Deborahhh
-
Posts
27 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Deborahhh
-
-
HI T.H.E.
My computer is working ok--
-
I am attaching two fixlog.txt files.
the first I ran incorrectly WITHOUT the fixlist.txt file in same location (opps!)
and the second was run correctly.
Thanks!
-
-
Hi
I had a blue screen today which references file: MBAM Swissarmy.sys
(see attached .jpg)
I was able to restart the machine and run MBAM - no infection found.
A few days ago, MBAM's Malicious Website Protection was mysteriously "disabled" , and I was
UNABLE to enable it. I rebooted the machine and was able to enable it and it is enabled now.
Please advise
Thanks in advance
Deborah -
*rootkit_ssdt_hook
Hi
AVG detected rootkit_sskt_hook and cannot remove it. Malewarebytes rootkit scan comes up clean. Running Win 7
Please advise
Thank you for your advice.
Deborah
*rootkit_ssdt_hook
-
Hi
AVG detected rootkit_sskt_hook and cannot remove it. Malewarebytes rootkit scan comes up clean. Running Win 7
Please advise
Thank you for your advice.
Deborah
-
HI Ron
I said: The software manager for the hard drive has an erase/reformat function.( I am ok with losing the files)
Are you really sure you want to do that? Any documents, Pictures, videos, mail, etc will be gone and you won't be able to recover the data.
I thought it easier than going thru the cleaning process like we did on PC--the data is a back up of my PC and I'm ok backing up again to reformatted clean external drive. I was concerned if it was "safe" to do so at this point-I did not want to risk reinfecting my clean machine connecting the infected external driveNot sure what you mean about Software Manager. You should be able to open My Computer and then highlight the drive you want to format and right click and chose FORMAT
Here is link to instructions to erase/reformat: http://knowledge.seagate.com/articles/en_US/FAQ/199863en
Again, thanks for your help-I hope to have an updated 0/S on a new machine up and running soon- you are right this computer has run its course :-)
Deb
-
Ron
Thanks for the help in cleaning my machine! I've removed all the tools/logs and read thru your recommendations.One last question:
The external hard drive wound up being infected most likely with the same that virus that infected PC (I left MBAM scanning external hard drive last night and when I came in this morning there was blue screen due to MBAM swissarmy file.)
The software manager for the hard drive has an erase/reformat function.( I am ok with losing the files)
Is it safe to erase/reformat the infected external drive from my "clean" machine utilizing the software manager?
Thanks in advance for your advice
-
Ron
My computer was working fine today ---only item to note is the CPU usage goes very high and then low during scan. Other than that machine is very zippy
Currently I am scanning external hard drive back up w/ MBAM and that is only app open-usage goes to 100% to 55% to 19% and bounces back up and down again.
I scanned with AVG earlier and it found a few things. Do you have any other suggestions to clean external hard drive before I back up my newly cleaned machine? Maybe I should just reformat this thing to be on safe side?
Thank you
-
P.S. I do not use Thunderbird and have uninstalled it.
-
Ron:
Ran browser resets, and security check log is below.
Things seem normal now-- will report back later tonite after using computer today.
Thanks
Results of screen317's Security Check version 0.99.87
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG AntiVirus Free Edition 2015
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
WinPatrol
ZoneAlarm Spy Blocker
Windows Defender
Adobe Reader XI
Mozilla Firefox (32.0.3)
Mozilla Thunderbird (2.0.0 Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
WinPatrol winpatrol.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Malwarebytes Anti-Malware mbamscheduler.exe
Ruiware WinPatrol winpatrol.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 9%
````````````````````End of Log``````````````````````
-
Hi Ron
The computer is running ok-no blue screens-however only problem is Explorer crashing sometimes--is there any info I can forward (event viewer?) for your review with regard to this problem?
Below is log latest MBAM scan -
Thank you
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 10/1/2014
Scan Time: 2:40:51 AM
Logfile:
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.10.01.02
Rootkit Database: v2014.09.19.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Deborah
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 332864
Time Elapsed: 20 min, 19 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end) -
Ron:
Sorry for the delay- I have run all the fixes you requested.JavaRa 1.16 Removal Log is Post #14 Sept 26 above
I ran TFC and FRST
Is it normal for one of these programs to remove my saved passwords?(ie, my gmail log on and mbam log on were cleared)
Below is the Fixlog.txt
thanks again for your review and help with this.
Deb
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-09-2014
Ran by Deborah at 2014-09-29 15:49:01 Run:1
Running from C:\Documents and Settings\Deborah\Desktop
Loaded Profile: Deborah (Available profiles: Deborah & Administrator)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...er=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Task: C:\WINDOWS\Tasks\AVG_SYS_TASK_0414b.job => C:\Documents and Settings\All Users\Application Data\Avg_Update_0414b\AVG-Secure-Search-Update_0414b.exe
Task: C:\WINDOWS\Tasks\AVG_SYS_TASK_0814av.job => C:\Documents and Settings\All Users\Application Data\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-515967899-1214440339-1606980848-1003.job => C:\Program Files\Citrix\GoToMeeting\1694\g2mupdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1214440339-1606980848-1003Core.job => C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1214440339-1606980848-1003UA.job => C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\MP Scheduled Scan.job => C:\Program Files\Windows Defender\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-1214440339-1606980848-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-1214440339-1606980848-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
EmptyTemp:
Reboot:
*****************
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}" => Key not found.
"HKCR\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}" => Key deleted successfully.
"HKCR\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}" => Key deleted successfully.
"HKCR\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}" => Key deleted successfully.
C:\WINDOWS\Tasks\AVG_SYS_TASK_0414b.job => Moved successfully.
C:\WINDOWS\Tasks\AVG_SYS_TASK_0814av.job => Moved successfully.
C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-515967899-1214440339-1606980848-1003.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1214440339-1606980848-1003Core.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1214440339-1606980848-1003UA.job => Moved successfully.
C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => Moved successfully.
C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => Moved successfully.
C:\WINDOWS\Tasks\MP Scheduled Scan.job not found.
C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-1214440339-1606980848-1003.job => Moved successfully.
C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-1214440339-1606980848-1003.job => Moved successfully.
EmptyTemp: => Removed 110.9 MB temporary data.
The system needed a reboot.
==== End of Fixlog ==== -
JavaRa 1.16 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Fri Sep 26 22:21:37 2014
Found and removed: C:\Documents and Settings\Deborah\Application Data\Sun\Java\jre1.6.0_12
Found and removed: C:\Documents and Settings\Deborah\Application Data\Sun\Java\jre1.7.0_04
Found and removed: Applications\java.exe
Found and removed: Applications\javaw.exe
Found and removed: Software\Classes\JavaPlugin.160_14
Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.6.0.0
Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}
Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit
Found and removed: SOFTWARE\Microsoft\Internet Explorer\Low Rights
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Found and removed: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs
Found and removed: SOFTWARE\JavaSoft
Found and removed: SOFTWARE\JreMetrics
Found and removed: SOFTWARE\MozillaPlugins
------------------------------------
Finished reporting.
JavaRa 1.16 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Fri Sep 26 22:21:51 2014
------------------------------------
Finished reporting.
-
Please ignore the above message..I have add/remove programs back in control panel :-)
I will post back
-
Please go into Control Panel, Add/Remove and uninstall ALL versions of Java My Add or Remove Programs is an empty blank space. http://support2.microsoft.com/kb/266668#FixItForMeAlways I tried the 'fix it' tool at link above and no change I tried REGSVR32 APPWIZ.CPL at command prompt and received this message : "DLLREGISTERSERVER in appwiz.cpl succeeded". However, the problem remains even with reboot.
I thought it best to post before trying any other fixes to get add/remove programs in control panel back.
Thank you
-
Hi Ron
As requested, MBAM application log, FRST and Additions logs copied below.
AVG scan is clean.
thanks
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 9/25/2014
Scan Time: 6:58:57 PM
Logfile: MBAM Application log 9.25.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.09.25.10
Rootkit Database: v2014.09.19.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Deborah
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 341596
Time Elapsed: 52 min, 49 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-09-2014
Ran by Deborah (administrator) on HOME-54822832EF on 25-09-2014 21:34:57
Running from C:\Documents and Settings\Deborah\Desktop
Loaded Profile: Deborah (Available profiles: Deborah & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Documents and Settings\All Users\Application Data\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe
() C:\Documents and Settings\All Users\Application Data\Avg_Update_0414b\AVG-Secure-Search-Update_0414b.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Maxtor Corporation) C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe
(Maxtor Corp.) C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
(Ruiware LLC) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Microsoft® Corporation) C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
(Seagate Technology LLC) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2svc.exe
() C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2comm.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2pre.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2tray.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
( ) C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
(Pervasive Software Inc.) C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2mainh.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2host.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2audioh.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2printh.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [PeachtreePrefetcher.exe] => C:\Program Files\Sage Software\Peachtree\PeachtreePrefetcher.exe [320816 2013-11-07] (Sage Software, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [MaxtorOneTouch] => C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe [712704 2006-03-27] (Maxtor Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [mxomssmenu] => C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe [81920 2005-10-17] (Maxtor Corp.)
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\avg8upg\avgmfapx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\avg8upg\avgntdumpx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\avg8upg\avgrdtestx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\avg8upg\avgrdtestx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\avg8upg\avgremoverx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\avg8upg\avg8upgx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\avg8upg\avgmfapx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\googletoolbar\googletoolbar.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\avg8upg\avgrunasx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\avg8upg\avgrunasx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\avg8upg\avgrdtestx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\googletoolbar\googletoolbar.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\avg8upg\avgntdumpx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\avg8upg\setup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\avg8upg\avgmfapx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\avg8upg\avgntdumpx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\avg8upg\setup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\avg8upg\avgntdumpx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\googletoolbar\googletoolbar.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\avg8upg\avgrunasx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\avg8upg\avgmfapx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\avg8upg\avgrunasx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\avg8upg\avgremoverx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\avg8upg\avg8upgx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\avg8upg\avgremoverx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\googletoolbar\googletoolbar.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\avg8upg\avg8upgx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\avg8upg\avg8upgx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\avg8upg\avgremoverx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\avg8upg\avgrdtestx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\avg8upg\setup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\avg8upg\setup.exe <====== ATTENTION
Winlogon\Notify\avgrsstarter: C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\GoToMyPC: C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
HKU\S-1-5-21-515967899-1214440339-1606980848-1003\...\Run: [AVG-Secure-Search-Update_0414b] => C:\Documents and Settings\Deborah\Application Data\Avg_Update_0414b\AVG-Secure-Search-Update_0414b.exe [2707480 2014-04-09] ()
HKU\S-1-5-21-515967899-1214440339-1606980848-1003\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [39264 2007-03-13] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\Deborah\Start Menu\Programs\Startup\wkcalrem.LNK
ShortcutTarget: wkcalrem.LNK -> C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\6ljv1ced.default
FF Homepage: hxxp://www.smbiz.com/|about:newtab
FF NetworkProxy: "type", 4
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.6.14 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.6.14 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.6.14 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @rim.com/npappworld -> C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\atgpcdec.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\atgpcext.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ieatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPZoneSB.dll (Check Point Software Technologies Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ptexmeet.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\ieatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Deborah\Application Data\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\6ljv1ced.default\searchplugins\wolframalpha.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: HTTPS-Everywhere - C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\6ljv1ced.default\Extensions\https-everywhere@eff.org [2014-09-12]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\6ljv1ced.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-08-12]
FF Extension: Delicious Bookmarks - C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\6ljv1ced.default\Extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} [2012-10-22]
FF Extension: WOT - C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\6ljv1ced.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-29]
FF Extension: Personas Plus - C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\6ljv1ced.default\Extensions\personas@christopher.beard.xpi [2013-03-04]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-25]
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-11-19]
Chrome:
=======
CHR HomePage: Default -> hxxp://mail.google.com/mail/?um=1&hl=en&shva=1#inbox
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.43\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (ZoneAlarm Spy Blocker Plugin Stub) - C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll (Check Point Software Technologies Ltd.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Google Update) - C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (Java Platform SE 7 U9) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (BlackBerry AppWorld) - C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR CustomProfile: C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2013-01-17]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-11-19]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 FreeAgentGoNext Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [189736 2009-12-18] (Seagate Technology LLC)
R2 GoToMyPC; C:\Program Files\Citrix\GoToMyPC\g2svc.exe [1335640 2014-01-30] (Citrix Online, a division of Citrix Systems, Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MaxBackServiceInt; C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe [184320 2006-02-15] () [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NTService1; C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe [106496 2006-02-07] ( ) [File not signed]
R2 psqlWGE; C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe [436040 2013-01-08] (Pervasive Software Inc.)
S3 Sage 50 SmartPosting 2014; C:\Program Files\Sage Software\Peachtree\SmartPostingService2014.exe [335664 2013-11-07] (Sage Software, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2008-02-27] () [File not signed]
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 IntelS51; C:\WINDOWS\System32\DRIVERS\IntelS51.sys [1903338 2004-12-10] (Intel Corporation)
R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [53208 2014-05-12] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-25] (Malwarebytes Corporation)
R2 monblanking; C:\WINDOWS\System32\DRIVERS\monblanking.sys [29280 2014-01-30] (Citrix Systems, Inc.)
S3 MXOPSWD; C:\WINDOWS\System32\DRIVERS\mxopswd.sys [15360 2005-04-06] (Maxtor Corp.)
R3 RT61; C:\WINDOWS\System32\DRIVERS\RT61.sys [356096 2005-10-27] (Ralink Technology Inc.)
R3 SMBios; C:\WINDOWS\System32\DRIVERS\SMBios.sys [36484 2004-06-06] (Intel Corporation) [File not signed]
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [5248 2006-09-24] (Windows ® 2000 DDK provider) [File not signed]
S3 WDC_SAM; system32\DRIVERS\wdcsam.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-25 21:34 - 2014-09-25 21:36 - 00036204 _____ () C:\Documents and Settings\Deborah\Desktop\FRST.txt
2014-09-25 21:34 - 2014-09-25 21:34 - 00000000 ____D () C:\Documents and Settings\Deborah\Desktop\FRST-OlderVersion
2014-09-25 10:12 - 2014-09-25 21:33 - 00000000 ____D () C:\Documents and Settings\Deborah\Desktop\Sept 25 mb help
2014-09-24 19:23 - 2014-09-24 19:22 - 00090112 _____ () C:\WINDOWS\Minidump\Mini092414-01.dmp
2014-09-24 12:07 - 2014-09-24 12:07 - 00018142 _____ () C:\Documents and Settings\Deborah\Desktop\Frst.txt add.txt 9.24.zip
2014-09-24 12:05 - 2014-09-24 12:07 - 00000000 ____D () C:\Documents and Settings\Deborah\Desktop\Frst.txt add.txt 9.24.14
2014-09-22 16:40 - 2014-09-22 16:43 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-22 16:29 - 2014-09-22 16:29 - 00029289 _____ () C:\Documents and Settings\Deborah\Desktop\DiagnosticLogs9.22.zip
2014-09-22 16:28 - 2014-09-22 16:28 - 00000000 ____D () C:\Documents and Settings\Deborah\Desktop\DiagnosticLogs9.22.14
2014-09-22 16:09 - 2014-09-25 21:35 - 00000000 ____D () C:\FRST
2014-09-22 15:09 - 2014-09-25 18:53 - 00000000 ____D () C:\Documents and Settings\Deborah\Desktop\New Folder
2014-09-22 15:09 - 2014-09-22 15:09 - 01682416 _____ (Malwarebytes Corporation) C:\Documents and Settings\Deborah\Desktop\mbam-check-2.1.1.1001.exe
2014-09-22 11:56 - 2014-09-25 21:34 - 01100288 _____ (Farbar) C:\Documents and Settings\Deborah\Desktop\FRST.exe
2014-09-22 10:45 - 2014-09-22 10:44 - 00090112 _____ () C:\WINDOWS\Minidump\Mini092214-01.dmp
2014-09-19 18:26 - 2014-09-25 18:58 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-19 18:26 - 2014-09-19 18:26 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-19 18:26 - 2014-09-19 18:26 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-19 18:26 - 2014-09-19 18:26 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-19 18:26 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-09-19 18:26 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-09-19 11:24 - 2014-09-19 11:24 - 00000000 ___HD () C:\WINDOWS\PIF
2014-09-18 10:06 - 2014-09-18 10:06 - 00090112 _____ () C:\WINDOWS\Minidump\Mini091814-01.dmp
2014-09-17 17:07 - 2014-09-17 17:07 - 02363888 _____ () C:\Documents and Settings\Deborah\My Documents\Scan14-09-17 1615.tif
2014-09-16 18:29 - 2014-09-16 18:29 - 00134796 _____ () C:\Documents and Settings\Deborah\My Documents\INV 64 tkts.tif
2014-09-08 19:26 - 2014-09-08 19:26 - 00045056 _____ () C:\A&A COGS analysis2012 vs 2013 dated 9.8.14.xls
2014-08-26 20:15 - 2014-09-25 18:55 - 00000596 _____ () C:\WINDOWS\Tasks\AVG_SYS_TASK_0814av.job
2014-08-26 20:15 - 2014-08-26 20:16 - 00000000 ____D () C:\Documents and Settings\Deborah\Application Data\Avg_Update_0814av
2014-08-26 20:15 - 2014-08-26 20:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Avg_Update_0814av
2014-08-26 09:32 - 2014-09-25 18:56 - 00000290 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-1214440339-1606980848-1003.job
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-25 21:36 - 2013-03-27 11:48 - 00000000 ____D () C:\Documents and Settings\Deborah\Local Settings\temp
2014-09-25 21:36 - 2009-02-20 13:27 - 01687829 _____ () C:\WINDOWS\pfirewall.log
2014-09-25 20:46 - 2009-07-01 10:33 - 00000986 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1214440339-1606980848-1003UA.job
2014-09-25 20:44 - 2014-02-21 13:02 - 00000518 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-515967899-1214440339-1606980848-1003.job
2014-09-25 20:07 - 2013-03-27 11:48 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-09-25 19:20 - 2009-02-11 15:46 - 01574136 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-25 19:19 - 2009-08-26 10:38 - 00000330 ____H () C:\WINDOWS\Tasks\MP Scheduled Scan.job
2014-09-25 18:56 - 2014-01-17 19:58 - 00000282 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-1214440339-1606980848-1003.job
2014-09-25 18:56 - 2008-04-14 08:00 - 00002422 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-25 18:55 - 2014-04-18 14:55 - 00000590 _____ () C:\WINDOWS\Tasks\AVG_SYS_TASK_0414b.job
2014-09-25 18:55 - 2014-03-11 10:23 - 00000226 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-09-25 18:55 - 2009-02-11 10:40 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-09-25 18:55 - 2009-02-11 10:40 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-09-25 18:54 - 2009-02-11 15:52 - 00000178 ___SH () C:\Documents and Settings\Deborah\ntuser.ini
2014-09-25 18:54 - 2009-02-11 15:50 - 00032410 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-25 18:54 - 2009-02-11 15:50 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-25 18:50 - 2013-09-11 12:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-09-25 18:50 - 2009-02-11 17:16 - 00000000 ____D () C:\Program Files\AVG
2014-09-25 18:49 - 2013-12-11 13:46 - 00000716 _____ () C:\WINDOWS\pvsw.log
2014-09-25 18:45 - 2010-11-26 17:17 - 00422666 _____ () C:\WINDOWS\setupapi.log
2014-09-25 17:42 - 2009-03-18 17:20 - 00000000 ____D () C:\Documents and Settings\Deborah\Application Data\Canon
2014-09-25 14:58 - 2009-02-20 13:27 - 04194309 _____ () C:\WINDOWS\pfirewall.log.old
2014-09-25 14:46 - 2009-07-01 10:33 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1214440339-1606980848-1003Core.job
2014-09-24 19:23 - 2010-03-17 15:58 - 00000000 ____D () C:\WINDOWS\Minidump
2014-09-24 16:07 - 2009-02-12 13:29 - 00051756 _____ () C:\Documents and Settings\Deborah\Application Data\wklnhst.dat
2014-09-23 12:03 - 2012-05-08 11:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-19 11:34 - 2009-09-22 16:39 - 00000000 ____D () C:\Program Files\SpeedFan
2014-09-18 16:29 - 2009-02-11 10:36 - 00192561 _____ () C:\WINDOWS\setupact.log
2014-09-17 12:31 - 2013-11-06 14:13 - 00000000 ____D () C:\Documents and Settings\Deborah\Tracing
2014-09-17 10:25 - 2009-02-11 17:29 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-09-15 18:39 - 2009-02-12 12:55 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini
2014-09-15 18:33 - 2013-03-23 12:38 - 00000000 ____D () C:\Documents and Settings\Deborah\My Documents\1234DESKTOP MAR 22 2013
2014-09-15 09:06 - 2009-10-16 16:35 - 00231568 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-09-11 17:54 - 2013-07-24 17:20 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-11 17:33 - 2009-02-11 17:04 - 98758480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-11 16:52 - 2013-02-26 13:47 - 00000000 ____D () C:\Documents and Settings\Deborah\My Documents\2013 WorkPapers
2014-09-11 16:48 - 2014-04-14 16:50 - 00000000 ____D () C:\Documents and Settings\Deborah\My Documents\2014WorkPapers
2014-09-08 15:00 - 2014-03-11 10:23 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-09-05 08:50 - 2009-02-12 12:47 - 00000000 ____D () C:\Documents and Settings\Deborah\My Documents\NewHireInfo
2014-08-26 10:36 - 2011-12-08 14:59 - 00000000 ____D () C:\Documents and Settings\Deborah\My Documents\Bern.NewAdvisor
Some content of TEMP:
====================
C:\Documents and Settings\Deborah\Local Settings\temp\oi_{5838660A-53D9-4408-8A64-36152C86F421}.exe
C:\Documents and Settings\Deborah\Local Settings\temp\sfamcc00001.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-09-2014
Ran by Deborah at 2014-09-25 21:38:04
Running from C:\Documents and Settings\Deborah\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Reader XI (11.0.03) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Belarc Advisor 7.2 (HKLM\...\Belarc Advisor) (Version: - )
BlackBerry App World Browser Plugin (HKLM\...\{7C3911B4-3763-4037-B37E-8D7A305967B8}) (Version: 3.1.3.6 - Research In Motion Limited)
BlackBerry Desktop Software 5.0.1 (HKLM\...\BlackBerry_{CE86E2F5-850C-4207-94A3-A58D647B1733}) (Version: 5.0.1.37 - Research In Motion Ltd.)
BlackBerry Desktop Software 5.0.1 (Version: 5.0.1.37 - Research In Motion Ltd.) Hidden
BlackBerry® Media Sync (HKLM\...\{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}) (Version: 2.0.28 - Research In Motion)
Blu Dot Clock (HKLM\...\Clock 1.0) (Version: 1.0 - Blu Dot)
Bullzip PDF Printer 6.0.0.766 (HKLM\...\Bullzip PDF Printer_is1) (Version: - Bullzip)
Carbonite Online Backup Setup (HKLM\...\Carbonite Setup Lite) (Version: 3.8.0 - Carbonite Inc.)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM\...\{C57F6C71-C365-4AFF-9108-397BBAD6127F}) (Version: 1.0.204 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Crystal Reports 2008 Runtime SP1 (HKLM\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.1.0.882 - Business Objects)
CutePDF Writer 2.7 (HKLM\...\CutePDF Writer Installation) (Version: - )
Duplicate Finder 2009 v2.4 (HKLM\...\Duplicate Finder 2009_is1) (Version: - Ashisoft)
Easy Duplicate Finder v. 3.0 (HKLM\...\Easy Duplicate Finder_is1) (Version: - WebMinds, Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Free Disk Analyzer (HKLM\...\Free Disk Analyzer) (Version: 1.0.1.22 - Extensoft)
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
GoogleToolBar (HKCU\...\GoogleToolBar) (Version: - Gaby de Wilde)
GoToMeeting 7.0.0.1694 (HKCU\...\GoToMeeting) (Version: 7.0.0.1694 - CitrixOnline)
GoToMyPC (HKLM\...\{5FAB6702-2810-4C95-9840-876C2D6D12A5}) (Version: 8.1.1337 - Citrix Online)
GPL Ghostscript Lite 8.63 (HKLM\...\GPL Ghostscript Lite_is1) (Version: - )
HDD Health v3.3 Beta (HKLM\...\HDD Health_is1) (Version: - )
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
hp LaserJet-all-in-one (HKLM\...\hp LaserJet-all-in-one) (Version: - hp)
Intel® 536EP Modem (HKLM\...\Intel® 536EP Modem) (Version: - )
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: - )
Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version: - )
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
LaserAIO (Version: 1.00.0000 - Hewlett-Packard) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Maxtor Backup (HKLM\...\InstallShield_{9C3F9580-F5CF-4288-894E-9FF0EB24A21C}) (Version: 1.00.0040 - Maxtor)
Maxtor Backup (Version: 1.00.0040 - Maxtor) Hidden
Maxtor OneTouch III (HKLM\...\InstallShield_{60EEB642-E9E0-45A2-A676-B9D8FE17C4A9}) (Version: 3.02.0060 - Maxtor)
Maxtor OneTouch III (Version: 3.02.0060 - Maxtor) Hidden
MFC RunTime files (Version: 1.0.0 - Extensoft) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Automated Troubleshooting Services Shim (HKLM\...\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb) (Version: - )
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0080 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version: - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version: - Microsoft Corporation) Hidden
Microsoft Office Live Meeting 2007 (HKLM\...\{389F8A7A-8611-42E8-8169-20D2BAF0C595}) (Version: 8.0.6362.215 - Microsoft Corporation)
Microsoft Office XP Standard for Students and Teachers (HKLM\...\{913D0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.31119 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31124 - Microsoft Corporation) Hidden
Microsoft Word 2002 (HKLM\...\{911B0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
Microsoft Works 2005 Setup Launcher (HKLM\...\Works2005Setup) (Version: - )
Microsoft Works Suite Add-in for Microsoft Word (HKLM\...\{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}) (Version: 8.0.0.0000 - Microsoft Corporation)
Mozilla Firefox 32.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.2 (x86 en-US)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird (2.0.0.21) (HKLM\...\Mozilla Thunderbird (2.0.0.21)) (Version: 2.0.0.21 (en-US) - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal Seagate Edition (HKLM\...\{78E9A751-5616-233F-1249-16AC5758C646}) (Version: 7.0.41.11017 - muvee Technologies Pte Ltd)
Nero OEM (HKLM\...\Nero - Burning Rom!UninstallKey) (Version: - )
Network Recording Player (HKLM\...\{B74F2CE0-4E8A-44DD-B542-888D7E2A22F1}) (Version: 2.23.2511 - Cisco WebEx LLC)
Opera 12.15 (HKLM\...\Opera 12.15.1748) (Version: 12.15.1748 - Opera Software ASA)
Peachtree Business Analytics (HKLM\...\{7AFCA760-E2DD-40C2-B03A-EEF03AA3197F}) (Version: 2008.0.3.1823 - Sage Software Inc.)
Peachtree Complete Accounting 2010 (HKLM\...\Peachtree Complete Accounting) (Version: - )
PeachTree Signature Ready Forms (Version: 6.11.1 - Sage Software SB, Inc.) Hidden
Pervasive PSQL v11 Workgroup (32-bit) (Version: 11.30.057 - Pervasive Software) Hidden
Pervasive PSQL v11 Workgroup (32-bit) SP3 (HKLM\...\Pervasive PSQL v11 Workgroup (32-bit)) (Version: 11.30.057 - Pervasive Software)
Pervasive Software PSQL v9.1 Client (HKLM\...\Pervasive Software PSQL v9.1 Workgroup_is1) (Version: - Pervasive Software)
Pervasive System Analyzer v9.1 (HKLM\...\Pervasive System Analyzer_is1) (Version: - Pervasive Software)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )
QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Sage 50 Accounting 2014 (HKLM\...\InstallShield_{D2ADA6F5-F155-4A37-87CA-599E81F6C6C0}) (Version: 21.02.00 - Sage Software, Inc.)
Sage 50 Accounting 2014 (Version: 21.02.00 - Sage Software, Inc.) Hidden
Sage 50 Accounting Tax Forms (Version: 12.4.15 - Sage Software SB, Inc.) Hidden
Sage Download Manager (HKCU\...\2f8d25aeed0b3ae4) (Version: 1.0.0.9 - Sage)
Sage Message Center (Version: 2.00.0000 - Sage Software Inc.) Hidden
Sage Software Integration Services (HKLM\...\Integration Services) (Version: 2.2.2240 - Sage Technology)
SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit) (HKLM\...\{AAD476D7-FC64-40BC-85EA-0C1FD98D8375}) (Version: 13.0.3.612 - SAP)
Scan (Version: 3.5.0.0 - Hewlett-Packard) Hidden
Seagate Manager Installer (HKLM\...\InstallShield_{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}) (Version: 2.01.0700 - Seagate)
Seagate Manager Installer (Version: 2.01.0700 - Seagate) Hidden
SeaTools for Windows (HKLM\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.2 - Seagate Technology)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )
Spotify (HKLM\...\Spotify) (Version: 0.5.2 - )
Times Reader (HKLM\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.053 - The New York Times Company)
Times Reader (Version: 2.053 - The New York Times Company) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676-v2) (HKLM\...\KB2616676-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2808679) (HKLM\...\KB2808679) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebEx Event Manager for Firefox or Chrome (HKLM\...\{72D5CE45-485E-477F-A4BD-B9BB0BCFFFF4}) (Version: 28.12.1.16851 - Cisco WebEx LLC)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Defender (HKLM\...\{A06275F4-324B-4E85-95E6-87B2CD729401}) (Version: 1.1.1593.21 - Microsoft Corporation)
Windows Driver Package - Citrix Systems monblanking Citrix Driver (04/25/2013 6.2.101.0) (HKLM\...\831FB1509292986F102B3AB7C8451FA1EA13B0F7) (Version: 04/25/2013 6.2.101.0 - Citrix Systems)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Media Player 11 (Version: - Microsoft Corporation) Hidden
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
Works Upgrade (Version: 8.0.0.0000 - Microsoft Corporation) Hidden
XMLinst (HKLM\...\{EA23971F-2CEE-48FC-B64D-7F74A6EF90F0}) (Version: 1.0.0.0 - Intel Corporation)
ZoneAlarm Spy Blocker (HKLM\...\ZoneAlarmSB Uninstall) (Version: - ZoneAlarm)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.21.135\psuser.dl (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.2.183.23\goopdate. (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dll (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Chrome\Application\37.0.2062.124\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.21.145\psuser.dl (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.21.123\psuser.dl (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.21.153\psuser.dl (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1440\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.21.149\psuser.dl (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dl (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dll (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.24.7\psuser.dll (the data entry has 7 more characters).
==================== Restore Points =========================
30-06-2014 15:32:59 System Checkpoint
01-07-2014 17:12:16 System Checkpoint
02-07-2014 22:15:11 Installed Sage 50 Payroll Solutions Update
07-07-2014 18:28:38 System Checkpoint
09-07-2014 17:22:22 System Checkpoint
09-07-2014 22:58:13 Software Distribution Service 3.0
11-07-2014 22:30:34 System Checkpoint
14-07-2014 16:55:32 System Checkpoint
15-07-2014 18:01:07 System Checkpoint
17-07-2014 15:28:59 System Checkpoint
18-07-2014 16:00:37 System Checkpoint
18-07-2014 21:34:41 Installed GoToMyPC
19-07-2014 22:04:56 System Checkpoint
20-07-2014 22:05:40 System Checkpoint
22-07-2014 15:59:03 System Checkpoint
23-07-2014 19:22:56 System Checkpoint
24-07-2014 19:56:28 System Checkpoint
25-07-2014 15:38:47 Installed Sage 50 Payroll Solutions Update
26-07-2014 16:28:16 System Checkpoint
27-07-2014 17:16:16 System Checkpoint
28-07-2014 20:30:36 System Checkpoint
29-07-2014 20:44:50 System Checkpoint
31-07-2014 12:40:39 System Checkpoint
01-08-2014 13:37:09 System Checkpoint
01-08-2014 14:21:28 Installed AVG 2014
01-08-2014 14:28:22 Removed AVG 2014
02-08-2014 15:07:15 System Checkpoint
03-08-2014 15:19:17 System Checkpoint
04-08-2014 16:19:16 System Checkpoint
05-08-2014 22:19:10 System Checkpoint
07-08-2014 14:49:23 System Checkpoint
08-08-2014 20:10:26 System Checkpoint
09-08-2014 21:21:25 System Checkpoint
10-08-2014 22:21:22 System Checkpoint
12-08-2014 16:40:57 System Checkpoint
13-08-2014 19:41:04 System Checkpoint
13-08-2014 23:17:26 Software Distribution Service 3.0
15-08-2014 14:45:37 System Checkpoint
16-08-2014 15:51:54 System Checkpoint
17-08-2014 16:25:09 System Checkpoint
18-08-2014 16:39:15 System Checkpoint
19-08-2014 22:55:25 System Checkpoint
21-08-2014 17:07:32 System Checkpoint
22-08-2014 18:27:17 System Checkpoint
23-08-2014 18:39:14 System Checkpoint
24-08-2014 18:53:46 System Checkpoint
26-08-2014 00:43:42 System Checkpoint
27-08-2014 00:54:39 System Checkpoint
28-08-2014 15:55:01 System Checkpoint
29-08-2014 23:43:36 System Checkpoint
31-08-2014 00:57:44 System Checkpoint
01-09-2014 01:09:44 System Checkpoint
02-09-2014 01:10:15 System Checkpoint
03-09-2014 01:58:17 System Checkpoint
04-09-2014 20:32:59 System Checkpoint
05-09-2014 22:22:21 System Checkpoint
06-09-2014 22:52:45 System Checkpoint
08-09-2014 17:06:46 System Checkpoint
10-09-2014 19:14:16 System Checkpoint
11-09-2014 21:33:11 Software Distribution Service 3.0
13-09-2014 00:07:33 System Checkpoint
14-09-2014 00:30:56 System Checkpoint
15-09-2014 01:06:56 System Checkpoint
16-09-2014 17:52:43 System Checkpoint
17-09-2014 20:45:03 System Checkpoint
19-09-2014 23:39:52 System Checkpoint
21-09-2014 00:32:33 System Checkpoint
22-09-2014 01:09:02 System Checkpoint
23-09-2014 17:43:44 System Checkpoint
24-09-2014 03:39:35 Removed Jungle Disk Desktop
25-09-2014 22:44:14 Removed AVG 2014
25-09-2014 22:46:31 Removed AVG 2014
25-09-2014 23:17:14 Software Distribution Service 3.0
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-02-13 10:41 - 2013-03-27 11:45 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\AVG_SYS_TASK_0414b.job => C:\Documents and Settings\All Users\Application Data\Avg_Update_0414b\AVG-Secure-Search-Update_0414b.exe
Task: C:\WINDOWS\Tasks\AVG_SYS_TASK_0814av.job => C:\Documents and Settings\All Users\Application Data\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-515967899-1214440339-1606980848-1003.job => C:\Program Files\Citrix\GoToMeeting\1694\g2mupdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1214440339-1606980848-1003Core.job => C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1214440339-1606980848-1003UA.job => C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\MP Scheduled Scan.job => C:\Program Files\Windows Defender\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-1214440339-1606980848-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-1214440339-1606980848-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
==================== Loaded Modules (whitelisted) =============
2009-03-18 17:37 - 2007-07-12 22:33 - 00087552 _____ () C:\WINDOWS\system32\cpwmon2k.dll
2002-05-03 17:40 - 2002-05-03 17:40 - 00094274 _____ () C:\WINDOWS\system32\HPBHealr.dll
2014-08-26 20:15 - 2014-08-12 12:10 - 02775576 _____ () C:\Documents and Settings\All Users\Application Data\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe
2014-04-18 14:55 - 2014-04-09 03:48 - 02707480 _____ () C:\Documents and Settings\All Users\Application Data\Avg_Update_0414b\AVG-Secure-Search-Update_0414b.exe
2006-02-15 10:56 - 2006-02-15 10:56 - 00184320 _____ () C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk => C:\WINDOWS\pss\Desktop Manager.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Jungle Disk Desktop.lnk => C:\WINDOWS\pss\Jungle Disk Desktop.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Deborah^Start Menu^Programs^Startup^Seagate 2GE6F6FJ Product Registration.lnk => C:\WINDOWS\pss\Seagate 2GE6F6FJ Product Registration.lnkStartup
MSCONFIG\startupreg: Alcmtr => ALCMTR.EXE
MSCONFIG\startupreg: AlcWzrd => ALCWZRD.EXE
MSCONFIG\startupreg: BlackBerryAutoUpdate => C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: MaxMenuMgr => "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
MSCONFIG\startupreg: NeroFilterCheck => C:\WINDOWS\system32\NeroCheck.exe
MSCONFIG\startupreg: PeachtreePrefetcher.exe => "C:\PROGRA~1\SAGESO~1\PEACHT~1\PeachtreePrefetcher.exe" /configfile:peachtreeprefetcher.winstart.config
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: RIMDeviceManager => "C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" -RunServer
MSCONFIG\startupreg: SoundMan => SOUNDMAN.EXE
MSCONFIG\startupreg: Windows Defender => "C:\Program Files\Windows Defender\MSASCui.exe" -hide
MSCONFIG\startupreg: WinPatrol => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
MSCONFIG\startupreg: ZoneAlarm Client => "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-515967899-1214440339-1606980848-500 -> Administrator - Enabled - Status: OK) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-515967899-1214440339-1606980848-1004 -> Limited - Enabled - Status: OK)
Deborah (S-1-5-21-515967899-1214440339-1606980848-1003 -> Administrator - Enabled - Status: OK) => %SystemDrive%\Documents and Settings\Deborah
Guest (S-1-5-21-515967899-1214440339-1606980848-501 -> Limited - Disabled - Status: Degraded)
HelpAssistant (S-1-5-21-515967899-1214440339-1606980848-1000 -> Limited - Disabled - Status: Degraded)
SUPPORT_388945a0 (S-1-5-21-515967899-1214440339-1606980848-1002 -> Limited - Disabled - Status: Degraded)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/25/2014 09:30:43 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.
Error: (09/24/2014 07:23:52 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.
Error: (09/24/2014 02:00:55 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.
Error: (09/23/2014 11:42:34 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.
Error: (09/23/2014 06:54:25 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.
Error: (09/23/2014 00:04:08 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.
System errors:
=============
Error: (09/25/2014 06:56:12 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
Error: (09/25/2014 06:52:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
Error: (09/25/2014 06:49:18 PM) (Source: PlugPlayManager) (EventID: 11) (User: )
Description: The device Root\LEGACY_AVGTDIX\0000 disappeared from the system without first being prepared for removal.
Error: (09/25/2014 06:49:17 PM) (Source: PlugPlayManager) (EventID: 11) (User: )
Description: The device Root\LEGACY_AVGIDSSHIM\0000 disappeared from the system without first being prepared for removal.
Error: (09/25/2014 05:07:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053
Error: (09/25/2014 05:07:15 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1053" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (09/25/2014 05:07:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
Error: (09/25/2014 09:31:56 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
Error: (09/24/2014 07:25:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
Error: (09/24/2014 07:24:44 PM) (Source: System Error) (EventID: 1003) (User: )
Description: Error code 10000050, parameter1 80000071, parameter2 00000000, parameter3 804f2989, parameter4 00000000.
Microsoft Office Sessions:
=========================
Error: (09/25/2014 09:30:43 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (09/24/2014 07:23:52 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (09/24/2014 02:00:55 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (09/23/2014 11:42:34 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (09/23/2014 06:54:25 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (09/23/2014 00:04:08 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
==================== Memory info ===========================
Processor: Intel® Pentium® 4 CPU 3.00GHz
Percentage of memory in use: 68%
Total physical RAM: 1014.73 MB
Available physical RAM: 318.67 MB
Total Pagefile: 2443.61 MB
Available Pagefile: 1602.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1936.49 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:186.3 GB) (Free:107.44 GB) NTFS ==>[Drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 186.3 GB) (Disk ID: 4F08A268)
Partition 1: (Active) - (Size=186.3 GB) - (Type=07 NTFS)
==================== End Of Log ============================ -
-
Below is log from Event Viewer after running chkdsk
Checking file system on C:
The type of the file system is NTFS.
A disk check has been scheduled.
Windows will now check the disk.
Cleaning up instance tags for file 0x1108d.
Cleaning up minor inconsistencies on the drive.
Cleaning up 5285 unused index entries from index $SII of file 0x9.
Cleaning up 5285 unused index entries from index $SDH of file 0x9.
Cleaning up 5285 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.
Windows has made corrections to the file system.
195350368 KB total disk space.
82163140 KB in 139099 files.
99244 KB in 11928 indexes.
0 KB in bad sectors.
284704 KB in use by the system.
65536 KB occupied by the log file.
112803280 KB available on disk.
4096 bytes in each allocation unit.
48837592 total allocation units on disk.
28200820 allocation units available on disk.
Internal Info:
20 70 02 00 ff 4d 02 00 cb 4a 03 00 00 00 00 00 p...M...J......
ff 70 01 00 04 00 00 00 ef 1a 00 00 00 00 00 00 .p..............
18 75 18 0a 00 00 00 00 b0 0d 02 21 01 00 00 00 .u.........!....
be ea d7 4c 00 00 00 00 2c f0 34 24 08 00 00 00 ...L....,.4$....
24 08 b7 42 07 00 00 00 10 a1 dc e8 10 00 00 00 $..B............
30 d3 d0 b2 00 00 00 00 90 38 07 00 5b 1f 02 00 0........8..[...
00 00 00 00 00 10 d7 96 13 00 00 00 98 2e 00 00 ................
Windows has finished checking your disk.
Please wait while your computer restarts.
For more information, see Help and Support Center at -
I am running Windows XP. -can you still help me?
I think I know how to run chkdsk from command prompt- but if you
have instructions I would appreciate it.
Thank you
-
As requested, I have posted in Malware Removal forum a new topic.
thank you
-
Ron:
I have moved my post to to this area as requested and started new topic.
If you'd like me to assist you further with this myself then please say so in your new topic.
Yes, please ! I've copied your last post below from : https://forums.malwarebytes.org/index.php?/topic/157397-bsod-mbamswissarmysys-file/
Thank youDeb
The logs indicate that the computer is either currently infected or is suffering damage that was more than likely done by a previous infection.
Application errors:
==================
Error: (09/22/2014 03:55:28 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.
Error: (09/22/2014 03:30:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x01460fef.
Processing media-specific event for [explorer.exe!ws!]As we cannot work on malware removal or clean up in this sub-section of the forum I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue.
If you'd like me to assist you further with this myself then please say so in your new topic.
Thank you
Ron Lewis
-
Please see attached zip file--thanksDiagnosticLogs9.22.zip
-
Hi,
Second BSOD last night during scanning, file referenced is: mbamswissarmy.sys.
I have attached the three diagonostic logs as requested
- thank you in advance for your help.
Deb
MBAM Swissarmy.sys file: BSOD
in Resolved Malware Removal Logs
Posted
The computer is still running ok--
Thank you for your help