Deborahhh

The computer is still running ok-- Thank you for your help

HI T.H.E. My computer is working ok--

I am attaching two fixlog.txt files. the first I ran incorrectly WITHOUT the fixlist.txt file in same location (opps!) and the second was run correctly. Thanks! Fixlog run without fixlist.txt Fixlog run with FIXLIST.txt

HI T.H.E. As requested, attached are files requested-FRST and Addition thank you Addition.txt FRST.txt

Hi I had a blue screen today which references file: MBAM Swissarmy.sys (see attached .jpg) I was able to restart the machine and run MBAM - no infection found. A few days ago, MBAM's Malicious Website Protection was mysteriously "disabled" , and I was UNABLE to enable it. I rebooted the machine and was able to enable it and it is enabled now. Please advise Thanks in advance Deborah

*rootkit_ssdt_hook *rootkit_ssdt_hook

Hi AVG detected rootkit_sskt_hook and cannot remove it. Malewarebytes rootkit scan comes up clean. Running Win 7 Please advise Thank you for your advice. Deborah

Ron Thanks for the help in cleaning my machine! I've removed all the tools/logs and read thru your recommendations. One last question: The external hard drive wound up being infected most likely with the same that virus that infected PC (I left MBAM scanning external hard drive last night and when I came in this morning there was blue screen due to MBAM swissarmy file.) The software manager for the hard drive has an erase/reformat function.( I am ok with losing the files) Is it safe to erase/reformat the infected external drive from my "clean" machine utilizing the software manager? Thanks in advance for your advice

Ron My computer was working fine today ---only item to note is the CPU usage goes very high and then low during scan. Other than that machine is very zippy Currently I am scanning external hard drive back up w/ MBAM and that is only app open-usage goes to 100% to 55% to 19% and bounces back up and down again. I scanned with AVG earlier and it found a few things. Do you have any other suggestions to clean external hard drive before I back up my newly cleaned machine? Maybe I should just reformat this thing to be on safe side? Thank you

P.S. I do not use Thunderbird and have uninstalled it.

Ron: Ran browser resets, and security check log is below. Things seem normal now-- will report back later tonite after using computer today. Thanks Results of screen317's Security Check version 0.99.87 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG AntiVirus Free Edition 2015 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` WinPatrol ZoneAlarm Spy Blocker Windows Defender Adobe Reader XI Mozilla Firefox (32.0.3) Mozilla Thunderbird (2.0.0 Thunderbird out of Date! ````````Process Check: objlist.exe by Laurent```````` WinPatrol winpatrol.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe AVG avgwdsvc.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe Malwarebytes Anti-Malware mbamscheduler.exe Ruiware WinPatrol winpatrol.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 9% ````````````````````End of Log``````````````````````

Hi Ron The computer is running ok-no blue screens-however only problem is Explorer crashing sometimes--is there any info I can forward (event viewer?) for your review with regard to this problem? Below is log latest MBAM scan - Thank you Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/1/2014 Scan Time: 2:40:51 AM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.10.01.02 Rootkit Database: v2014.09.19.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows XP Service Pack 3 CPU: x86 File System: NTFS User: Deborah Scan Type: Threat Scan Result: Completed Objects Scanned: 332864 Time Elapsed: 20 min, 19 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)

Ron: Sorry for the delay- I have run all the fixes you requested. JavaRa 1.16 Removal Log is Post #14 Sept 26 above I ran TFC and FRST Is it normal for one of these programs to remove my saved passwords?(ie, my gmail log on and mbam log on were cleared) Below is the Fixlog.txt thanks again for your review and help with this. Deb Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-09-2014 Ran by Deborah at 2014-09-29 15:49:01 Run:1 Running from C:\Documents and Settings\Deborah\Desktop Loaded Profile: Deborah (Available profiles: Deborah & Administrator) Boot Mode: Normal ============================================== Content of fixlist: ***************** HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...er=6&ar=msnhome HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} Task: C:\WINDOWS\Tasks\AVG_SYS_TASK_0414b.job => C:\Documents and Settings\All Users\Application Data\Avg_Update_0414b\AVG-Secure-Search-Update_0414b.exe Task: C:\WINDOWS\Tasks\AVG_SYS_TASK_0814av.job => C:\Documents and Settings\All Users\Application Data\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-515967899-1214440339-1606980848-1003.job => C:\Program Files\Citrix\GoToMeeting\1694\g2mupdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1214440339-1606980848-1003Core.job => C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1214440339-1606980848-1003UA.job => C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\MP Scheduled Scan.job => C:\Program Files\Windows Defender\MpCmdRun.exe Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-1214440339-1606980848-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-1214440339-1606980848-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe EmptyTemp: Reboot: ***************** HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}" => Key not found. "HKCR\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}" => Key deleted successfully. "HKCR\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}" => Key deleted successfully. "HKCR\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}" => Key deleted successfully. C:\WINDOWS\Tasks\AVG_SYS_TASK_0414b.job => Moved successfully. C:\WINDOWS\Tasks\AVG_SYS_TASK_0814av.job => Moved successfully. C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-515967899-1214440339-1606980848-1003.job => Moved successfully. C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1214440339-1606980848-1003Core.job => Moved successfully. C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1214440339-1606980848-1003UA.job => Moved successfully. C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => Moved successfully. C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => Moved successfully. C:\WINDOWS\Tasks\MP Scheduled Scan.job not found. C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-1214440339-1606980848-1003.job => Moved successfully. C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-1214440339-1606980848-1003.job => Moved successfully. EmptyTemp: => Removed 110.9 MB temporary data. The system needed a reboot. ==== End of Fixlog ====

JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Fri Sep 26 22:21:37 2014 Found and removed: C:\Documents and Settings\Deborah\Application Data\Sun\Java\jre1.6.0_12 Found and removed: C:\Documents and Settings\Deborah\Application Data\Sun\Java\jre1.7.0_04 Found and removed: Applications\java.exe Found and removed: Applications\javaw.exe Found and removed: Software\Classes\JavaPlugin.160_14 Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.6.0.0 Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit Found and removed: SOFTWARE\Microsoft\Internet Explorer\Low Rights Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Found and removed: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs Found and removed: SOFTWARE\JavaSoft Found and removed: SOFTWARE\JreMetrics Found and removed: SOFTWARE\MozillaPlugins ------------------------------------ Finished reporting. JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Fri Sep 26 22:21:51 2014 ------------------------------------ Finished reporting.

Please ignore the above message..I have add/remove programs back in control panel :-) I will post back

Please go into Control Panel, Add/Remove and uninstall ALL versions of Java My Add or Remove Programs is an empty blank space. http://support2.microsoft.com/kb/266668#FixItForMeAlways I tried the 'fix it' tool at link above and no change I tried REGSVR32 APPWIZ.CPL at command prompt and received this message : "DLLREGISTERSERVER in appwiz.cpl succeeded". However, the problem remains even with reboot.I thought it best to post before trying any other fixes to get add/remove programs in control panel back. Thank you

Hi Ron As requested, MBAM application log, FRST and Additions logs copied below. AVG scan is clean. thanks Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 9/25/2014 Scan Time: 6:58:57 PM Logfile: MBAM Application log 9.25.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.09.25.10 Rootkit Database: v2014.09.19.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Enabled OS: Windows XP Service Pack 3 CPU: x86 File System: NTFS User: Deborah Scan Type: Threat Scan Result: Completed Objects Scanned: 341596 Time Elapsed: 52 min, 49 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-09-2014 Ran by Deborah (administrator) on HOME-54822832EF on 25-09-2014 21:34:57 Running from C:\Documents and Settings\Deborah\Desktop Loaded Profile: Deborah (Available profiles: Deborah & Administrator) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 8 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe () C:\Documents and Settings\All Users\Application Data\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe () C:\Documents and Settings\All Users\Application Data\Avg_Update_0414b\AVG-Secure-Search-Update_0414b.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Maxtor Corporation) C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe (Maxtor Corp.) C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe (Ruiware LLC) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe (Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft® Corporation) C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Seagate Technology LLC) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2svc.exe () C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe (Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2comm.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2pre.exe (Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2tray.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe ( ) C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe (Pervasive Software Inc.) C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2mainh.exe (Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2host.exe (Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2audioh.exe (Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2printh.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [PeachtreePrefetcher.exe] => C:\Program Files\Sage Software\Peachtree\PeachtreePrefetcher.exe [320816 2013-11-07] (Sage Software, Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKLM\...\Run: [MaxtorOneTouch] => C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe [712704 2006-03-27] (Maxtor Corporation) HKLM\...\Run: [] => [X] HKLM\...\Run: [mxomssmenu] => C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe [81920 2005-10-17] (Maxtor Corp.) HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Application Data\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *:\RECYCLER\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION HKLM Group Policy restriction on software: *.png.com <====== ATTENTION HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Application Data\*.com <====== ATTENTION HKLM Group Policy restriction on software: *‮* <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Application Data\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION HKLM Group Policy restriction on software: *:\RECYCLER\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION HKLM Group Policy restriction on software: *:\RECYCLER\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION HKLM Group Policy restriction on software: *:\RECYCLER\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.com <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Application Data\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Application Data\avg8upg\avgmfapx.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Application Data\avg8upg\avgntdumpx.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\avg8upg\avgrdtestx.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\avg8upg\avgrdtestx.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\avg8upg\avgremoverx.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Application Data\avg8upg\avg8upgx.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Application Data\avg8upg\avgmfapx.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Application Data\googletoolbar\googletoolbar.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\avg8upg\avgrunasx.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Application Data\avg8upg\avgrunasx.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Application Data\avg8upg\avgrdtestx.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\googletoolbar\googletoolbar.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\avg8upg\avgntdumpx.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Application Data\avg8upg\setup.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\avg8upg\avgmfapx.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Application Data\avg8upg\avgntdumpx.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Application Data\avg8upg\setup.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\avg8upg\avgntdumpx.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Application Data\googletoolbar\googletoolbar.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Application Data\avg8upg\avgrunasx.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\avg8upg\avgmfapx.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\avg8upg\avgrunasx.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Application Data\avg8upg\avgremoverx.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\avg8upg\avg8upgx.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Application Data\avg8upg\avgremoverx.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\googletoolbar\googletoolbar.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Application Data\avg8upg\avg8upgx.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\avg8upg\avg8upgx.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\avg8upg\avgremoverx.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Application Data\avg8upg\avgrdtestx.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\avg8upg\setup.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\avg8upg\setup.exe <====== ATTENTION Winlogon\Notify\avgrsstarter: C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) Winlogon\Notify\GoToMyPC: C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation) HKU\S-1-5-21-515967899-1214440339-1606980848-1003\...\Run: [AVG-Secure-Search-Update_0414b] => C:\Documents and Settings\Deborah\Application Data\Avg_Update_0414b\AVG-Secure-Search-Update_0414b.exe [2707480 2014-04-09] () HKU\S-1-5-21-515967899-1214440339-1606980848-1003\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC) HKU\S-1-5-18\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [39264 2007-03-13] (Microsoft Corporation) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) Startup: C:\Documents and Settings\Deborah\Start Menu\Programs\Startup\wkcalrem.LNK ShortcutTarget: wkcalrem.LNK -> C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation) ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\6ljv1ced.default FF Homepage: hxxp://www.smbiz.com/|about:newtab FF NetworkProxy: "type", 4 FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=15.0.6.14 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=15.0.6.14 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=15.0.6.14 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin: @rim.com/npappworld -> C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll () FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\atgpcdec.dll (Cisco WebEx LLC) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\atgpcext.dll (Cisco WebEx LLC) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ieatgpc.dll (Cisco WebEx LLC) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npatgpc.dll (Cisco WebEx LLC) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPZoneSB.dll (Check Point Software Technologies Ltd.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ptexmeet.dll (Cisco WebEx LLC) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\ieatgpc.dll (Cisco WebEx LLC) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npatgpc.dll (Cisco WebEx LLC) FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Deborah\Application Data\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC) FF SearchPlugin: C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\6ljv1ced.default\searchplugins\wolframalpha.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml FF Extension: HTTPS-Everywhere - C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\6ljv1ced.default\Extensions\https-everywhere@eff.org [2014-09-12] FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\6ljv1ced.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-08-12] FF Extension: Delicious Bookmarks - C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\6ljv1ced.default\Extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} [2012-10-22] FF Extension: WOT - C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\6ljv1ced.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-29] FF Extension: Personas Plus - C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\6ljv1ced.default\Extensions\personas@christopher.beard.xpi [2013-03-04] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-25] FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-11-19] Chrome: ======= CHR HomePage: Default -> hxxp://mail.google.com/mail/?um=1&hl=en&shva=1#inbox CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.43\pdf.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (ActiveTouch General Plugin Container) - C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll (Cisco WebEx LLC) CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer) CHR Plugin: (ZoneAlarm Spy Blocker Plugin Stub) - C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll (Check Point Software Technologies Ltd.) CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation) CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.)) CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation) CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (Google Update) - C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () CHR Plugin: (Java Platform SE 7 U9) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File CHR Plugin: (BlackBerry AppWorld) - C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll () CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR CustomProfile: C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Chrome\User Data\Default CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2013-01-17] CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-11-19] CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 FreeAgentGoNext Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [189736 2009-12-18] (Seagate Technology LLC) R2 GoToMyPC; C:\Program Files\Citrix\GoToMyPC\g2svc.exe [1335640 2014-01-30] (Citrix Online, a division of Citrix Systems, Inc.) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 MaxBackServiceInt; C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe [184320 2006-02-15] () [File not signed] R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 NTService1; C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe [106496 2006-02-07] ( ) [File not signed] R2 psqlWGE; C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe [436040 2013-01-08] (Pervasive Software Inc.) S3 Sage 50 SmartPosting 2014; C:\Program Files\Sage Software\Peachtree\SmartPostingService2014.exe [335664 2013-11-07] (Sage Software, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2008-02-27] () [File not signed] R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed] R3 IntelS51; C:\WINDOWS\System32\DRIVERS\IntelS51.sys [1903338 2004-12-10] (Intel Corporation) R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [53208 2014-05-12] (Malwarebytes Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-25] (Malwarebytes Corporation) R2 monblanking; C:\WINDOWS\System32\DRIVERS\monblanking.sys [29280 2014-01-30] (Citrix Systems, Inc.) S3 MXOPSWD; C:\WINDOWS\System32\DRIVERS\mxopswd.sys [15360 2005-04-06] (Maxtor Corp.) R3 RT61; C:\WINDOWS\System32\DRIVERS\RT61.sys [356096 2005-10-27] (Ralink Technology Inc.) R3 SMBios; C:\WINDOWS\System32\DRIVERS\SMBios.sys [36484 2004-06-06] (Intel Corporation) [File not signed] S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation) R0 speedfan; C:\WINDOWS\System32\speedfan.sys [5248 2006-09-24] (Windows ® 2000 DDK provider) [File not signed] S3 WDC_SAM; system32\DRIVERS\wdcsam.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-25 21:34 - 2014-09-25 21:36 - 00036204 _____ () C:\Documents and Settings\Deborah\Desktop\FRST.txt 2014-09-25 21:34 - 2014-09-25 21:34 - 00000000 ____D () C:\Documents and Settings\Deborah\Desktop\FRST-OlderVersion 2014-09-25 10:12 - 2014-09-25 21:33 - 00000000 ____D () C:\Documents and Settings\Deborah\Desktop\Sept 25 mb help 2014-09-24 19:23 - 2014-09-24 19:22 - 00090112 _____ () C:\WINDOWS\Minidump\Mini092414-01.dmp 2014-09-24 12:07 - 2014-09-24 12:07 - 00018142 _____ () C:\Documents and Settings\Deborah\Desktop\Frst.txt add.txt 9.24.zip 2014-09-24 12:05 - 2014-09-24 12:07 - 00000000 ____D () C:\Documents and Settings\Deborah\Desktop\Frst.txt add.txt 9.24.14 2014-09-22 16:40 - 2014-09-22 16:43 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-09-22 16:29 - 2014-09-22 16:29 - 00029289 _____ () C:\Documents and Settings\Deborah\Desktop\DiagnosticLogs9.22.zip 2014-09-22 16:28 - 2014-09-22 16:28 - 00000000 ____D () C:\Documents and Settings\Deborah\Desktop\DiagnosticLogs9.22.14 2014-09-22 16:09 - 2014-09-25 21:35 - 00000000 ____D () C:\FRST 2014-09-22 15:09 - 2014-09-25 18:53 - 00000000 ____D () C:\Documents and Settings\Deborah\Desktop\New Folder 2014-09-22 15:09 - 2014-09-22 15:09 - 01682416 _____ (Malwarebytes Corporation) C:\Documents and Settings\Deborah\Desktop\mbam-check-2.1.1.1001.exe 2014-09-22 11:56 - 2014-09-25 21:34 - 01100288 _____ (Farbar) C:\Documents and Settings\Deborah\Desktop\FRST.exe 2014-09-22 10:45 - 2014-09-22 10:44 - 00090112 _____ () C:\WINDOWS\Minidump\Mini092214-01.dmp 2014-09-19 18:26 - 2014-09-25 18:58 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-09-19 18:26 - 2014-09-19 18:26 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2014-09-19 18:26 - 2014-09-19 18:26 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-09-19 18:26 - 2014-09-19 18:26 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2014-09-19 18:26 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-09-19 18:26 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-09-19 11:24 - 2014-09-19 11:24 - 00000000 ___HD () C:\WINDOWS\PIF 2014-09-18 10:06 - 2014-09-18 10:06 - 00090112 _____ () C:\WINDOWS\Minidump\Mini091814-01.dmp 2014-09-17 17:07 - 2014-09-17 17:07 - 02363888 _____ () C:\Documents and Settings\Deborah\My Documents\Scan14-09-17 1615.tif 2014-09-16 18:29 - 2014-09-16 18:29 - 00134796 _____ () C:\Documents and Settings\Deborah\My Documents\INV 64 tkts.tif 2014-09-08 19:26 - 2014-09-08 19:26 - 00045056 _____ () C:\A&A COGS analysis2012 vs 2013 dated 9.8.14.xls 2014-08-26 20:15 - 2014-09-25 18:55 - 00000596 _____ () C:\WINDOWS\Tasks\AVG_SYS_TASK_0814av.job 2014-08-26 20:15 - 2014-08-26 20:16 - 00000000 ____D () C:\Documents and Settings\Deborah\Application Data\Avg_Update_0814av 2014-08-26 20:15 - 2014-08-26 20:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Avg_Update_0814av 2014-08-26 09:32 - 2014-09-25 18:56 - 00000290 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-1214440339-1606980848-1003.job ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-25 21:36 - 2013-03-27 11:48 - 00000000 ____D () C:\Documents and Settings\Deborah\Local Settings\temp 2014-09-25 21:36 - 2009-02-20 13:27 - 01687829 _____ () C:\WINDOWS\pfirewall.log 2014-09-25 20:46 - 2009-07-01 10:33 - 00000986 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1214440339-1606980848-1003UA.job 2014-09-25 20:44 - 2014-02-21 13:02 - 00000518 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-515967899-1214440339-1606980848-1003.job 2014-09-25 20:07 - 2013-03-27 11:48 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp 2014-09-25 19:20 - 2009-02-11 15:46 - 01574136 _____ () C:\WINDOWS\WindowsUpdate.log 2014-09-25 19:19 - 2009-08-26 10:38 - 00000330 ____H () C:\WINDOWS\Tasks\MP Scheduled Scan.job 2014-09-25 18:56 - 2014-01-17 19:58 - 00000282 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-1214440339-1606980848-1003.job 2014-09-25 18:56 - 2008-04-14 08:00 - 00002422 _____ () C:\WINDOWS\system32\wpa.dbl 2014-09-25 18:55 - 2014-04-18 14:55 - 00000590 _____ () C:\WINDOWS\Tasks\AVG_SYS_TASK_0414b.job 2014-09-25 18:55 - 2014-03-11 10:23 - 00000226 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-09-25 18:55 - 2009-02-11 10:40 - 00000157 _____ () C:\WINDOWS\wiadebug.log 2014-09-25 18:55 - 2009-02-11 10:40 - 00000049 _____ () C:\WINDOWS\wiaservc.log 2014-09-25 18:54 - 2009-02-11 15:52 - 00000178 ___SH () C:\Documents and Settings\Deborah\ntuser.ini 2014-09-25 18:54 - 2009-02-11 15:50 - 00032410 _____ () C:\WINDOWS\SchedLgU.Txt 2014-09-25 18:54 - 2009-02-11 15:50 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-09-25 18:50 - 2013-09-11 12:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData 2014-09-25 18:50 - 2009-02-11 17:16 - 00000000 ____D () C:\Program Files\AVG 2014-09-25 18:49 - 2013-12-11 13:46 - 00000716 _____ () C:\WINDOWS\pvsw.log 2014-09-25 18:45 - 2010-11-26 17:17 - 00422666 _____ () C:\WINDOWS\setupapi.log 2014-09-25 17:42 - 2009-03-18 17:20 - 00000000 ____D () C:\Documents and Settings\Deborah\Application Data\Canon 2014-09-25 14:58 - 2009-02-20 13:27 - 04194309 _____ () C:\WINDOWS\pfirewall.log.old 2014-09-25 14:46 - 2009-07-01 10:33 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1214440339-1606980848-1003Core.job 2014-09-24 19:23 - 2010-03-17 15:58 - 00000000 ____D () C:\WINDOWS\Minidump 2014-09-24 16:07 - 2009-02-12 13:29 - 00051756 _____ () C:\Documents and Settings\Deborah\Application Data\wklnhst.dat 2014-09-23 12:03 - 2012-05-08 11:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-09-19 11:34 - 2009-09-22 16:39 - 00000000 ____D () C:\Program Files\SpeedFan 2014-09-18 16:29 - 2009-02-11 10:36 - 00192561 _____ () C:\WINDOWS\setupact.log 2014-09-17 12:31 - 2013-11-06 14:13 - 00000000 ____D () C:\Documents and Settings\Deborah\Tracing 2014-09-17 10:25 - 2009-02-11 17:29 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-09-15 18:39 - 2009-02-12 12:55 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini 2014-09-15 18:33 - 2013-03-23 12:38 - 00000000 ____D () C:\Documents and Settings\Deborah\My Documents\1234DESKTOP MAR 22 2013 2014-09-15 09:06 - 2009-10-16 16:35 - 00231568 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2014-09-11 17:54 - 2013-07-24 17:20 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-09-11 17:33 - 2009-02-11 17:04 - 98758480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-09-11 16:52 - 2013-02-26 13:47 - 00000000 ____D () C:\Documents and Settings\Deborah\My Documents\2013 WorkPapers 2014-09-11 16:48 - 2014-04-14 16:50 - 00000000 ____D () C:\Documents and Settings\Deborah\My Documents\2014WorkPapers 2014-09-08 15:00 - 2014-03-11 10:23 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2014-09-05 08:50 - 2009-02-12 12:47 - 00000000 ____D () C:\Documents and Settings\Deborah\My Documents\NewHireInfo 2014-08-26 10:36 - 2011-12-08 14:59 - 00000000 ____D () C:\Documents and Settings\Deborah\My Documents\Bern.NewAdvisor Some content of TEMP: ==================== C:\Documents and Settings\Deborah\Local Settings\temp\oi_{5838660A-53D9-4408-8A64-36152C86F421}.exe C:\Documents and Settings\Deborah\Local Settings\temp\sfamcc00001.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-09-2014 Ran by Deborah at 2014-09-25 21:38:04 Running from C:\Documents and Settings\Deborah\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Reader XI (11.0.03) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated) Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC) Belarc Advisor 7.2 (HKLM\...\Belarc Advisor) (Version: - ) BlackBerry App World Browser Plugin (HKLM\...\{7C3911B4-3763-4037-B37E-8D7A305967B8}) (Version: 3.1.3.6 - Research In Motion Limited) BlackBerry Desktop Software 5.0.1 (HKLM\...\BlackBerry_{CE86E2F5-850C-4207-94A3-A58D647B1733}) (Version: 5.0.1.37 - Research In Motion Ltd.) BlackBerry Desktop Software 5.0.1 (Version: 5.0.1.37 - Research In Motion Ltd.) Hidden BlackBerry® Media Sync (HKLM\...\{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}) (Version: 2.0.28 - Research In Motion) Blu Dot Clock (HKLM\...\Clock 1.0) (Version: 1.0 - Blu Dot) Bullzip PDF Printer 6.0.0.766 (HKLM\...\Bullzip PDF Printer_is1) (Version: - Bullzip) Carbonite Online Backup Setup (HKLM\...\Carbonite Setup Lite) (Version: 3.8.0 - Carbonite Inc.) Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) Citrix Online Launcher (HKLM\...\{C57F6C71-C365-4AFF-9108-397BBAD6127F}) (Version: 1.0.204 - Citrix) Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation) Crystal Reports 2008 Runtime SP1 (HKLM\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.1.0.882 - Business Objects) CutePDF Writer 2.7 (HKLM\...\CutePDF Writer Installation) (Version: - ) Duplicate Finder 2009 v2.4 (HKLM\...\Duplicate Finder 2009_is1) (Version: - Ashisoft) Easy Duplicate Finder v. 3.0 (HKLM\...\Easy Duplicate Finder_is1) (Version: - WebMinds, Inc.) ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - ) Free Disk Analyzer (HKLM\...\Free Disk Analyzer) (Version: 1.0.1.22 - Extensoft) Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.) GoogleToolBar (HKCU\...\GoogleToolBar) (Version: - Gaby de Wilde) GoToMeeting 7.0.0.1694 (HKCU\...\GoToMeeting) (Version: 7.0.0.1694 - CitrixOnline) GoToMyPC (HKLM\...\{5FAB6702-2810-4C95-9840-876C2D6D12A5}) (Version: 8.1.1337 - Citrix Online) GPL Ghostscript Lite 8.63 (HKLM\...\GPL Ghostscript Lite_is1) (Version: - ) HDD Health v3.3 Beta (HKLM\...\HDD Health_is1) (Version: - ) High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation) hp LaserJet-all-in-one (HKLM\...\hp LaserJet-all-in-one) (Version: - hp) Intel® 536EP Modem (HKLM\...\Intel® 536EP Modem) (Version: - ) Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: - ) Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version: - ) Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - ) LaserAIO (Version: 1.00.0000 - Hewlett-Packard) Hidden Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Maxtor Backup (HKLM\...\InstallShield_{9C3F9580-F5CF-4288-894E-9FF0EB24A21C}) (Version: 1.00.0040 - Maxtor) Maxtor Backup (Version: 1.00.0040 - Maxtor) Hidden Maxtor OneTouch III (HKLM\...\InstallShield_{60EEB642-E9E0-45A2-A676-B9D8FE17C4A9}) (Version: 3.02.0060 - Maxtor) Maxtor OneTouch III (Version: 3.02.0060 - Maxtor) Hidden MFC RunTime files (Version: 1.0.0 - Extensoft) Hidden Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - ) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Automated Troubleshooting Services Shim (HKLM\...\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb) (Version: - ) Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation) Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation) Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0080 - Microsoft Corporation) Microsoft Internationalized Domain Names Mitigation APIs (Version: - Microsoft Corporation) Hidden Microsoft National Language Support Downlevel APIs (Version: - Microsoft Corporation) Hidden Microsoft Office Live Meeting 2007 (HKLM\...\{389F8A7A-8611-42E8-8169-20D2BAF0C595}) (Version: 8.0.6362.215 - Microsoft Corporation) Microsoft Office XP Standard for Students and Teachers (HKLM\...\{913D0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.0 - Microsoft Corporation) Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.31119 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31124 - Microsoft Corporation) Hidden Microsoft Word 2002 (HKLM\...\{911B0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation) Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation) Microsoft Works 2005 Setup Launcher (HKLM\...\Works2005Setup) (Version: - ) Microsoft Works Suite Add-in for Microsoft Word (HKLM\...\{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}) (Version: 8.0.0.0000 - Microsoft Corporation) Mozilla Firefox 32.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.2 (x86 en-US)) (Version: 32.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) Mozilla Thunderbird (2.0.0.21) (HKLM\...\Mozilla Thunderbird (2.0.0.21)) (Version: 2.0.0.21 (en-US) - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) muvee Reveal Seagate Edition (HKLM\...\{78E9A751-5616-233F-1249-16AC5758C646}) (Version: 7.0.41.11017 - muvee Technologies Pte Ltd) Nero OEM (HKLM\...\Nero - Burning Rom!UninstallKey) (Version: - ) Network Recording Player (HKLM\...\{B74F2CE0-4E8A-44DD-B542-888D7E2A22F1}) (Version: 2.23.2511 - Cisco WebEx LLC) Opera 12.15 (HKLM\...\Opera 12.15.1748) (Version: 12.15.1748 - Opera Software ASA) Peachtree Business Analytics (HKLM\...\{7AFCA760-E2DD-40C2-B03A-EEF03AA3197F}) (Version: 2008.0.3.1823 - Sage Software Inc.) Peachtree Complete Accounting 2010 (HKLM\...\Peachtree Complete Accounting) (Version: - ) PeachTree Signature Ready Forms (Version: 6.11.1 - Sage Software SB, Inc.) Hidden Pervasive PSQL v11 Workgroup (32-bit) (Version: 11.30.057 - Pervasive Software) Hidden Pervasive PSQL v11 Workgroup (32-bit) SP3 (HKLM\...\Pervasive PSQL v11 Workgroup (32-bit)) (Version: 11.30.057 - Pervasive Software) Pervasive Software PSQL v9.1 Client (HKLM\...\Pervasive Software PSQL v9.1 Workgroup_is1) (Version: - Pervasive Software) Pervasive System Analyzer v9.1 (HKLM\...\Pervasive System Analyzer_is1) (Version: - Pervasive Software) PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - ) QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - ) RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden Sage 50 Accounting 2014 (HKLM\...\InstallShield_{D2ADA6F5-F155-4A37-87CA-599E81F6C6C0}) (Version: 21.02.00 - Sage Software, Inc.) Sage 50 Accounting 2014 (Version: 21.02.00 - Sage Software, Inc.) Hidden Sage 50 Accounting Tax Forms (Version: 12.4.15 - Sage Software SB, Inc.) Hidden Sage Download Manager (HKCU\...\2f8d25aeed0b3ae4) (Version: 1.0.0.9 - Sage) Sage Message Center (Version: 2.00.0000 - Sage Software Inc.) Hidden Sage Software Integration Services (HKLM\...\Integration Services) (Version: 2.2.2240 - Sage Technology) SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit) (HKLM\...\{AAD476D7-FC64-40BC-85EA-0C1FD98D8375}) (Version: 13.0.3.612 - SAP) Scan (Version: 3.5.0.0 - Hewlett-Packard) Hidden Seagate Manager Installer (HKLM\...\InstallShield_{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}) (Version: 2.01.0700 - Seagate) Seagate Manager Installer (Version: 2.01.0700 - Seagate) Hidden SeaTools for Windows (HKLM\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.2 - Seagate Technology) SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - ) Spotify (HKLM\...\Spotify) (Version: 0.5.2 - ) Times Reader (HKLM\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.053 - The New York Times Company) Times Reader (Version: 2.053 - The New York Times Company) Hidden Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation) Update for Windows Internet Explorer 7 (KB980182) (Version: 1 - Microsoft Corporation) Hidden Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation) Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2616676-v2) (HKLM\...\KB2616676-v2) (Version: 2 - Microsoft Corporation) Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation) Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2808679) (HKLM\...\KB2808679) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation) Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) WebEx Event Manager for Firefox or Chrome (HKLM\...\{72D5CE45-485E-477F-A4BD-B9BB0BCFFFF4}) (Version: 28.12.1.16851 - Cisco WebEx LLC) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation) Windows Defender (HKLM\...\{A06275F4-324B-4E85-95E6-87B2CD729401}) (Version: 1.1.1593.21 - Microsoft Corporation) Windows Driver Package - Citrix Systems monblanking Citrix Driver (04/25/2013 6.2.101.0) (HKLM\...\831FB1509292986F102B3AB7C8451FA1EA13B0F7) (Version: 04/25/2013 6.2.101.0 - Citrix Systems) Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation) Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) Windows Media Player 11 (Version: - Microsoft Corporation) Hidden Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation) WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware) Works Upgrade (Version: 8.0.0.0000 - Microsoft Corporation) Hidden XMLinst (HKLM\...\{EA23971F-2CEE-48FC-B64D-7F74A6EF90F0}) (Version: 1.0.0.0 - Intel Corporation) ZoneAlarm Spy Blocker (HKLM\...\ZoneAlarmSB Uninstall) (Version: - ZoneAlarm) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.21.135\psuser.dl (the data entry has 9 more characters). CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.2.183.23\goopdate. (the data entry has 11 more characters). CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dll (the data entry has 7 more characters). CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.) CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Chrome\Application\37.0.2062.124\delegate_execute.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.21.145\psuser.dl (the data entry has 9 more characters). CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.21.123\psuser.dl (the data entry has 9 more characters). CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.21.153\psuser.dl (the data entry has 9 more characters). CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1440\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.) CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.21.149\psuser.dl (the data entry has 9 more characters). CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll (the data entry has 7 more characters). CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dl (the data entry has 9 more characters). CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dll (the data entry has 7 more characters). CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.24.7\psuser.dll (the data entry has 7 more characters). ==================== Restore Points ========================= 30-06-2014 15:32:59 System Checkpoint 01-07-2014 17:12:16 System Checkpoint 02-07-2014 22:15:11 Installed Sage 50 Payroll Solutions Update 07-07-2014 18:28:38 System Checkpoint 09-07-2014 17:22:22 System Checkpoint 09-07-2014 22:58:13 Software Distribution Service 3.0 11-07-2014 22:30:34 System Checkpoint 14-07-2014 16:55:32 System Checkpoint 15-07-2014 18:01:07 System Checkpoint 17-07-2014 15:28:59 System Checkpoint 18-07-2014 16:00:37 System Checkpoint 18-07-2014 21:34:41 Installed GoToMyPC 19-07-2014 22:04:56 System Checkpoint 20-07-2014 22:05:40 System Checkpoint 22-07-2014 15:59:03 System Checkpoint 23-07-2014 19:22:56 System Checkpoint 24-07-2014 19:56:28 System Checkpoint 25-07-2014 15:38:47 Installed Sage 50 Payroll Solutions Update 26-07-2014 16:28:16 System Checkpoint 27-07-2014 17:16:16 System Checkpoint 28-07-2014 20:30:36 System Checkpoint 29-07-2014 20:44:50 System Checkpoint 31-07-2014 12:40:39 System Checkpoint 01-08-2014 13:37:09 System Checkpoint 01-08-2014 14:21:28 Installed AVG 2014 01-08-2014 14:28:22 Removed AVG 2014 02-08-2014 15:07:15 System Checkpoint 03-08-2014 15:19:17 System Checkpoint 04-08-2014 16:19:16 System Checkpoint 05-08-2014 22:19:10 System Checkpoint 07-08-2014 14:49:23 System Checkpoint 08-08-2014 20:10:26 System Checkpoint 09-08-2014 21:21:25 System Checkpoint 10-08-2014 22:21:22 System Checkpoint 12-08-2014 16:40:57 System Checkpoint 13-08-2014 19:41:04 System Checkpoint 13-08-2014 23:17:26 Software Distribution Service 3.0 15-08-2014 14:45:37 System Checkpoint 16-08-2014 15:51:54 System Checkpoint 17-08-2014 16:25:09 System Checkpoint 18-08-2014 16:39:15 System Checkpoint 19-08-2014 22:55:25 System Checkpoint 21-08-2014 17:07:32 System Checkpoint 22-08-2014 18:27:17 System Checkpoint 23-08-2014 18:39:14 System Checkpoint 24-08-2014 18:53:46 System Checkpoint 26-08-2014 00:43:42 System Checkpoint 27-08-2014 00:54:39 System Checkpoint 28-08-2014 15:55:01 System Checkpoint 29-08-2014 23:43:36 System Checkpoint 31-08-2014 00:57:44 System Checkpoint 01-09-2014 01:09:44 System Checkpoint 02-09-2014 01:10:15 System Checkpoint 03-09-2014 01:58:17 System Checkpoint 04-09-2014 20:32:59 System Checkpoint 05-09-2014 22:22:21 System Checkpoint 06-09-2014 22:52:45 System Checkpoint 08-09-2014 17:06:46 System Checkpoint 10-09-2014 19:14:16 System Checkpoint 11-09-2014 21:33:11 Software Distribution Service 3.0 13-09-2014 00:07:33 System Checkpoint 14-09-2014 00:30:56 System Checkpoint 15-09-2014 01:06:56 System Checkpoint 16-09-2014 17:52:43 System Checkpoint 17-09-2014 20:45:03 System Checkpoint 19-09-2014 23:39:52 System Checkpoint 21-09-2014 00:32:33 System Checkpoint 22-09-2014 01:09:02 System Checkpoint 23-09-2014 17:43:44 System Checkpoint 24-09-2014 03:39:35 Removed Jungle Disk Desktop 25-09-2014 22:44:14 Removed AVG 2014 25-09-2014 22:46:31 Removed AVG 2014 25-09-2014 23:17:14 Software Distribution Service 3.0 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-02-13 10:41 - 2013-03-27 11:45 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\AVG_SYS_TASK_0414b.job => C:\Documents and Settings\All Users\Application Data\Avg_Update_0414b\AVG-Secure-Search-Update_0414b.exe Task: C:\WINDOWS\Tasks\AVG_SYS_TASK_0814av.job => C:\Documents and Settings\All Users\Application Data\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-515967899-1214440339-1606980848-1003.job => C:\Program Files\Citrix\GoToMeeting\1694\g2mupdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1214440339-1606980848-1003Core.job => C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1214440339-1606980848-1003UA.job => C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\MP Scheduled Scan.job => C:\Program Files\Windows Defender\MpCmdRun.exe Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-1214440339-1606980848-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-1214440339-1606980848-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe ==================== Loaded Modules (whitelisted) ============= 2009-03-18 17:37 - 2007-07-12 22:33 - 00087552 _____ () C:\WINDOWS\system32\cpwmon2k.dll 2002-05-03 17:40 - 2002-05-03 17:40 - 00094274 _____ () C:\WINDOWS\system32\HPBHealr.dll 2014-08-26 20:15 - 2014-08-12 12:10 - 02775576 _____ () C:\Documents and Settings\All Users\Application Data\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe 2014-04-18 14:55 - 2014-04-09 03:48 - 02707480 _____ () C:\Documents and Settings\All Users\Application Data\Avg_Update_0414b\AVG-Secure-Search-Update_0414b.exe 2006-02-15 10:56 - 2006-02-15 10:56 - 00184320 _____ () C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk => C:\WINDOWS\pss\Desktop Manager.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Jungle Disk Desktop.lnk => C:\WINDOWS\pss\Jungle Disk Desktop.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^Deborah^Start Menu^Programs^Startup^Seagate 2GE6F6FJ Product Registration.lnk => C:\WINDOWS\pss\Seagate 2GE6F6FJ Product Registration.lnkStartup MSCONFIG\startupreg: Alcmtr => ALCMTR.EXE MSCONFIG\startupreg: AlcWzrd => ALCWZRD.EXE MSCONFIG\startupreg: BlackBerryAutoUpdate => C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\system32\igfxtray.exe MSCONFIG\startupreg: MaxMenuMgr => "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" MSCONFIG\startupreg: NeroFilterCheck => C:\WINDOWS\system32\NeroCheck.exe MSCONFIG\startupreg: PeachtreePrefetcher.exe => "C:\PROGRA~1\SAGESO~1\PEACHT~1\PeachtreePrefetcher.exe" /configfile:peachtreeprefetcher.winstart.config MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime MSCONFIG\startupreg: RIMDeviceManager => "C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" -RunServer MSCONFIG\startupreg: SoundMan => SOUNDMAN.EXE MSCONFIG\startupreg: Windows Defender => "C:\Program Files\Windows Defender\MSASCui.exe" -hide MSCONFIG\startupreg: WinPatrol => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot MSCONFIG\startupreg: ZoneAlarm Client => "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ========================= Accounts: ========================== Administrator (S-1-5-21-515967899-1214440339-1606980848-500 -> Administrator - Enabled - Status: OK) => %SystemDrive%\Documents and Settings\Administrator ASPNET (S-1-5-21-515967899-1214440339-1606980848-1004 -> Limited - Enabled - Status: OK) Deborah (S-1-5-21-515967899-1214440339-1606980848-1003 -> Administrator - Enabled - Status: OK) => %SystemDrive%\Documents and Settings\Deborah Guest (S-1-5-21-515967899-1214440339-1606980848-501 -> Limited - Disabled - Status: Degraded) HelpAssistant (S-1-5-21-515967899-1214440339-1606980848-1000 -> Limited - Disabled - Status: Degraded) SUPPORT_388945a0 (S-1-5-21-515967899-1214440339-1606980848-1002 -> Limited - Disabled - Status: Degraded) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/25/2014 09:30:43 AM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0. Error: (09/24/2014 07:23:52 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0. Error: (09/24/2014 02:00:55 AM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0. Error: (09/23/2014 11:42:34 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0. Error: (09/23/2014 06:54:25 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0. Error: (09/23/2014 00:04:08 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0. System errors: ============= Error: (09/25/2014 06:56:12 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service. Error: (09/25/2014 06:52:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service. Error: (09/25/2014 06:49:18 PM) (Source: PlugPlayManager) (EventID: 11) (User: ) Description: The device Root\LEGACY_AVGTDIX\0000 disappeared from the system without first being prepared for removal. Error: (09/25/2014 06:49:17 PM) (Source: PlugPlayManager) (EventID: 11) (User: ) Description: The device Root\LEGACY_AVGIDSSHIM\0000 disappeared from the system without first being prepared for removal. Error: (09/25/2014 05:07:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Search service failed to start due to the following error: %%1053 Error: (09/25/2014 05:07:15 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "%%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (09/25/2014 05:07:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Timeout (30000 milliseconds) waiting for the Windows Search service to connect. Error: (09/25/2014 09:31:56 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service. Error: (09/24/2014 07:25:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service. Error: (09/24/2014 07:24:44 PM) (Source: System Error) (EventID: 1003) (User: ) Description: Error code 10000050, parameter1 80000071, parameter2 00000000, parameter3 804f2989, parameter4 00000000. Microsoft Office Sessions: ========================= Error: (09/25/2014 09:30:43 AM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Error: (09/24/2014 07:23:52 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Error: (09/24/2014 02:00:55 AM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Error: (09/23/2014 11:42:34 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Error: (09/23/2014 06:54:25 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Error: (09/23/2014 00:04:08 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: ==================== Memory info =========================== Processor: Intel® Pentium® 4 CPU 3.00GHz Percentage of memory in use: 68% Total physical RAM: 1014.73 MB Available physical RAM: 318.67 MB Total Pagefile: 2443.61 MB Available Pagefile: 1602.61 MB Total Virtual: 2047.88 MB Available Virtual: 1936.49 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:186.3 GB) (Free:107.44 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 186.3 GB) (Disk ID: 4F08A268) Partition 1: (Active) - (Size=186.3 GB) - (Type=07 NTFS) ==================== End Of Log ============================

As requested, (FRST.txt) and (Addition.txt) in attached zip file Thanks Deb Frst.txt add.txt 9.24.zip

Below is log from Event Viewer after running chkdsk Checking file system on C: The type of the file system is NTFS. A disk check has been scheduled. Windows will now check the disk. Cleaning up instance tags for file 0x1108d. Cleaning up minor inconsistencies on the drive. Cleaning up 5285 unused index entries from index $SII of file 0x9. Cleaning up 5285 unused index entries from index $SDH of file 0x9. Cleaning up 5285 unused security descriptors. CHKDSK is verifying Usn Journal... Usn Journal verification completed. CHKDSK is verifying file data (stage 4 of 5)... File data verification completed. CHKDSK is verifying free space (stage 5 of 5)... Free space verification is complete. Windows has made corrections to the file system. 195350368 KB total disk space. 82163140 KB in 139099 files. 99244 KB in 11928 indexes. 0 KB in bad sectors. 284704 KB in use by the system. 65536 KB occupied by the log file. 112803280 KB available on disk. 4096 bytes in each allocation unit. 48837592 total allocation units on disk. 28200820 allocation units available on disk. Internal Info: 20 70 02 00 ff 4d 02 00 cb 4a 03 00 00 00 00 00 p...M...J...... ff 70 01 00 04 00 00 00 ef 1a 00 00 00 00 00 00 .p.............. 18 75 18 0a 00 00 00 00 b0 0d 02 21 01 00 00 00 .u.........!.... be ea d7 4c 00 00 00 00 2c f0 34 24 08 00 00 00 ...L....,.4$.... 24 08 b7 42 07 00 00 00 10 a1 dc e8 10 00 00 00 $..B............ 30 d3 d0 b2 00 00 00 00 90 38 07 00 5b 1f 02 00 0........8..[... 00 00 00 00 00 10 d7 96 13 00 00 00 98 2e 00 00 ................ Windows has finished checking your disk. Please wait while your computer restarts. For more information, see Help and Support Center at

I am running Windows XP. -can you still help me? I think I know how to run chkdsk from command prompt- but if you have instructions I would appreciate it. Thank you

As requested, I have posted in Malware Removal forum a new topic. thank you

Ron: I have moved my post to to this area as requested and started new topic. If you'd like me to assist you further with this myself then please say so in your new topic. Yes, please ! I've copied your last post below from : https://forums.malwarebytes.org/index.php?/topic/157397-bsod-mbamswissarmysys-file/ Thank you Deb The logs indicate that the computer is either currently infected or is suffering damage that was more than likely done by a previous infection. As we cannot work on malware removal or clean up in this sub-section of the forum I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue. If you'd like me to assist you further with this myself then please say so in your new topic. Thank you Ron Lewis

Please see attached zip file--thanksDiagnosticLogs9.22.zip

Hi, Second BSOD last night during scanning, file referenced is: mbamswissarmy.sys. I have attached the three diagonostic logs as requested - thank you in advance for your help. Deb