settings\Joe\Local Settings\Temp\mfc100.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\msvcp100.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\msvcr100.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\MyDownloader.Core.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\rad1703D.tmp.exe
    C:\Documents and Settings\Joe\Local Settings\Temp\rad6D64D.tmp.exe
    C:\Documents and Settings\Joe\Local Settings\Temp\radA8893.tmp.exe
    C:\Documents and Settings\Joe\Local Settings\Temp\radBF40D.tmp.exe
    C:\Documents and Settings\Joe\Local Settings\Temp\radC7CCF.tmp.exe
    C:\Documents and Settings\Joe\Local Settings\Temp\rnsetup0.exe
    C:\Documents and Settings\Joe\Local Settings\Temp\stubhelper.dll
    C:\Documents and Settings\Joe\Local Settings\Temp\tmpCC9(1).exe
    C:\Documents and Settings\Joe\Local Settings\Temp\ToolbarInstaller.exe
    C:\Documents and Settings\Joe\Local Settings\Temp\usb_lib.dll
    EmptyTemp:
    end



    *****************

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\{adf164a7-59bb-e7d8-5562-7f518844447e} => value deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Microsoft\{adf164a7-59bb-e7d8-5562-7f518844447e}\{adf164a7-59bb-e7d8-5562-7f518844447e}.exe => Moved successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{adf164a7-59bb-e7d8-5562-7f518844447e} => value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoCDBurning => value deleted successfully.
    "HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore" => Key deleted successfully.
    HKU\S-1-5-21-4219563000-2888109555-913751894-1005\Software\Microsoft\Windows\CurrentVersion\Run\\jnmitra => value deleted successfully.
    "C:\Documents and Settings\Joe\Local Settings\Application Data\jnmitra.dll" => File/Directory not found.
    HKU\S-1-5-21-4219563000-2888109555-913751894-1005\Software\Microsoft\Windows\CurrentVersion\Run\\kidrahb => value deleted successfully.
    "C:\Documents and Settings\Joe\Local Settings\Application Data\kidrahb.dll" => File/Directory not found.
    "HKU\S-1-5-21-4219563000-2888109555-913751894-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fbeb716b-5787-11de-bd8f-001372e23ff8}" => Key deleted successfully.
    HKCR\CLSID\{fbeb716b-5787-11de-bd8f-001372e23ff8} => Key not found.
    C:\Program Files\mozilla firefox\plugins\npbittorrent.dll => Moved successfully.
    C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll => Moved successfully.
    C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll => Moved successfully.
    bvrp_pci => Service deleted successfully.
    VPROEVENTMONITOR => Service deleted successfully.
    wanatw => Service deleted successfully.
    WS2IFSL => Service deleted successfully.
    xtkc => Service deleted successfully.
    C:\Documents and Settings\Joe\Application Data\qmYz10vp8n.exe => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\235bacf7ee826d.exe => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\avguidx.dll => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\Bootstrapper.exe => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperARA.dll => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperARU.dll => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperCHS.dll => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperCHT.dll => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperCSY.dll => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperDAN.dll => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperDEU.dll => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperELL.dll => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperENU.dll => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperESN.dll => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperESP.dll => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperFIN.dll => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperFRA.dll => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperHEB.dll => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperHRV.dll => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperHUN.dll => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperITA.dll => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperJPN.dll => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperKOR.dll => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperLOC.dll => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperNLD.dll => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperNOR.dll => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperPLK.dll => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperPTB.dll => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperPTG.dll => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperRUS.dll => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperSKY.dll => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperSLV.dll => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperSVE.dll => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperTHA.dll => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperTRK.dll => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\BootstrapperUKR.dll => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\CommonInstaller.exe => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\converter.exe => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\dotNetFx40_Client_setup.exe => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\Garmin.Cartography.DeviceInteraction.dll => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\GarminMapUpdater.exe => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\GpsImgWrapper.dll => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\iGearedHelper.dll => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\Interop.IWshRuntimeLibrary.dll => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\jre-6u19-windows-i586-iftw-rv.exe => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\jre-6u20-windows-i586-iftw-rv.exe => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\jre-6u21-windows-i586-iftw-rv.exe => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\lowproc.exe => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\MachineIdCreator.exe => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\mfc100.dll => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\msvcp100.dll => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\msvcr100.dll => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\MyDownloader.Core.dll => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\rad1703D.tmp.exe => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\rad6D64D.tmp.exe => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\radA8893.tmp.exe => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\radBF40D.tmp.exe => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\radC7CCF.tmp.exe => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\rnsetup0.exe => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\stubhelper.dll => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\tmpCC9(1).exe => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\ToolbarInstaller.exe => Moved successfully.
    C:\Documents and Settings\Joe\Local Settings\Temp\usb_lib.dll => Moved successfully.
    EmptyTemp: => Removed 4.8 GB temporary data.


    The system needed a reboot.

    ==== End of Fixlog 19:22:25 ====




    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v1.19, August 2006
    Started On Wed Aug 30 02:09:10 2006

    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 30 02:09:27 2006


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v1.20, September 2006
    Started On Wed Sep 13 18:10:33 2006

    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 13 18:10:47 2006


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v1.21, October 2006
    Started On Sat Oct 14 04:01:14 2006

    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Sat Oct 14 04:01:30 2006


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v1.22, November 2006
    Started On Sat Nov 18 01:58:35 2006

    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Sat Nov 18 01:58:52 2006


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v1.23, December 2006
    Started On Wed Dec 13 02:33:43 2006

    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Dec 13 02:33:58 2006


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v1.24, January 2007
    Started On Sat Jan 13 05:07:48 2007

    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Sat Jan 13 05:08:00 2007


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v1.24, January 2007
    Started On Sun Jan 14 22:28:11 2007

    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Sun Jan 14 22:28:29 2007


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v1.25, February 2007
    Started On Thu Feb 15 04:02:06 2007

    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 15 04:02:21 2007


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v1.27, March 2007
    Started On Fri Mar 16 04:02:18 2007

    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Fri Mar 16 04:02:39 2007


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v1.28, April 2007
    Started On Fri Apr 13 04:01:33 2007

    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Fri Apr 13 04:01:53 2007


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v1.29, May 2007
    Started On Tue May 08 19:32:13 2007
    ->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000B (11))
    ->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000B (11))

    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Tue May 08 19:33:11 2007


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v1.30, June 2007
    Started On Wed Jun 13 19:52:33 2007
    ->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000B (11))
    ->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000B (11))

    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Jun 13 19:53:31 2007


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v1.31, July 2007
    Started On Thu Jul 12 18:18:27 2007
    ->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000B (11))
    ->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000B (11))

    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Jul 12 18:19:30 2007


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v1.32, August 2007
    Started On Wed Aug 15 04:01:48 2007
    ->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000B (11))
    ->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000B (11))

    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 15 04:02:39 2007


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v1.33, September 2007
    Started On Tue Sep 11 23:11:43 2007
    ->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000B (11))
    ->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000B (11))

    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Tue Sep 11 23:12:38 2007


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v1.34, October 2007
    Started On Wed Oct 10 04:01:40 2007
    ->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))
    ->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))

    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 10 04:02:42 2007


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v1.35, November 2007
    Started On Wed Nov 14 04:00:40 2007
    ->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))
    ->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))

    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Nov 14 04:01:43 2007


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v1.36, December 2007
    Started On Thu Dec 13 04:02:16 2007
    ->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))
    ->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))

    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Dec 13 04:03:22 2007


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v1.37, January 2008
    Started On Wed Jan 09 04:00:55 2008
    ->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))
    ->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))

    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Jan 09 04:02:00 2008


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v1.38, February 2008
    Started On Sat Feb 16 11:11:17 2008
    ->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))
    ->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))

    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Sat Feb 16 11:12:20 2008


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v1.39, March 2008
    Started On Thu Mar 13 04:01:26 2008
    ->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))
    ->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))

    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Mar 13 04:02:43 2008


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v1.40, April 2008
    Started On Wed Apr 09 04:00:56 2008
    ->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))
    ->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))

    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 09 04:02:15 2008


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v1.41, May 2008
    Started On Fri May 16 20:02:45 2008
    ->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))
    ->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))

    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Fri May 16 20:03:46 2008


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v1.42, June 2008
    Started On Wed Jun 11 04:01:36 2008
    ->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))
    ->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))

    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Jun 11 04:02:44 2008


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v2.0, July 2008
    Started On Thu Jul 10 21:46:58 2008

    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Jul 10 21:48:02 2008


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v2.1, August 2008
    Started On Wed Aug 13 04:04:36 2008

    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 13 04:05:39 2008


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v2.2, September 2008
    Started On Wed Sep 10 04:04:04 2008

    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 10 04:05:15 2008


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v2.3, October 2008
    Started On Wed Oct 15 04:01:09 2008

    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 15 04:02:28 2008


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v2.4, November 2008
    Started On Thu Nov 13 04:03:50 2008

    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Nov 13 04:05:13 2008


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v2.5, December 2008
    Started On Fri Dec 12 04:02:44 2008

    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Fri Dec 12 04:04:25 2008


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v2.6, January 2009
    Started On Wed Jan 14 04:00:27 2009

    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Jan 14 04:01:58 2009


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v2.7, February 2009
    Started On Wed Feb 11 18:14:19 2009

    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 11 18:15:55 2009


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v2.8, March 2009
    Started On Sun Mar 15 04:00:20 2009

    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Sun Mar 15 04:01:48 2009


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v2.9, April 2009
    Started On Tue Apr 14 21:13:03 2009
    Security policy adjusted. Engine requests reboot and try again, ignoring.->Scan ERROR: resource process://pid:2580 (code 0x00000057 (87))
    ->Scan ERROR: resource process://pid:3136 (code 0x00000057 (87))

    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Tue Apr 14 21:14:45 2009


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v2.10, May 2009
    Started On Thu May 14 04:00:30 2009
    WARNING: Security policy doesn't allow for all actions MSRT may require.
    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 04:02:04 2009


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v2.11, June 2009
    Started On Thu Jun 11 04:02:11 2009
    WARNING: Security policy doesn't allow for all actions MSRT may require.
    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Jun 11 04:03:56 2009


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v2.11, June 2009
    Started On Thu Jun 25 23:29:23 2009
    WARNING: Security policy doesn't allow for all actions MSRT may require.
    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Jun 25 23:31:18 2009


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v2.12, July 2009
    Started On Wed Jul 15 04:00:42 2009
    WARNING: Security policy doesn't allow for all actions MSRT may require.
    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Jul 15 04:02:27 2009


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v2.13, August 2009
    Started On Wed Aug 12 23:13:25 2009
    WARNING: Security policy doesn't allow for all actions MSRT may require.
    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 12 23:15:09 2009


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v2.14, September 2009
    Started On Tue Sep 08 17:08:58 2009
    WARNING: Security policy doesn't allow for all actions MSRT may require.
    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Tue Sep 08 17:11:29 2009


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v3.0, October 2009
    Started On Thu Oct 15 04:04:25 2009
    WARNING: Security policy doesn't allow for all actions MSRT may require.
    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 15 04:06:41 2009


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v3.1, November 2009
    Started On Wed Nov 11 20:50:42 2009
    WARNING: Security policy doesn't allow for all actions MSRT may require.
    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Nov 11 20:53:15 2009


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v3.2, December 2009
    Started On Thu Dec 10 04:00:29 2009
    WARNING: Security policy doesn't allow for all actions MSRT may require.
    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Dec 10 04:02:51 2009


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v3.3, January 2010
    Started On Wed Jan 13 04:00:25 2010
    WARNING: Security policy doesn't allow for all actions MSRT may require.
    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Jan 13 04:02:48 2010


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v3.4, February 2010
    Started On Thu Feb 11 09:01:57 2010
    WARNING: Security policy doesn't allow for all actions MSRT may require.
    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 11 09:04:17 2010


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v3.5, March 2010
    Started On Tue Mar 09 22:09:05 2010
    WARNING: Security policy doesn't allow for all actions MSRT may require.
    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Tue Mar 09 22:11:20 2010


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v3.6, April 2010
    Started On Thu Apr 15 00:01:20 2010
    WARNING: Security policy doesn't allow for all actions MSRT may require.
    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 15 00:03:39 2010


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v3.7, May 2010
    Started On Tue May 18 04:01:37 2010
    WARNING: Security policy doesn't allow for all actions MSRT may require.
    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Tue May 18 04:03:55 2010


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v3.8, June 2010
    Started On Tue Jun 08 21:17:38 2010
    WARNING: Security policy doesn't allow for all actions MSRT may require.
    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Tue Jun 08 21:19:58 2010


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v3.9, July 2010
    Started On Wed Jul 14 04:02:25 2010
    WARNING: Security policy doesn't allow for all actions MSRT may require.-> Sysclean ERROR: Internal error, code = 80508015

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Jul 14 04:04:47 2010


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v3.10, August 2010
    Started On Thu Aug 12 04:01:51 2010
    WARNING: Security policy doesn't allow for all actions MSRT may require.-> Sysclean ERROR: Internal error, code = 80508015

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Aug 12 04:04:17 2010


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v3.11, September 2010
    Started On Thu Sep 16 04:01:40 2010
    WARNING: Security policy doesn't allow for all actions MSRT may require.
    Engine internal result code = 80508015

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 16 04:04:16 2010


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v3.12, October 2010
    Started On Wed Oct 13 21:04:18 2010
    WARNING: Security policy doesn't allow for all actions MSRT may require.
    Engine internal result code = 80508015

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 13 21:08:22 2010


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v3.13, November 2010
    Started On Tue Nov 09 18:01:34 2010
    ->Scan ERROR: resource process://pid:3336 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:5828 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:1516 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:5828 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:1516 (code 0x00000005 (5))

    Engine internal result code = 80508015

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Tue Nov 09 18:04:31 2010


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v3.14, December 2010
    Started On Wed Dec 15 08:13:20 2010
    ->Scan ERROR: resource process://pid:516 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:2664 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:4068 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:2664 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:516 (code 0x00000005 (5))

    Engine internal result code = 80508015

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Dec 15 08:16:10 2010


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v3.15, January 2011
    Started On Tue Jan 11 19:00:35 2011
    ->Scan ERROR: resource process://pid:512 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:2888 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:424 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:2888 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:512 (code 0x00000005 (5))

    Engine internal result code = 80508015

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Tue Jan 11 19:04:00 2011


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v3.16, February 2011
    Started On Wed Feb 09 18:39:23 2011
    ->Scan ERROR: resource process://pid:556 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:2532 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:3928 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:5916 (code 0x00000490 (1168))
    ->Scan ERROR: resource process://pid:2532 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:556 (code 0x00000005 (5))

    Engine internal result code = 80508015

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 09 18:42:30 2011


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v3.17, March 2011
    Started On Wed Mar 09 20:39:27 2011
    ->Scan ERROR: resource process://pid:536 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:3236 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:4044 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:3236 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:536 (code 0x00000005 (5))

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Mar 09 20:41:51 2011


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v3.18, April 2011
    Started On Fri Apr 15 00:03:12 2011
    ->Scan ERROR: resource process://pid:9684 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:9852 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:856 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:11272 (code 0x00000490 (1168))
    ->Scan ERROR: resource process://pid:856 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:9852 (code 0x00000005 (5))

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Fri Apr 15 00:05:49 2011


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v3.18, April 2011
    Started On Thu Apr 28 04:00:32 2011
    ->Scan ERROR: resource process://pid:548 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:3416 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:1436 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:3416 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:548 (code 0x00000005 (5))

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 28 04:03:05 2011


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v3.19, May 2011
    Started On Wed May 11 04:01:45 2011
    ->Scan ERROR: resource process://pid:712 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:2880 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:3960 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:2880 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:712 (code 0x00000005 (5))

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed May 11 04:04:18 2011


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v3.20, June 2011
    Started On Thu Jun 16 04:06:27 2011
    ->Scan ERROR: resource process://pid:760 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:2780 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:3172 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:3172 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:760 (code 0x00000005 (5))

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Jun 16 04:08:52 2011


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v3.21, July 2011
    Started On Thu Jul 14 04:02:02 2011
    ->Scan ERROR: resource process://pid:10232 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:6300 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:4312 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:10232 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:6300 (code 0x00000005 (5))

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Jul 14 04:04:43 2011


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v3.22, August 2011
    Started On Wed Aug 10 15:20:17 2011
    ->Scan ERROR: resource process://pid:9336 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:11288 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:11876 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:6612 (code 0x00000490 (1168))
    ->Scan ERROR: resource process://pid:9336 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:11288 (code 0x00000005 (5))

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 10 15:23:32 2011


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v4.0, September 2011
    Started On Fri Sep 16 04:03:15 2011

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Fri Sep 16 04:06:18 2011


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v4.0, September 2011
    Started On Wed Sep 28 20:50:58 2011

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 28 20:54:37 2011


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v4.1, October 2011
    Started On Wed Oct 12 19:27:05 2011

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 12 19:30:06 2011


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v4.2, November 2011
    Started On Wed Nov 09 04:00:31 2011

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Nov 09 04:03:25 2011


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v4.3, December 2011
    Started On Thu Dec 15 04:04:32 2011

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Dec 15 04:07:21 2011


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v4.4, January 2012
    Started On Thu Jan 12 04:02:07 2012

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 12 04:05:04 2012


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v4.5, February 2012
    Started On Thu Feb 16 01:40:18 2012
    ->Scan ERROR: resource process://pid:11160 (code 0x00000490 (1168))

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 16 01:43:37 2012


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v4.6, March 2012
    Started On Thu Mar 15 04:01:53 2012

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Mar 15 04:04:54 2012


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v4.7, April 2012
    Started On Wed Apr 11 23:41:14 2012

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 11 23:43:54 2012


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v4.8, May 2012
    Started On Sat May 12 04:16:48 2012
    ->Scan ERROR: resource process://pid:3848 (code 0x00000490 (1168))

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Sat May 12 04:20:24 2012


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v4.9, June 2012
    Started On Thu Jun 14 04:09:15 2012

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Jun 14 04:13:23 2012


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v4.10, July 2012
    Started On Wed Jul 11 04:02:38 2012

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Jul 11 04:06:27 2012


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v4.11, August 2012
    Started On Wed Aug 15 23:24:36 2012

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 15 23:28:15 2012


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v4.12, September 2012
    Started On Wed Sep 12 23:31:31 2012

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 12 23:34:38 2012


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v4.13, October 2012
    Started On Wed Oct 10 04:03:51 2012

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 10 04:06:49 2012


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v4.14, November 2012
    Started On Tue Nov 13 17:32:45 2012
    ->Scan ERROR: resource process://pid:656 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:248 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:324 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:2040 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:2228 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:3956 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:6444 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:248 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:324 (code 0x00000005 (5))

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Tue Nov 13 17:36:10 2012


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v4.15, December 2012
    Started On Wed Dec 12 04:01:47 2012
    ->Scan ERROR: resource process://pid:8900 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:7848 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:4792 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:2888 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:1912 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:1760 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:4164 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:8900 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:7848 (code 0x00000005 (5))

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Dec 12 04:05:07 2012


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v4.16, January 2013
    Started On Thu Jan 10 04:01:39 2013
    ->Scan ERROR: resource process://pid:656 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:696 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:240 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:300 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:1020 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:1948 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:3624 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:240 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:300 (code 0x00000005 (5))

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 10 04:04:47 2013


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v4.17, February 2013
    Started On Wed Feb 13 04:18:37 2013
    ->Scan ERROR: resource process://pid:656 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:696 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:272 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:360 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:1940 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:1952 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:3788 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:272 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:360 (code 0x00000005 (5))

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 13 04:22:26 2013


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v4.18, March 2013
    Started On Thu Mar 14 04:06:31 2013
    ->Scan ERROR: resource process://pid:7656 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:7868 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:7556 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:4984 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:6920 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:7852 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:7656 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:7868 (code 0x00000005 (5))

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Mar 14 04:10:16 2013


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v4.19, April 2013
    Started On Wed Apr 10 04:01:44 2013
    ->Scan ERROR: resource process://pid:4532 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:4692 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:4860 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:3824 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:5028 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:4972 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:3952 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:4532 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:4692 (code 0x00000005 (5))

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 10 04:05:55 2013


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v4.20, May 2013
    Started On Wed May 15 00:58:27 2013
    ->Scan ERROR: resource process://pid:664 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:704 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:236 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:348 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:592 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:772 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:3280 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:4056 (code 0x00000490 (1168))
    ->Scan ERROR: resource process://pid:2644 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:236 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:348 (code 0x00000005 (5))

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed May 15 01:04:11 2013


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v4.21, June 2013
    Started On Wed Jun 12 04:01:31 2013
    ->Scan ERROR: resource process://pid:8408 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:4472 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:9500 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:3104 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:8736 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:6536 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:7816 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:8408 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:4472 (code 0x00000005 (5))

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Jun 12 04:05:44 2013


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v4.22, July 2013
    Started On Sat Jul 13 07:29:27 2013
    ->Scan ERROR: resource process://pid:656 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:696 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:324 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:368 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:1808 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:1996 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:3504 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:324 (code 0x00000005 (5))
    ->Scan ERROR: resource process://pid:368 (code 0x00000005 (5))

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Sat Jul 13 07:33:26 2013


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.2, July 2013 (build 5.2.9201.0)
    Started On Mon Aug 12 06:55:20 2013


    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Mon Aug 12 07:00:19 2013


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.3, August 2013 (build 5.3.9301.0)
    Started On Sat Aug 24 23:53:31 2013


    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Sat Aug 24 23:57:22 2013


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.4, September 2013 (build 5.4.9400.0)
    Started On Fri Sep 13 18:01:55 2013

    Engine: 1.1.9800.0
    Signatures: 1.157.932.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Fri Sep 13 18:05:34 2013


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.5, October 2013 (build 5.5.9502.0)
    Started On Thu Oct 10 04:15:30 2013

    Engine: 1.1.9901.0
    Signatures: 1.159.530.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 10 04:19:59 2013


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.6, November 2013 (build 5.6.9603.0)
    Started On Fri Nov 22 21:48:37 2013

    Engine: 1.1.10003.0
    Signatures: 1.161.1618.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Fri Nov 22 21:52:35 2013


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.7, December 2013 (build 5.7.9701.0)
    Started On Wed Dec 11 21:21:49 2013

    Engine: 1.1.10100.0
    Signatures: 1.163.1013.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Dec 11 21:26:15 2013


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.8, January 2014 (build 5.8.9803.0)
    Started On Thu Jan 16 04:01:29 2014

    Engine: 1.1.10201.0
    Signatures: 1.165.1273.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 16 04:04:30 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.9, February 2014 (build 5.9.9902.0)
    Started On Wed Feb 12 04:08:07 2014

    Engine: 1.1.10201.0
    Signatures: 1.165.3163.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 12 04:11:34 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.10, March 2014 (build 5.10.10001.0)
    Started On Tue Mar 18 04:00:45 2014

    Engine: 1.1.10302.0
    Signatures: 1.167.1001.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Tue Mar 18 04:04:23 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.11, April 2014 (build 5.11.10100.0)
    Started On Wed Apr 09 04:02:22 2014

    Engine: 1.1.10401.0
    Signatures: 1.169.1258.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 09 04:06:27 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.12, May 2014 (build 5.12.10200.0)
    Started On Thu May 15 04:04:49 2014

    Engine: 1.1.10502.0
    Signatures: 1.173.1305.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Thu May 15 04:09:14 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.13, June 2014 (build 5.13.10300.0)
    Started On Thu Jun 12 07:37:42 2014

    Engine: 1.1.10600.0
    Signatures: 1.175.1113.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Jun 12 07:43:42 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.14, July 2014 (build 5.14.10402.0)
    Started On Wed Jul 09 00:02:35 2014

    Engine: 1.1.10701.0
    Signatures: 1.177.949.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Jul 09 00:06:50 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.15, August 2014 (build 5.15.10500.0)
    Started On Wed Aug 13 08:48:42 2014

    Engine: 1.1.10802.0
    Signatures: 1.179.1796.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 13 08:54:01 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)
    Started On Wed Sep 10 04:00:57 2014

    Engine: 1.1.10904.0
    Signatures: 1.183.882.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 10 04:06:47 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)
    Started On Thu Oct 16 16:49:43 2014

    Engine: 1.1.11005.0
    Signatures: 1.185.2035.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 16 17:01:11 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)
    Started On Thu Nov 13 17:24:00 2014

    Engine: 1.1.11104.0
    Signatures: 1.187.1116.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Nov 13 17:29:33 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
    Started On Thu Dec 11 21:43:20 2014

    Engine: 1.1.11202.0
    Signatures: 1.189.872.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Dec 11 21:48:51 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
    Started On Wed Jan 14 08:03:26 2015

    Engine: 1.1.11302.0
    Signatures: 1.191.1276.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Jan 14 08:11:18 2015


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)
    Started On Wed Feb 11 00:33:10 2015

    Engine: 1.1.11302.0
    Signatures: 1.191.3593.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 11 00:46:51 2015


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)
    Started On Sat Feb 28 06:58:47 2015

    Engine: 1.1.11302.0
    Signatures: 1.191.3593.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Sat Feb 28 07:41:20 2015


    Return code: 0 (0x0)



    Results of screen317's Security Check version 0.99.97
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    AVG AntiVirus Free Edition 2015
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Ad-Aware
    Spybot - Search & Destroy
    Java(TM) 6 Update 21
    Java(TM) 6 Update 2
    Java(TM) 6 Update 7
    Java 2 Runtime Environment, SE v1.4.2_03
    Java 2 Runtime Environment, SE v1.4.2_08
    Java version 32-bit out of Date!
    Java 64-bit 8 Update 31
    Adobe Flash Player 16.0.0.305
    Adobe Reader XI
    Mozilla Firefox (36.0)
    Mozilla Thunderbird (1.5.0 Thunderbird out of Date!
    ````````Process Check: objlist.exe by Laurent````````
    Ad-Aware AAWService.exe
    Ad-Aware AAWTray.exe is disabled!
    AVG avgwdsvc.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    AVG avgemc.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 7%
    ````````````````````End of Log``````````````````````
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Java is outdated, also there are several old versions showing as installed. All olversions need to be removed....Your Java [​IMG] is out of date. Older versions have vulnerabilities that malware can use to infect your system.
    Please follow these steps to remove older version of Java components and upgrade the application.

    Upgrading Java:

    Go to http://java.com/en/ and click on "Do I have Java"
    It will check your current version and then offer to update to the latest version
    Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

    ***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them. <<-- Very Important

    Next,

    If no remaining issues or concerns run the following to clean up:

    Download "Delfix by Xplode" and save it to your desktop.

    Or use the following if first link is down:

    "Delfix link mirror"

    Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

    Make Sure the following items are checked:


    • Remove disinfection tools
    • Purge System Restore
    • Reset system settings

    Now click on "Run" and wait patiently until the tool has completed.

    The tool will create a log when it has completed. We don't need you to post this.

    Any remnant files/logs from tools we have used can be deleted…

    If no issues remain hit the "Mark Solved" tab at the top of the thread....

    Thank you,

    Kevin.....
     
  10. jtsj1

    jtsj1 Thread Starter

    Joined:
    Feb 24, 2015
    Messages:
    6
    I downloaded the latest Java and removed all old versions, and ran DelFix. Everything is running smoothly now.

    Thanks very much for your help!
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1143755

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice