Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help remove SearchLock.com


  • This topic is locked This topic is locked
46 replies to this topic

#1 StuPedMe

StuPedMe

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 04 April 2017 - 08:43 AM

WinXPro SP3

Cannot find if 32 bit or 64 bit

 

Browser:  Google Chrome / Chrome Incognito

 

SearchLock.com is NOT listed in Extensions; Not in All Programs

 

It signed me out of all Google accounts.  Afraid to redo those passwords because it says SearchLock wants to save them.

 

Please advise about which FRST version to download.

 

Thank you in advance for helping me.



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,293 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:37 PM

Posted 04 April 2017 - 09:13 AM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


:step4: Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

--- ---

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 StuPedMe

StuPedMe
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 04 April 2017 - 09:47 AM

There may be long-ish delays, up to 1 hour, between posting each log.    

First log.

---

---

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Out of date HijackThis  installed! 
 HijackThis 2.0.2    
 AVG Web TuneUp   
 CCleaner     
 Java 7 Update 71  
 Java version 32-bit out of Date! 
 Adobe Flash Player 23.0.0.207  
 Adobe Reader XI  
 Mozilla Firefox (43.0.1) 
 Mozilla Thunderbird 16.0.2 Thunderbird out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgrsx.exe 
 AVG avgnsx.exe 
 AVG avgemc.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 12% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 


#4 StuPedMe

StuPedMe
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 04 April 2017 - 12:56 PM

Malawarebytes ... took forever to run.  Nothing found; no log given.



#5 StuPedMe

StuPedMe
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 04 April 2017 - 01:09 PM

File #1

 

# AdwCleaner v6.045 - Logfile created 04/04/2017 at 14:05:01
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-03-28.2 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (X86)
# Username : Judy - JUDY-A31D8506C2
# Running from : C:\Documents and Settings\Judy\Desktop\AdwCleaner.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
Service Found:  vToolbarUpdater40.3.1
Service Found:  WtuSystemSupport
 
 
***** [ Folders ] *****
 
Folder Found:  C:\Documents and Settings\All Users\Application Data\Avg_Update_0316av
Folder Found:  C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Found:  C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Found:  C:\Documents and Settings\All Users\Application Data\avg web tuneup
Folder Found:  C:\Program Files\Viewpoint
Folder Found:  C:\Program Files\avg web tuneup
Folder Found:  C:\Program Files\Common Files\AVG Secure Search
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
Key Found:  HKLM\SOFTWARE\Classes\Applications\iLividSetupV1[1].exe
Key Found:  HKLM\SOFTWARE\Classes\AolCalSvr.ACToolBarCtrl
Key Found:  HKLM\SOFTWARE\Classes\AolCalSvr.ACToolBarCtrl.5
Key Found:  HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found:  HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found:  HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found:  HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found:  HKLM\SOFTWARE\Classes\protector_dll.Protector
Key Found:  HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Key Found:  HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Key Found:  HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Key Found:  HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
Key Found:  HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
Key Found:  HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
Key Found:  HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
Key Found:  HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found:  HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found:  HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
Key Found:  HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found:  HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found:  HKU\.DEFAULT\Software\AVG Secure Search
Key Found:  HKU\.DEFAULT\Software\AVG Security Toolbar
Key Found:  HKU\.DEFAULT\Software\VNT
Key Found:  HKU\.DEFAULT\Software\Auslogics
Key Found:  HKU\S-1-5-21-1229272821-746137067-682003330-1003\Software\Linkey
Key Found:  HKU\S-1-5-21-1229272821-746137067-682003330-1003\Software\Auslogics
Key Found:  HKU\S-1-5-18\Software\AVG Secure Search
Key Found:  HKU\S-1-5-18\Software\AVG Security Toolbar
Key Found:  HKU\S-1-5-18\Software\VNT
Key Found:  HKU\S-1-5-18\Software\Auslogics
Key Found:  HKCU\Software\Linkey
Key Found:  HKCU\Software\Auslogics
Key Found:  HKLM\SOFTWARE\MetaStream
Key Found:  HKLM\SOFTWARE\Viewpoint
Key Found:  HKLM\SOFTWARE\W3I
Key Found:  HKLM\SOFTWARE\AVG Tuneup
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found:  HKU\S-1-5-21-1229272821-746137067-682003330-1003\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Data Found:  HKU\S-1-5-21-1229272821-746137067-682003330-1003\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - 
Key Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Data Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - 
Key Found:  HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\vProt
Value Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Found:  HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
Key Found:  HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found:  HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found:  HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found:  HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
 
*************************
 
C:\AdwCleaner\AdwCleaner[R0].txt - [10014 Bytes] - [04/02/2015 18:01:48]
C:\AdwCleaner\AdwCleaner[S0].txt - [9966 Bytes] - [04/02/2015 18:11:44]
C:\AdwCleaner\AdwCleaner[S1].txt - [6648 Bytes] - [04/04/2017 14:05:01]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [6721 Bytes] ##########
 
 
File #2
# AdwCleaner v4.109 - Report created 04/02/2015 at 17:11:44
# Updated 24/01/2015 by Xplode
# Database : 2015-02-04.1 [Live]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Judy - JUDY-A31D8506C2
# Running from : C:\Documents and Settings\Judy\Desktop\adwcleaner_4.109.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\All Users\Application Data\WinterSoft
Folder Deleted : C:\Program Files\iLivid
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Program Files\Zynga
Folder Deleted : C:\Program Files\Sk.Enhancer
Folder Deleted : C:\DOCUME~1\Judy\LOCALS~1\Temp\apn
Folder Deleted : C:\Documents and Settings\Judy\Local Settings\Application Data\apn
Folder Deleted : C:\Documents and Settings\Judy\Local Settings\Application Data\Ilivid Player
Folder Deleted : C:\Documents and Settings\Judy\Local Settings\Application Data\Linkey
Folder Deleted : C:\Documents and Settings\Judy\Application Data\Settings Manager
Folder Deleted : C:\Documents and Settings\Judy\Application Data\SkypEmoticons
Folder Deleted : C:\Documents and Settings\Judy\Start Menu\Programs\Vosteran
File Deleted : C:\WINDOWS\Uninstall.exe
File Deleted : C:\DOCUME~1\Judy\LOCALS~1\Temp\Uninstall.exe
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\ilivid
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_ecec6af5
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B13EC3E-999A-4B70-B9CB-2617B8323822}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3952112A-642B-4BC8-9E07-612F7044C35C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\ilivid
Key Deleted : HKLM\SOFTWARE\MetaStream
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\SProtector
Key Deleted : HKLM\SOFTWARE\SystemK
Key Deleted : HKLM\SOFTWARE\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WSE_Vosteran
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v16.0.1 (en-US)
 
 
-\\ Google Chrome v
 
 
*************************
 
AdwCleaner[R0].txt - [10014 octets] - [04/02/2015 17:01:48]
AdwCleaner[S0].txt - [9826 octets] - [04/02/2015 17:11:44]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9886 octets] ##########
 


#6 StuPedMe

StuPedMe
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 04 April 2017 - 01:23 PM

File 1

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by Judy (administrator) on JUDY-A31D8506C2 (04-04-2017 14:12:51)
Running from C:\Documents and Settings\Judy\Desktop
Loaded Profiles: Judy & Administrator (Available Profiles: Judy & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\Av\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
() C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(ELANTECH Devices Corp.) C:\Program Files\Elantech\Ktp.exe
() C:\Program Files\Compal Electronics, INC\Sidewalker\CSWalker.exe
() C:\WINDOWS\system32\tsnp2std.exe
(Sonix) C:\WINDOWS\vsnp2std.exe
(Agere Systems) C:\WINDOWS\AGRSMMSG.exe
(America Online) C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
(America Online, Inc) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(America Online) C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
(Apple Computer, Inc.) C:\Program Files\QuickTime\qttask.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(CrossLoop) C:\Documents and Settings\Judy\Local Settings\Application Data\CrossLoop\CrossLoopService.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\realplay.exe
() C:\Program Files\AVG Web TuneUp\vprot.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(America Online, Inc.) C:\Program Files\Common Files\AOL\1259979935\EE\AOLHostManager.exe
() C:\Documents and Settings\Judy\Local Settings\Application Data\Amazon Cloud Player\Amazon Music Helper.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(America Online, Inc.) C:\Program Files\Common Files\AOL\1259979935\EE\AOLServiceHost.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe
(Google Inc.) C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(America Online Inc) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
(Google Inc.) C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-03-23] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2006-03-23] (Intel Corporation)
HKLM\...\Run: [KTPWare] => C:\Program Files\Elantech\ktp.exe [512000 2006-06-23] (ELANTECH Devices Corp.)
HKLM\...\Run: [Sidewalker] => C:\Program Files\Compal Electronics, INC\Sidewalker\CSWalker.exe [36864 2006-04-13] ()
HKLM\...\Run: [tsnp2std] => C:\WINDOWS\system32\tsnp2std.exe [126976 2006-03-31] ()
HKLM\...\Run: [snp2std] => C:\WINDOWS\vsnp2std.exe [339968 2005-10-20] (Sonix)
HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88204 2005-12-12] (Agere Systems)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16143872 2006-04-17] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1259979935\EE\AOLHostManager.exe [125528 2004-11-03] (America Online, Inc.)
HKLM\...\Run: [AOLDialer] => C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [34904 2004-10-20] (America Online)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [98304 2009-12-04] (Apple Computer, Inc.)
HKLM\...\Run: [Pure Networks Port Magic] => C:\Program Files\Pure Networks\Port Magic\PortAOL.exe [99480 2004-04-05] (Pure Networks, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [RealTray] => C:\Program Files\Real\RealPlayer\RealPlay.exe [26112 2009-12-04] (RealNetworks, Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [1941064 2016-07-18] ()
HKU\S-1-5-19\...\RunOnce: [nlhr] => RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C
HKU\S-1-5-19\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-03] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [nlhr] => RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C
HKU\S-1-5-20\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-03] (Microsoft Corporation)
HKU\S-1-5-21-1229272821-746137067-682003330-1003\...\Run: [Google Update] => C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-1229272821-746137067-682003330-1003\...\Run: [Amazon Cloud Player] => C:\Documents and Settings\Judy\Local Settings\Application Data\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
HKU\S-1-5-21-1229272821-746137067-682003330-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21648480 2014-07-02] (Skype Technologies S.A.)
HKU\S-1-5-21-1229272821-746137067-682003330-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7348440 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-1229272821-746137067-682003330-1003\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [746376 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-1229272821-746137067-682003330-1003\...\Run: [Zoom] => [X]
HKU\S-1-5-21-1229272821-746137067-682003330-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-01-31] (Google Inc.)
HKU\S-1-5-21-1229272821-746137067-682003330-1003\...\MountPoints2: {d6194be2-1d09-11e1-a195-00038a000015} - G:\RunClubSanDisk.exe
HKU\S-1-5-21-1229272821-746137067-682003330-1003\...\MountPoints2: {f4833c76-e11a-11de-be85-0016d459f640} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
HKU\S-1-5-21-1229272821-746137067-682003330-500\...\RunOnce: [nlhr] => RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C
HKU\S-1-5-21-1229272821-746137067-682003330-500\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-03] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [nlhr] => RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-03] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2009-03-30]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\Av\avgrsx.exe /sync /restart
GroupPolicy: Restriction ? <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{4DA64124-0CB9-48B8-809C-B2595AC3F275}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{9F1ECAC8-4AF9-463F-92D3-E86F12974604}: [DhcpNameServer] 209.18.47.62 209.18.47.61
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1229272821-746137067-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-1229272821-746137067-682003330-1003 -> Default = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
URLSearchHook: [S-1-5-21-1229272821-746137067-682003330-500] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\.DEFAULT -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1229272821-746137067-682003330-1003 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={3307FEB4-EBE1-40DF-B694-ADEECEC56738}&mid=b7559a003ae2dabc269ba68a5aa5a3a1-414b99eaaeb5eafa1e42050f994f2d782fba3cdc&lang=en&ds=AVG&coid=avgtbavg&cmpid=0316av&pr=fr&d=2016-05-27 15:25:13&v=4.3.1.831&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1229272821-746137067-682003330-1003 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1229272821-746137067-682003330-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1229272821-746137067-682003330-1003 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={3307FEB4-EBE1-40DF-B694-ADEECEC56738}&mid=b7559a003ae2dabc269ba68a5aa5a3a1-414b99eaaeb5eafa1e42050f994f2d782fba3cdc&lang=en&ds=AVG&coid=avgtbavg&cmpid=0316av&pr=fr&d=2016-05-27 15:25:13&v=4.3.1.831&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1229272821-746137067-682003330-500 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-22] (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.1.831\AVG Web TuneUp.dll [2016-07-18] (AVG)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> c:\program files\google\googletoolbar1.dll [2009-01-31] (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-09-17] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-10-22] (Oracle Corporation)
BHO: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-01] (Google Inc.)
Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll [2009-01-31] (Google Inc.)
Toolbar: HKU\.DEFAULT -> &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll [2009-01-31] (Google Inc.)
Toolbar: HKU\S-1-5-21-1229272821-746137067-682003330-1003 -> &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll [2009-01-31] (Google Inc.)
DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} hxxp://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} hxxp://mypoints.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3D3DBC64-0D21-4EA4-94EE-86D6D9B31C0C} hxxp://www.worldwinner.com/games/v45/moneylist/moneylist.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} hxxp://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab
DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} hxxp://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab
DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} hxxp://www.worldwinner.com/games/v43/paint/paint.cab
DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-01] (Google Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Judy\Application Data\Mozilla\Firefox\Profiles\tinlslip.default [2017-04-04]
FF DefaultSearchEngine: C:\Documents and Settings\Judy\Application Data\Mozilla\Firefox\Profiles\tinlslip.default -> AVG Secure Search
FF DefaultSearchEngine.US: C:\Documents and Settings\Judy\Application Data\Mozilla\Firefox\Profiles\tinlslip.default -> Google
FF Homepage: C:\Documents and Settings\Judy\Application Data\Mozilla\Firefox\Profiles\tinlslip.default -> about:home
FF Extension: (AVG Web TuneUp) - C:\Documents and Settings\Judy\Application Data\Mozilla\Firefox\Profiles\tinlslip.default\Extensions\avg@toolbar.xpi [2016-07-18]
FF Extension: (Microsoft .NET Framework Assistant) - C:\Documents and Settings\Judy\Application Data\Mozilla\Firefox\Profiles\tinlslip.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-10-23] [not signed]
FF SearchPlugin: C:\Documents and Settings\Judy\Application Data\Mozilla\Firefox\Profiles\tinlslip.default\searchplugins\avg-secure-search.xml [2016-07-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-05-31] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1212152.dll [2014-05-30] (Adobe Systems, Inc.)
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.1\\npsitesafety.dll [No File]
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 -> C:\WINDOWS\ [] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1229272821-746137067-682003330-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1229272821-746137067-682003330-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1229272821-746137067-682003330-1003: @zoom.us/ZoomVideoPlugin -> C:\Documents and Settings\Judy\Application Data\Zoom\bin\npzoomplugin.dll [2015-11-30] (Zoom Video Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2009-12-04] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2009-12-04] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2009-12-04] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2009-12-04] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2009-12-04] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2009-12-04] (Apple Computer, Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> mysearch.avg.com/?rvt=1
CHR StartupUrls: Default -> "hxxps://www.google.com/?gws_rd=ssl"
CHR Profile: C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-04-04]
CHR Extension: (Google Drive) - C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (ColorZilla) - C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2016-12-25]
CHR Extension: (YouTube) - C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-21]
CHR Extension: (Google Search) - C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-03-31]
CHR Extension: (TinEye Reverse Image Search) - C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2016-08-27]
CHR Extension: (Munchee Auto Game Bonus Collector) - C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hoejkmpidaklcngdmkfflceeppncmhko [2015-12-03]
CHR Extension: (Do Not Disturb!) - C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ilnddakjdkpofoablibghfikpeknhbia [2014-11-24]
CHR Extension: (Cisco WebEx Extension) - C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-03-28]
CHR Extension: (Grammarly for Chrome) - C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-03-31]
CHR Extension: (FV Extender 4 beta) - C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kcllnphghagindkpdjodfjghgcinabik [2011-11-03]
CHR Extension: (Google Dictionary (by Google)) - C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-04-20]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Personal Blocklist (by Google)) - C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef [2015-08-21]
CHR Extension: (Gmail) - C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
StartMenuInternet: chrome.exe - C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
StartMenuInternet: Google Chrome - C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [10328 2004-10-20] (America Online)
R2 AOL TopSpeedMonitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [100016 2004-10-15] (America Online, Inc)
R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [4153408 2017-03-23] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [935184 2016-12-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [606360 2017-03-23] (AVG Technologies CZ, s.r.o.)
R2 CrossLoopService; C:\Documents and Settings\Judy\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [569072 2012-01-06] (CrossLoop)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-22] (Oracle Corporation)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2004-09-29] (HP) [File not signed]
S3 tvnserver; C:\Documents and Settings\Judy\Local Settings\Application Data\CrossLoop\tvnserver.exe [814080 2010-07-21] (GlavSoft LLC.) [File not signed]
S4 vToolbarUpdater40.3.1; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.1\ToolbarUpdater.exe [1323080 2016-05-27] (AVG Secure Search)
R2 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [972872 2016-07-18] ()
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2009-12-04] (Windows ® 2000 DDK provider) [File not signed]
S4 ATWPKT2; C:\Program Files\Common Files\AOL\ACS\ATWPKT2.SYS [23632 2004-11-11] (America Online)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [134912 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [247552 2017-02-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [207616 2016-10-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [244992 2016-11-30] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [287008 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [197376 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [47360 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [231680 2016-07-27] (AVG Technologies CZ, s.r.o.)
R0 Avgunivx; C:\WINDOWS\System32\DRIVERS\avgunivx.sys [65280 2016-06-20] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 EMSCR; C:\WINDOWS\System32\DRIVERS\EMS7SK.sys [61056 2006-03-22] (ENE Technology Inc.)
R3 ESDCR; C:\WINDOWS\System32\DRIVERS\ESD7SK.sys [37888 2006-03-22] (ENE Technology Inc.)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51120 2005-03-08] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-03-08] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2005-03-08] (HP)
R3 Ktp; C:\WINDOWS\System32\DRIVERS\Ktp.sys [27904 2006-06-19] (ELANTECH Devices Corp.)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [121560 2017-04-04] (Malwarebytes)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NETw3x32; C:\WINDOWS\System32\DRIVERS\NETw3x32.sys [1711104 2006-10-17] (Intel® Corporation)
S3 SNP2STD; C:\WINDOWS\System32\DRIVERS\snp2sxp.sys [10446592 2005-10-17] ()
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S4 IntelIde; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-04 14:12 - 2017-04-04 14:13 - 00028917 _____ C:\Documents and Settings\Judy\Desktop\FRST.txt
2017-04-04 14:11 - 2017-04-04 14:11 - 01766912 _____ (Farbar) C:\Documents and Settings\Judy\Desktop\FRST.exe
2017-04-04 11:51 - 2017-04-04 11:51 - 04089296 _____ C:\Documents and Settings\Judy\Desktop\AdwCleaner.exe
2017-04-04 11:41 - 2017-04-04 13:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2017-04-04 11:38 - 2017-04-04 11:38 - 00000000 ____D C:\Documents and Settings\Judy\My Documents\Malawarebytes_antiroot-exractor
2017-04-04 10:51 - 2017-04-04 11:10 - 00000000 ____D C:\Documents and Settings\Judy\My Documents\_A_A_A_A_backup of Desktop_2017-April
2017-04-04 10:25 - 2017-04-04 10:37 - 00003206 _____ C:\Documents and Settings\Judy\My Documents\bleeping computer.txt
2017-04-04 10:25 - 2017-04-04 10:25 - 16563352 _____ (Malwarebytes Corp.) C:\Documents and Settings\Judy\Desktop\mbar-1.09.3.1001.exe
2017-04-04 10:18 - 2017-04-04 10:18 - 00852798 _____ C:\Documents and Settings\Judy\Desktop\SecurityCheck (1).exe
2017-04-04 10:17 - 2017-04-04 10:17 - 00852798 _____ C:\Documents and Settings\Judy\My Documents\SecurityCheck.exe
2017-04-02 04:34 - 2017-04-02 04:34 - 00000072 _____ C:\Documents and Settings\Judy\My Documents\AnsWA_searches to continue.txt
2017-03-28 21:48 - 2017-03-28 23:12 - 00002406 _____ C:\Documents and Settings\Judy\My Documents\AnsWA_heroin vs heroine.txt
2017-03-28 08:19 - 2017-03-28 08:19 - 00781953 _____ C:\Documents and Settings\Judy\My Documents\tomnod_avi_1-s2.0-S0747563216305295-main.pdf
2017-03-27 02:56 - 2017-03-27 02:56 - 00001135 _____ C:\Documents and Settings\Judy\My Documents\red-robe_steph-birth.txt
2017-03-26 08:40 - 2017-03-26 08:40 - 00000134 _____ C:\Documents and Settings\Judy\My Documents\WA_searches topics to delete.txt
2017-03-26 04:39 - 2017-03-26 04:41 - 00000000 ____D C:\Documents and Settings\Judy\My Documents\__A_Accts_pws_2017 March
2017-03-25 15:19 - 2017-03-25 15:19 - 00154181 _____ C:\Documents and Settings\Judy\My Documents\WA_delete_Spirit of Reform_Reading 1.pdf
2017-03-25 08:15 - 2017-03-25 08:15 - 00578406 _____ C:\Documents and Settings\Judy\My Documents\WA_delete_energy_transfer.pdf
2017-03-24 07:10 - 2017-03-24 07:10 - 03100137 _____ C:\Documents and Settings\Judy\My Documents\AlleghenyCountyDMAfp.pdf
2017-03-24 03:55 - 2017-03-24 03:55 - 00000161 _____ C:\Documents and Settings\Judy\My Documents\teach-Philosophy.txt
2017-03-22 21:17 - 2017-03-23 02:58 - 00000183 _____ C:\Documents and Settings\Judy\My Documents\friend_moucha__3306230215.txt
2017-03-21 22:46 - 2017-03-21 22:46 - 00000122 _____ C:\Documents and Settings\Judy\My Documents\datadump_march 21 2017.txt
2017-03-21 22:39 - 2017-03-21 22:38 - 00090112 _____ C:\WINDOWS\Minidump\Mini032117-01.dmp
2017-03-21 02:48 - 2017-03-21 02:48 - 00000045 _____ C:\Documents and Settings\Judy\My Documents\Florian_writing_phrases to use.txt
2017-03-20 23:52 - 2017-03-30 01:33 - 00000965 _____ C:\Documents and Settings\Judy\My Documents\Ans_WA_March 2017_new search.txt
2017-03-20 22:16 - 2017-03-20 22:17 - 00506799 _____ C:\Documents and Settings\Judy\My Documents\trump-jail-photo.htm
2017-03-19 08:18 - 2017-03-19 08:18 - 00000120 _____ C:\Documents and Settings\Judy\My Documents\data dump march 19th.txt
2017-03-19 08:13 - 2017-03-19 08:13 - 00090112 _____ C:\WINDOWS\Minidump\Mini031917-01.dmp
2017-03-19 01:40 - 2017-03-19 01:40 - 00000405 _____ C:\Documents and Settings\Judy\My Documents\WA_other wrongly trashed.txt
2017-03-18 19:47 - 2017-03-18 19:47 - 12217155 _____ C:\Documents and Settings\Judy\My Documents\SurvivalGuide08.pdf
2017-03-18 19:46 - 2017-03-18 19:47 - 04071363 _____ C:\Documents and Settings\Judy\My Documents\Emergency Medicine MCQs - De Alwis, Waruna [SRG].pdf
2017-03-18 05:58 - 2017-03-18 05:59 - 00000000 ____D C:\Documents and Settings\Judy\My Documents\WA_Answers_Profile_MASTER FILES
2017-03-18 05:51 - 2017-03-18 05:51 - 00000000 ____D C:\Documents and Settings\Judy\My Documents\_A_A_A_A_backup of Desktop_2017-March
2017-03-16 09:37 - 2017-03-16 09:46 - 00000000 ____D C:\Documents and Settings\Judy\My Documents\Answers_WA_pictures
2017-03-16 07:44 - 2017-03-16 07:44 - 00006706 _____ C:\Documents and Settings\Judy\My Documents\TWC_chat.txt
2017-03-16 07:32 - 2017-03-16 07:45 - 00006254 _____ C:\Documents and Settings\Judy\My Documents\lactic acid my symptoms.txt
2017-03-16 02:40 - 2017-03-16 02:40 - 00000254 _____ C:\Documents and Settings\Judy\My Documents\urls.txt
2017-03-15 15:29 - 2017-03-15 15:29 - 00139386 _____ C:\Documents and Settings\Judy\My Documents\nurse=as-patient_CEA16501-0001.pdf
2017-03-15 05:53 - 2017-03-18 01:41 - 00010474 _____ C:\Documents and Settings\Judy\My Documents\note to St E's.txt
2017-03-14 23:53 - 2017-03-14 23:53 - 00000025 _____ C:\Documents and Settings\Judy\My Documents\janet smart_email address.txt
2017-03-14 18:14 - 2017-03-14 18:14 - 00000278 _____ C:\Documents and Settings\Judy\My Documents\verizon_korleen.txt
2017-03-14 16:24 - 2017-03-14 18:05 - 00049664 ____H C:\Documents and Settings\Judy\My Documents\~WRL1418.tmp
2017-03-14 06:38 - 2017-03-18 15:01 - 00002102 _____ C:\Documents and Settings\Judy\My Documents\WA_SabeAstrology_trashing problems.txt
2017-03-13 21:35 - 2017-03-13 21:35 - 00518728 _____ C:\Documents and Settings\Judy\My Documents\Lactic-acidosis_Parrish-September-15.pdf
2017-03-13 21:23 - 2017-03-16 07:44 - 00004969 _____ C:\Documents and Settings\Judy\My Documents\appendix_citations.txt
2017-03-13 18:34 - 2017-03-13 18:35 - 00000531 _____ C:\Documents and Settings\Judy\My Documents\var notes.txt
2017-03-13 07:46 - 2017-03-13 07:47 - 00088685 _____ C:\Documents and Settings\Judy\My Documents\Stigma_Ignorance_prejudice_or_discrimination.pdf
2017-03-13 04:33 - 2017-03-19 01:37 - 00012266 _____ C:\Documents and Settings\Judy\My Documents\WA_HQTD_Jponbac_over-trashing.txt
2017-03-11 04:52 - 2017-03-11 04:53 - 00000000 ____D C:\Documents and Settings\Judy\My Documents\Purchase_Amazon_2015 July 14
2017-03-11 04:51 - 2017-03-11 04:51 - 00000000 ____D C:\Documents and Settings\Judy\My Documents\Purchase_Amazon_2017 Jan
2017-03-09 15:06 - 2017-03-09 15:06 - 00090112 _____ C:\WINDOWS\Minidump\Mini030917-01.dmp
2017-03-08 03:47 - 2017-03-08 03:47 - 00000392 _____ C:\Documents and Settings\Judy\My Documents\zelboraf.txt
2017-03-07 02:42 - 2017-03-07 02:42 - 00000126 _____ C:\Documents and Settings\Judy\My Documents\dump file_march 7 2017.txt
2017-03-07 02:01 - 2017-03-07 02:01 - 00090112 _____ C:\WINDOWS\Minidump\Mini030717-01.dmp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-04 14:13 - 2015-02-09 02:23 - 00000000 ____D C:\Documents and Settings\Judy\Local Settings\Temp
2017-04-04 14:12 - 2015-02-04 18:33 - 00000000 ____D C:\FRST
2017-04-04 14:08 - 2010-05-09 09:48 - 00000974 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-746137067-682003330-1003UA.job
2017-04-04 14:05 - 2015-02-04 18:01 - 00000000 ____D C:\AdwCleaner
2017-04-04 13:53 - 2009-12-25 18:32 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-04-04 13:52 - 2012-07-29 10:20 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-04-04 13:26 - 2012-05-02 11:49 - 00000000 ____D C:\Documents and Settings\Judy\Desktop\Exes_Current
2017-04-04 11:41 - 2015-02-10 17:38 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-04-04 11:39 - 2015-02-10 17:38 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-04-04 11:38 - 2009-01-30 23:53 - 00000000 ___RD C:\Documents and Settings\Judy\My Documents
2017-04-04 10:04 - 2009-12-25 18:32 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-04-04 09:00 - 2016-03-10 18:57 - 00000650 _____ C:\WINDOWS\Tasks\AVG_SYS_TASK_0316av.job
2017-04-04 08:57 - 2002-08-29 08:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2017-04-04 08:55 - 2016-09-20 18:20 - 00000314 ____H C:\WINDOWS\Tasks\AVG EUpdate Task.job
2017-04-04 08:55 - 2016-03-10 18:55 - 00000502 _____ C:\WINDOWS\Tasks\AVG_SYS_TASK_0316av_DELETE.job
2017-04-04 08:55 - 2014-04-26 16:14 - 00000532 _____ C:\WINDOWS\Tasks\Amazon Music Helper.job
2017-04-04 08:55 - 2014-04-01 13:30 - 00000220 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2017-04-04 08:55 - 2009-01-30 23:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-04 08:53 - 2009-01-30 23:52 - 00032596 _____ C:\WINDOWS\SchedLgU.Txt
2017-04-04 08:52 - 2009-01-30 23:53 - 00000178 ___SH C:\Documents and Settings\Judy\ntuser.ini
2017-04-04 03:08 - 2015-10-27 11:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2017-04-03 19:48 - 2012-02-28 10:16 - 00000000 ___RD C:\Documents and Settings\Judy\My Documents\My Pictures
2017-04-03 19:08 - 2010-05-09 09:48 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-746137067-682003330-1003Core.job
2017-03-30 23:06 - 2015-10-27 11:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2017-03-27 10:40 - 2011-11-06 20:49 - 00000000 __SHD C:\WINDOWS\CSC
2017-03-25 18:37 - 2009-01-30 18:29 - 00000000 ___HD C:\WINDOWS\inf
2017-03-21 22:39 - 2012-05-28 17:04 - 00000000 ____D C:\WINDOWS\Minidump
2017-03-19 05:46 - 2014-04-24 05:09 - 00000342 _____ C:\Documents and Settings\Judy\Desktop\Acc_pw_gmail.txt
2017-03-18 08:18 - 2009-03-30 15:54 - 00002455 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft FrontPage.lnk
2017-03-16 09:55 - 2016-12-04 07:58 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2017-03-14 08:19 - 2014-12-04 17:12 - 00003395 _____ C:\Documents and Settings\Judy\Desktop\accts_verizon phone.txt
2017-03-12 17:12 - 2009-01-30 18:36 - 00604526 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-11 05:10 - 2016-06-18 04:30 - 00000000 ____D C:\Documents and Settings\Judy\My Documents\_A_A_A_A_backup of Desktop_2016-June
2017-03-11 05:10 - 2014-09-08 03:44 - 00000000 ____D C:\Documents and Settings\Judy\My Documents\_A_A_A_A_backup of Desktop_2014-Sept
2017-03-08 16:00 - 2014-04-01 13:30 - 00000214 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
 
==================== Files in the root of some directories =======
 
2010-01-12 23:18 - 2010-01-12 23:18 - 0033902 _____ () C:\Documents and Settings\Judy\Application Data\Update_HP_RedboxHprblog_HPSU.log
2009-12-04 17:49 - 2013-08-16 21:12 - 0009728 _____ () C:\Documents and Settings\Judy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-05 14:50 - 2012-07-05 14:50 - 0033758 _____ () C:\Documents and Settings\Judy\Local Settings\Application Data\dt.dat
2011-11-04 19:48 - 2011-11-04 19:48 - 0000127 _____ () C:\Documents and Settings\Judy\Local Settings\Application Data\fusioncache.dat
2015-11-04 20:06 - 2015-11-04 20:06 - 0000057 _____ () C:\Documents and Settings\All Users\Application Data\Ament.ini
2009-03-30 15:04 - 2015-11-04 19:53 - 0008237 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
 
Some files in TEMP:
====================
2015-10-24 15:15 - 2015-10-24 15:15 - 2892128 _____ (AVG Technologies) C:\Documents and Settings\Judy\Local Settings\Temp\avg-c883b319-5983-482d-9b60-5f2a5cb0b957.exe
2016-01-05 16:03 - 2015-11-12 17:54 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Judy\Local Settings\Temp\avguirn_081173632627.exe
2016-05-31 20:31 - 2016-04-22 10:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Judy\Local Settings\Temp\avguirn_08122444151.exe
2016-04-08 21:24 - 2016-02-18 13:09 - 0179624 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Judy\Local Settings\Temp\avguirn_081413803436.exe
2016-04-18 21:48 - 2016-03-23 16:57 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Judy\Local Settings\Temp\avguirn_08161675735.exe
2016-01-16 00:44 - 2015-12-08 08:23 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Judy\Local Settings\Temp\avguirn_081796835594.exe
2016-02-23 18:38 - 2016-01-12 17:23 - 0179624 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Judy\Local Settings\Temp\avguirn_081831263480.exe
2016-07-27 20:22 - 2016-06-21 18:49 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Judy\Local Settings\Temp\avguirn_08240308534.exe
2015-11-18 08:42 - 2015-10-16 13:30 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Judy\Local Settings\Temp\avguirn_08319065798.exe
2016-06-24 03:07 - 2016-05-18 13:03 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Judy\Local Settings\Temp\avguirn_08343920394.exe
2016-08-22 19:39 - 2016-07-20 14:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Judy\Local Settings\Temp\avguirn_08938376130.exe
2015-11-04 19:31 - 2005-04-27 15:01 - 1130496 ____N (Hewlett-Packard) C:\Documents and Settings\Judy\Local Settings\Temp\hpzmsi01.exe
2015-11-04 19:31 - 2005-04-27 15:05 - 0790528 ____N (Hewlett-Packard) C:\Documents and Settings\Judy\Local Settings\Temp\hpzscr01.exe
2015-03-09 12:25 - 2015-03-09 12:25 - 0561576 _____ (Oracle Corporation) C:\Documents and Settings\Judy\Local Settings\Temp\jre-8u40-windows-au.exe
2015-06-12 18:21 - 2015-06-12 18:21 - 0563808 _____ (Oracle Corporation) C:\Documents and Settings\Judy\Local Settings\Temp\jre-8u51-windows-au.exe
2015-06-12 05:11 - 2015-06-12 05:13 - 28849904 _____ () C:\Documents and Settings\Judy\Local Settings\Temp\vlc-2.2.1-win32.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================
 
 
 
File 2
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by Judy (04-04-2017 14:15:24)
Running from C:\Documents and Settings\Judy\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2009-01-31 03:51:13)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1229272821-746137067-682003330-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1229272821-746137067-682003330-1004 - Limited - Enabled)
Guest (S-1-5-21-1229272821-746137067-682003330-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1229272821-746137067-682003330-1000 - Limited - Disabled)
Judy (S-1-5-21-1229272821-746137067-682003330-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Judy
SUPPORT_388945a0 (S-1-5-21-1229272821-746137067-682003330-1002 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AbiWord 2.8.6 (HKLM\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Digital Editions 3.0 (HKLM\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Photoshop 5.5 (HKLM\...\Adobe Photoshop 5.5) (Version: 5.5 - Adobe Systems, Inc.)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - )
Amazon Cloud Player (HKU\S-1-5-21-1229272821-746137067-682003330-1003\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC)
America Online (Choose which version to remove) (HKLM\...\America Online us) (Version:  - )
Ancestry World Archives Project - Keying Tool (HKLM\...\{11E9DB47-6A91-43ED-8B8D-C3260456C3BB}) (Version: 1.1.0103 - Ancestry.com)
AOL Coach Version 2.0(Build:20041026.5 en) (HKLM\...\AolCoach2_en) (Version:  - )
AOL Connectivity Services (HKLM\...\AOL Connectivity Services) (Version:  - )
ATLAS.ti (HKLM\...\{56DFC92C-71EF-4947-978A-E88C9D38FA68}) (Version: 7.1.04.0 - ATLAS.ti Scientific Software Development GmbH)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version:  - )
Audacity 1.3.14 (Unicode) (HKLM\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
AVG (Version: 16.151.8012 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4769 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.151.8012 - AVG Technologies)
AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 4.3.1.831 - AVG Technologies)
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CP_Package_Variety1 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CP_Package_Variety2 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CP_Package_Variety3 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CrossLoop 2.82 (HKLM\...\CrossLoop_is1) (Version: 2.82 - CrossLoop, Inc.)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
Easy Thumbnails (Remove only) (HKLM\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
EXMARaLDA 1.9 (HKLM\...\EXMARaLDA_is1) (Version:  - Thomas Schmidt, Kai Woerner, Timm Lehmberg, Hanna Hedeland)
FamilySearch Indexing 3.12.1 (HKLM\...\0591-8077-9297-0833) (Version: 3.12.1 - FamilySearch)
FastStone Image Viewer 4.0 (HKLM\...\FastStone Image Viewer) (Version: 4.0 - FastStone Soft)
FileZilla Client 3.8.0 (HKLM\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden
Free Opener (HKLM\...\{A1F2C608-32D6-467D-B035-BBEF509042BA}_is1) (Version: 1.4 - EZ Freeware)
GenoPro 2.5.3.9 (HKLM\...\GenoPro) (Version:  - GenoPro Inc.)
Google Chrome (HKU\S-1-5-21-1229272821-746137067-682003330-1003\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Chrome Frame (HKLM\...\Google Chrome Frame) (Version: 32.0.1700.107 - Google Inc.)
Google Earth (HKLM\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - )
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
Graph 4.4.2 (HKLM\...\Graph_is1) (Version:  - Ivan Johansen)
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
HP Officejet 4620 series Basic Device Software (HKLM\...\{C4E2A2F2-2A53-42C7-920A-169713776631}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
InfoRapid Search & Replace (HKLM\...\InfoRapid Search & Replace) (Version: 3.1f - Ingo Straub Softwareentwicklung)
Integrated Camera (HKLM\...\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}) (Version: 5.4.16.2 - )
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4543 - )
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
KTP Ware PS/2-WDM 5.0.3.8 (HKLM\...\Elantech) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
Malwarebytes' Anti-Malware (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mendeley Desktop 1.11 (HKLM\...\Mendeley Desktop) (Version: 1.11 - Mendeley Ltd.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Download Manager (HKLM\...\{654977DB-0001-0002-0001-EABD228DDE8B}) (Version: 1.2.1 - Microsoft Corporation)
Microsoft FrontPage 2000 (HKLM\...\{00120409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works 2003 Setup Launcher (HKLM\...\Works2003Setup) (Version:  - )
Microsoft Works 7.0 (HKLM\...\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}) (Version: 07.02.0710.1 - Microsoft Corporation)
Microsoft Works Suite Add-in for Microsoft Word (HKLM\...\{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}) (Version: 2.0.0.0000 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.1 - Mozilla)
Mozilla Thunderbird 16.0.2 (x86 en-US) (HKLM\...\Mozilla Thunderbird 16.0.2 (x86 en-US)) (Version: 16.0.2 - Mozilla)
MP3 Rocket (HKLM\...\MP3 Rocket) (Version: 7.2.1 - MP3 Rocket Inc) <==== ATTENTION
MSN (HKLM\...\MSNINST) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NoteTab Light 7 (Remove only) (HKLM\...\NoteTab Light 7_is1) (Version: 7.2 - Fookes Holding Ltd)
Pure Networks Port Magic (HKLM\...\Port Magic) (Version: 1.2.1393.0 - Pure Networks)
QuickTime (HKLM\...\QuickTime) (Version:  - )
RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version:  - )
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Screen Calipers (HKLM\...\Screen Calipers) (Version: 4.0 - Iconico)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Sidewalker (HKLM\...\InstallShield_{BE114DB8-D43B-4C88-842E-573E8EFB1613}) (Version: 1.43.0.3 - COMPAL)
Sidewalker (Version: 1.43.0.3 - COMPAL) Hidden
SketchUp 8 (HKLM\...\{779D8CA1-03DD-4AD4-B21F-3E20BFE7BEDE}) (Version: 3.0.15158 - Trimble Navigation Limited)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TranscriberAG (HKLM\...\TranscriberAG) (Version:  - )
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.11.0 - Tweaking.com)
Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version:  - )
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
waterMark V2 (HKLM\...\waterMark V2) (Version:  - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WFMJ Live Online (HKLM\...\WFMJ Live Online) (Version:  - )
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinMerge 2.12.4 (HKLM\...\WinMerge_is1) (Version: 2.12.4 - Thingamahoochie Software)
Works Suite OS Pack (Version: 3.0.0.0000 - Microsoft Corporation) Hidden
Workshare Compare (HKLM\...\{8686AEEA-4B4F-49C2-9092-464F8379A1C0}) (Version: 7.0.10000.1900 - Workshare)
Workshare PDF Converter (HKLM\...\{D8E0BC34-B11A-498E-BA01-C23B99E52287}) (Version: 7.0.1285.1 - Workshare)
Xenu's Link Sleuth (HKLM\...\Xenu's Link Sleuth) (Version: 1.3.8 - Tilman Hausherr)
XY Family Tree 6.5 (HKLM\...\XY Family Tree_is1) (Version:  - Brian Jones)
Zoom (HKU\S-1-5-21-1229272821-746137067-682003330-1003\...\ZoomUMX) (Version: 3.5 - Zoom Video Communications, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.21.135\psuser.dll = (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.21.99\psuser.dll => (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.21.57\psuser.dll => (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.25.5\psuser.dll =>  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.27.5\psuser.dll =>  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.21.69\psuser.dll => (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.2.183.39\goopdate.dll (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.21.79\psuser.dll => (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dll =>  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.30.3\psuser.dll =>  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.31.5\psuser.dll =>  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.28.1\psuser.dll =>  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.21.145\psuser.dll = (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.21.123\psuser.dll = (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.21.153\psuser.dll = (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.28.13\psuser.dll => (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.29.5\psuser.dll =>  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll => (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.21.149\psuser.dll = (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll =>  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dll = (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.26.9\psuser.dll =>  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.21.115\psuser.dll = (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.32.7\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.29.1\psuser.dll =>  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll => (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.28.15\psuser.dll => (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.21.65\psuser.dll => (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.32.7\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dll =>  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.21.111\psuser.dll = (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.24.7\psuser.dll =>  (the data entry has 7 more characters).
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Amazon Music Helper.job => C:\Documents and Settings\Judy\Local Settings\Application Data\Amazon Cloud Player\Amazon Music Helper.exe
Task: C:\WINDOWS\Tasks\AVG EUpdate Task.job => C:\Program Files\AVG\Setup AVG Technologies      0 ߡ   2           0ߡ   2           
Task: C:\WINDOWS\Tasks\AVG_SYS_TASK_0316av.job => C:\Documents and Settings\All Users\Application Data\Avg_Update_0316av\AVG-Secure-Search-Update_0316av.exe
Task: C:\WINDOWS\Tasks\AVG_SYS_TASK_0316av_DELETE.job => C:\Documents and Settings\All Users\Application Data\Avg_Update_0316av\AVG-Secure-Search-Update_0316av.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-746137067-682003330-1003Core.job => C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-746137067-682003330-1003UA.job => C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Documents and Settings\Judy\NetHood\parentalalienation.uploadmysite.com\target.lnk -> hxxp://parentalalienation.uploadmysite.co
Shortcut: C:\Documents and Settings\Judy\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
 
ShortcutWithArgument: C:\Documents and Settings\Judy\Start Menu\Programs\CrossLoop\CrossLoop.lnk -> C:\Documents and Settings\Judy\Local Settings\Application Data\CrossLoop\CrossLoopConnect.exe (CrossLoop) -> -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server 
ShortcutWithArgument: C:\Documents and Settings\Judy\My Documents\_A_A_A_A_backup of Desktop_2016-June\Unused Desktop Shortcuts\CrossLoop call Bruce 330-502-6853.lnk -> C:\Documents and Settings\Judy\Local Settings\Application Data\CrossLoop\CrossLoopConnect.exe (CrossLoop) -> -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server 
ShortcutWithArgument: C:\Documents and Settings\Judy\My Documents\Downloads\PC_cleaner Programs for viruses\Unused Desktop Shortcuts\CrossLoop call Bruce 330-502-6853.lnk -> C:\Documents and Settings\Judy\Local Settings\Application Data\CrossLoop\CrossLoopConnect.exe (CrossLoop) -> -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server 
ShortcutWithArgument: C:\Documents and Settings\Judy\Application Data\Microsoft\Internet Explorer\Quick Launch\CrossLoop.lnk -> C:\Documents and Settings\Judy\Local Settings\Application Data\CrossLoop\CrossLoopConnect.exe (CrossLoop) -> -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-05-27 15:24 - 2016-07-18 13:52 - 00972872 ____N () C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
2009-12-06 15:38 - 2009-11-05 09:39 - 00087552 _____ () C:\WINDOWS\system32\cpwmon2k.dll
2014-03-28 05:35 - 2014-03-28 05:35 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2006-04-13 10:33 - 2006-04-13 10:33 - 00036864 _____ () C:\Program Files\Compal Electronics, INC\Sidewalker\CSWalker.exe
2009-01-31 00:07 - 2006-03-31 20:52 - 00126976 _____ () C:\WINDOWS\system32\tsnp2std.exe
2004-11-11 16:18 - 2004-11-11 16:18 - 00090112 _____ () C:\Program Files\Common Files\AOL\ACS\US\DialRes.dll
2004-11-03 17:03 - 2004-11-03 17:03 - 00143360 _____ () C:\Program Files\Common Files\AOL\1259979935\EE\LIBEXPAT.dll
2016-07-17 14:53 - 2016-07-18 13:52 - 01941064 _____ () C:\Program Files\AVG Web TuneUp\vprot.exe
2016-11-29 00:02 - 2016-11-29 00:01 - 48920064 _____ () C:\Program Files\AVG\UiDll\2623\libcef.dll
2004-11-03 17:03 - 2004-11-03 17:03 - 00143360 _____ () C:\Program Files\Common Files\AOL\1259979935\EE\libexpat.dll
2014-04-26 16:14 - 2014-03-07 16:39 - 03168576 _____ () C:\Documents and Settings\Judy\Local Settings\Application Data\Amazon Cloud Player\Amazon Music Helper.exe
2004-08-04 00:56 - 2008-04-14 06:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-04 00:56 - 2008-04-14 06:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2016-09-06 19:02 - 2016-09-06 12:00 - 05197312 _____ () C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-09-06 19:02 - 2016-09-06 12:00 - 00147456 _____ () C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Documents and Settings\Judy\My Documents\r017-Map3383-WhitesideWashington (88-41) (1).pdf:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1229272821-746137067-682003330-1003\...\ancestry.com -> ancestry.com
IE trusted site: HKU\S-1-5-21-1229272821-746137067-682003330-1003\...\aolnews.com -> www.aolnews.com
IE trusted site: HKU\S-1-5-21-1229272821-746137067-682003330-1003\...\eharmony.com -> hxxp://www.eharmony.com
IE restricted site: HKU\S-1-5-21-1229272821-746137067-682003330-1003\...\google-analytics.com -> google-analytics.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2002-08-29 08:00 - 2015-02-15 21:01 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1229272821-746137067-682003330-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Judy\My Documents\desk_wallppr\Internet Explorer Wallpaper.bmp
HKU\S-1-5-21-1229272821-746137067-682003330-500\Control Panel\Desktop\\Wallpaper -> (None)
DNS Servers: 8.8.8.8 - 8.8.4.4
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^Documents and Settings^Judy^Start Menu^Programs^Startup^WFMJ Live Online.lnk => C:\WINDOWS\pss\WFMJ Live Online.lnkStartup
MSCONFIG\startupreg: AvgUi => "C:\Program Files\AVG\Framework\Common\avguirnx.exe" /lps=fmw
MSCONFIG\startupreg: AVG_UI => "C:\Program Files\AVG\Av\avuirunnerx.exe" C:\Program Files\AVG\Av\avgui.exe
MSCONFIG\startupreg: HF_G_Jul => "C:\Program Files\AVG Secure Search\HF_G_Jul.exe"  /DoAction
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: ROC_ROC_JULY_P1 => "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
MSCONFIG\startupreg: ROC_ROC_NT => "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
MSCONFIG\startupreg: vProt => "C:\Program Files\AVG Web TuneUp\vprot.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Judy\Local Settings\Temp\usmt\migwiz.exe] => Enabled:Files and Settings Transfer Wizard
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\Loader\aolload.exe] => Enabled:AOL Application Loader
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe] => Enabled:AOL
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe] => Enabled:AOL
StandardProfile\AuthorizedApplications: [C:\Program Files\America Online 9.0\waol.exe] => Enabled:AOL
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe] => Enabled:AOLTsMon
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe] => Enabled:AOLTopSpeed
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\1259979935\EE\AOLServiceHost.exe] => Enabled:AOL
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\System Information\sinf.exe] => Enabled:AOL
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe] => Enabled:AOL
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe] => Enabled:AOL
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe] => Enabled:AOL
StandardProfile\AuthorizedApplications: [C:\Program Files\CrossLoop\CrossLoopConnect.exe] => Enabled:CrossLoop - Simple Secure Screen Sharing
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office\FRONTPG.EXE] => Enabled:Microsoft FrontPage
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Google Earth\client\googleearth.exe] => Enabled:Google Earth
StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Internet Explorer\iexplore.exe] => Enabled:Internet Explorer
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Google Earth\plugin\geplugin.exe] => Enabled:Google Earth
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe] => Enabled:hpqtra08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe] => Enabled:hpqste08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe] => Enabled:hpofxm08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe] => Enabled:hposfx08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe] => Enabled:hposid01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe] => Enabled:hpqscnvw.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe] => Enabled:hpqcopy.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe] => Enabled:hpfccopy.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe] => Enabled:hpzwiz01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe] => Enabled:hpqphunl.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe] => Enabled:hpqdia.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe] => Enabled:hpoews01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Real\RealPlayer\realplay.exe] => Enabled:RealPlayer
StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre6\bin\javaw.exe] => Disabled:Java™ Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Judy\Local Settings\Application Data\CrossLoop\CrossLoopConnect.exe] => Enabled:CrossLoop - Simple Secure Screen Sharing
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Judy\Local Settings\Application Data\CrossLoop\vncviewer.exe] => Enabled:vncviewer.exe
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Judy\Local Settings\Application Data\CrossLoop\tvnserver.exe] => Enabled:tvnserver.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2012\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dpvsetup.exe] => Enabled:Microsoft DirectPlay Voice Test
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\rundll32.exe] => Enabled:Run a DLL as an App
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Google Talk\googletalk.exe] => Enabled:Google Talk
StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre7\bin\javaw.exe] => Enabled:Java™ Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Program Files\Xenu\Xenu.exe] => Enabled:XENU
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2014\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Judy\Application Data\Zoom\bin\Zoom.exe] => Enabled:Zoom
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 4620 series\Bin\FaxApplications.exe] => :LocalSubNet:Enabled:HP Officejet 4620 series FaxApplications
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 4620 series\Bin\DigitalWizards.exe] => :LocalSubNet:Enabled:HP Officejet 4620 series DigitalWizards
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 4620 series\Bin\SendAFax.exe] => :LocalSubNet:Enabled:HP Officejet 4620 series SendFaxAppExe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 4620 series\Bin\DeviceSetup.exe] => :LocalSubNet:Enabled:HP Device Setup (HP Officejet 4620 series)
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicator.exe] => :LocalSubNet:Enabled:HP Network Communicator (HP Officejet 4620 series)
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicatorCom.exe] => :LocalSubNet:Enabled:HP Network Communicator COM (HP Officejet 4620 series)
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgnsx.exe] => Enabled:Online Shield
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgemcx.exe] => Enabled:Personal Email Scanner
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [5910:TCP] => Enabled:vnc5910
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
==================== Restore Points =========================
 
04-01-2017 13:16:30 System Checkpoint
05-01-2017 13:29:08 System Checkpoint
06-01-2017 14:02:09 System Checkpoint
07-01-2017 14:25:21 System Checkpoint
08-01-2017 14:56:50 System Checkpoint
09-01-2017 15:50:28 System Checkpoint
10-01-2017 16:24:00 System Checkpoint
11-01-2017 16:51:44 System Checkpoint
12-01-2017 19:43:21 System Checkpoint
13-01-2017 20:02:14 System Checkpoint
14-01-2017 04:01:39 Software Distribution Service 3.0
15-01-2017 04:54:36 System Checkpoint
16-01-2017 05:03:31 System Checkpoint
17-01-2017 05:49:40 System Checkpoint
18-01-2017 09:06:56 System Checkpoint
19-01-2017 10:37:22 System Checkpoint
20-01-2017 11:26:28 System Checkpoint
22-01-2017 09:45:30 System Checkpoint
23-01-2017 09:57:14 System Checkpoint
24-01-2017 17:08:55 System Checkpoint
25-01-2017 17:41:00 System Checkpoint
28-01-2017 09:15:19 System Checkpoint
29-01-2017 11:29:01 System Checkpoint
30-01-2017 21:50:30 System Checkpoint
01-02-2017 07:45:24 System Checkpoint
02-02-2017 08:28:28 System Checkpoint
03-02-2017 08:49:30 System Checkpoint
04-02-2017 10:25:57 System Checkpoint
05-02-2017 10:38:31 System Checkpoint
06-02-2017 11:12:03 System Checkpoint
07-02-2017 16:06:14 System Checkpoint
08-02-2017 16:12:03 System Checkpoint
10-02-2017 09:51:43 System Checkpoint
11-02-2017 10:50:34 System Checkpoint
12-02-2017 11:19:49 System Checkpoint
13-02-2017 12:57:01 System Checkpoint
14-02-2017 13:53:03 System Checkpoint
16-02-2017 15:51:35 System Checkpoint
18-02-2017 06:58:03 System Checkpoint
19-02-2017 17:41:41 System Checkpoint
20-02-2017 20:54:03 System Checkpoint
22-02-2017 04:26:48 System Checkpoint
23-02-2017 05:11:38 System Checkpoint
25-02-2017 10:50:53 System Checkpoint
26-02-2017 11:07:59 System Checkpoint
27-02-2017 12:08:00 System Checkpoint
01-03-2017 11:40:11 System Checkpoint
02-03-2017 12:34:24 System Checkpoint
03-03-2017 15:01:39 System Checkpoint
05-03-2017 05:36:27 System Checkpoint
06-03-2017 09:10:46 System Checkpoint
07-03-2017 18:08:33 System Checkpoint
08-03-2017 18:28:49 System Checkpoint
09-03-2017 19:45:07 System Checkpoint
10-03-2017 19:54:23 System Checkpoint
12-03-2017 00:46:01 System Checkpoint
13-03-2017 10:16:33 System Checkpoint
14-03-2017 13:31:34 System Checkpoint
15-03-2017 13:35:36 System Checkpoint
16-03-2017 13:36:44 System Checkpoint
17-03-2017 14:07:34 System Checkpoint
18-03-2017 03:03:58 Software Distribution Service 3.0
19-03-2017 03:18:43 System Checkpoint
21-03-2017 10:28:04 System Checkpoint
22-03-2017 11:03:36 System Checkpoint
23-03-2017 11:42:51 System Checkpoint
24-03-2017 17:11:16 System Checkpoint
25-03-2017 17:13:17 System Checkpoint
27-03-2017 09:38:29 System Checkpoint
29-03-2017 18:46:42 System Checkpoint
30-03-2017 19:41:19 System Checkpoint
01-04-2017 02:53:55 System Checkpoint
02-04-2017 10:28:27 System Checkpoint
03-04-2017 11:44:47 System Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/25/2017 02:15:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]
 
Error: (03/25/2017 02:14:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00029f07.
Processing media-specific event for [explorer.exe!ws!]
 
Error: (03/18/2017 06:00:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module shell32.dll, version 6.0.2900.6242, fault address 0x0002b2b4.
Processing media-specific event for [explorer.exe!ws!]
 
Error: (02/04/2017 09:48:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application Photoshop.exe, version 7.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (10/30/2016 10:52:56 AM) (Source: JavaQuickStarterService) (EventID: 1) (User: )
Description: Could not register service with the service manager: StartServiceCtrlDispatcher failed (error 1063)
 
Error: (10/22/2016 04:47:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (10/22/2016 04:46:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]
 
Error: (10/22/2016 04:46:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00029f07.
Processing media-specific event for [explorer.exe!ws!]
 
 
System errors:
=============
Error: (04/04/2017 08:57:36 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
Access is denied.
 
Error: (04/04/2017 08:57:36 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
Access is denied.
 
Error: (04/03/2017 10:48:11 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
Access is denied.
 
Error: (04/03/2017 10:48:11 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
Access is denied.
 
Error: (04/03/2017 07:06:01 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
Access is denied.
 
Error: (04/03/2017 07:06:01 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
Access is denied.
 
Error: (04/02/2017 07:15:36 AM) (Source: 0) (EventID: 1) (User: )
Description: Event-ID 1
 
Error: (04/02/2017 07:12:18 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.
 
Error: (04/02/2017 07:12:18 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
Access is denied.
 
Error: (04/02/2017 07:12:18 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
Access is denied.
 
 
==================== Memory info =========================== 
 
Processor: Genuine Intel® CPU T2050 @ 1.60GHz
Percentage of memory in use: 63%
Total physical RAM: 2038.04 MB
Available physical RAM: 738.46 MB
Total Virtual: 3411.83 MB
Available Virtual: 1265.92 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:74.52 GB) (Free:33.2 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive f: (SEA_DISC) (Fixed) (Total:149.01 GB) (Free:47.96 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 647E647E)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 8988262D)
Partition 1: (Not Active) - (Size=149 GB) - (Type=0B)
 
==================== End of Addition.txt ============================


#7 Jo*

Jo*

  • Malware Response Team
  • 3,293 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:37 PM

Posted 04 April 2017 - 04:52 PM

Hello,

:step1: Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


:step2: Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.



***


:step3: How the computer is running now?



***


:step4: FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Put a check into the box next to Addition.txt and press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste both logs in your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#8 StuPedMe

StuPedMe
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 04 April 2017 - 05:12 PM

Will not be able to run these for several hours.  

 

Jo, it would help calm my uneasiness about messing with my PC if you gave more explanation about what each tool should get rid of, etc.  :-D

 

Be back later--



#9 Jo*

Jo*

  • Malware Response Team
  • 3,293 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:37 PM

Posted 04 April 2017 - 05:32 PM

For now we remove adware.

Then, when I have your new Farbar logs, I will review these and prepare a script to remove some bad stuff.
Will do this tomorrow.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#10 StuPedMe

StuPedMe
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 05 April 2017 - 05:35 AM

# AdwCleaner v6.045 - Logfile created 05/04/2017 at 06:27:14
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-03-28.2 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (X86)
# Username : Judy - JUDY-A31D8506C2
# Running from : C:\Documents and Settings\Judy\Desktop\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
[-] Service deleted: vToolbarUpdater40.3.1
[-] Service deleted: WtuSystemSupport
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Documents and Settings\All Users\Application Data\Avg_Update_0316av
[-] Folder deleted: C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[-] Folder deleted: C:\Documents and Settings\All Users\Application Data\Viewpoint
[-] Folder deleted: C:\Documents and Settings\All Users\Application Data\avg web tuneup
[-] Folder deleted: C:\Program Files\Viewpoint
[-] Folder deleted: C:\Program Files\avg web tuneup
[-] Folder deleted: C:\Program Files\Common Files\AVG Secure Search
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SOFTWARE\Classes\Applications\iLividSetupV1[1].exe
[-] Key deleted: HKLM\SOFTWARE\Classes\AolCalSvr.ACToolBarCtrl
[-] Key deleted: HKLM\SOFTWARE\Classes\AolCalSvr.ACToolBarCtrl.5
[-] Key deleted: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
[-] Key deleted: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
[-] Key deleted: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Key deleted: HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
[-] Key deleted: HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKU\.DEFAULT\Software\AVG Secure Search
[-] Key deleted: HKU\.DEFAULT\Software\AVG Security Toolbar
[-] Key deleted: HKU\.DEFAULT\Software\VNT
[-] Key deleted: HKU\.DEFAULT\Software\Auslogics
[-] Key deleted: HKU\S-1-5-21-1229272821-746137067-682003330-1003\Software\Linkey
[-] Key deleted: HKU\S-1-5-21-1229272821-746137067-682003330-1003\Software\Auslogics
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AVG Secure Search
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AVG Security Toolbar
[#] Key deleted on reboot: HKU\S-1-5-18\Software\VNT
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Auslogics
[#] Key deleted on reboot: HKCU\Software\Linkey
[#] Key deleted on reboot: HKCU\Software\Auslogics
[-] Key deleted: HKLM\SOFTWARE\MetaStream
[-] Key deleted: HKLM\SOFTWARE\Viewpoint
[-] Key deleted: HKLM\SOFTWARE\W3I
[-] Key deleted: HKLM\SOFTWARE\AVG Tuneup
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
[-] Key deleted: HKU\S-1-5-21-1229272821-746137067-682003330-1003\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data restored: HKU\S-1-5-21-1229272821-746137067-682003330-1003\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\vProt
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [6877 Bytes] - [05/04/2017 06:27:14]
C:\AdwCleaner\AdwCleaner[R0].txt - [10014 Bytes] - [04/02/2015 18:01:48]
C:\AdwCleaner\AdwCleaner[S0].txt - [9966 Bytes] - [04/02/2015 18:11:44]
C:\AdwCleaner\AdwCleaner[S1].txt - [6800 Bytes] - [04/04/2017 14:05:01]
C:\AdwCleaner\AdwCleaner[S2].txt - [6873 Bytes] - [05/04/2017 06:12:05]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [7243 Bytes] ##########
 
Now, AVG is complaining that it needs updated.  Will run the Junkware and other scan before dealing with AVG.


#11 StuPedMe

StuPedMe
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 05 April 2017 - 05:54 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.2 (03.10.2017)
Operating System: Microsoft Windows XP x86 
Ran by Judy (Administrator) on Wed 04/05/2017 at  6:42:56.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 19 
 
Successfully deleted: C:\Documents and Settings\All Users\Start Menu\Programs\mp3 rocket (Folder) 
Successfully deleted: C:\Documents and Settings\Judy\Application Data\Mozilla\Firefox\Profiles\tinlslip.default\searchplugins\avg-secure-search.xml (File) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\1ARM5CFG (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8M6294SY (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\HQI9L9F6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QJHXEZUD (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\R4W1YU0Y (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WI291LLN (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\X4FHJ70K (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XNHNSZ19 (Temporary Internet Files Folder) 
Successfully deleted: C:\Program Files\mp3 rocket (Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1ARM5CFG (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8M6294SY (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HQI9L9F6 (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\QJHXEZUD (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\R4W1YU0Y (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WI291LLN (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\X4FHJ70K (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\XNHNSZ19 (Temporary Internet Files Folder) 
 
Deleted the following from C:\Documents and Settings\Judy\Application Data\Mozilla\Firefox\Profiles\tinlslip.default\prefs.js
user_pref(browser.search.defaultenginename, AVG Secure Search);
 
 
 
Registry: 3 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 04/05/2017 at  6:46:18.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#12 StuPedMe

StuPedMe
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 05 April 2017 - 06:05 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by Judy (administrator) on JUDY-A31D8506C2 (05-04-2017 06:56:13)
Running from C:\Documents and Settings\Judy\Desktop
Loaded Profiles: Judy (Available Profiles: Judy & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
(America Online, Inc) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
(America Online Inc) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\Av\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
(Google Inc.) C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-03-23] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2006-03-23] (Intel Corporation)
HKLM\...\Run: [KTPWare] => C:\Program Files\Elantech\ktp.exe [512000 2006-06-23] (ELANTECH Devices Corp.)
HKLM\...\Run: [Sidewalker] => C:\Program Files\Compal Electronics, INC\Sidewalker\CSWalker.exe [36864 2006-04-13] ()
HKLM\...\Run: [tsnp2std] => C:\WINDOWS\system32\tsnp2std.exe [126976 2006-03-31] ()
HKLM\...\Run: [snp2std] => C:\WINDOWS\vsnp2std.exe [339968 2005-10-20] (Sonix)
HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88204 2005-12-12] (Agere Systems)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16143872 2006-04-17] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1259979935\EE\AOLHostManager.exe [125528 2004-11-03] (America Online, Inc.)
HKLM\...\Run: [AOLDialer] => C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [34904 2004-10-20] (America Online)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [98304 2009-12-04] (Apple Computer, Inc.)
HKLM\...\Run: [Pure Networks Port Magic] => C:\Program Files\Pure Networks\Port Magic\PortAOL.exe [99480 2004-04-05] (Pure Networks, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [RealTray] => C:\Program Files\Real\RealPlayer\RealPlay.exe [26112 2009-12-04] (RealNetworks, Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-19\...\RunOnce: [nlhr] => RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C
HKU\S-1-5-19\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-03] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [nlhr] => RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C
HKU\S-1-5-20\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-03] (Microsoft Corporation)
HKU\S-1-5-21-1229272821-746137067-682003330-1003\...\Run: [Google Update] => C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-1229272821-746137067-682003330-1003\...\Run: [Amazon Cloud Player] => C:\Documents and Settings\Judy\Local Settings\Application Data\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
HKU\S-1-5-21-1229272821-746137067-682003330-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21648480 2014-07-02] (Skype Technologies S.A.)
HKU\S-1-5-21-1229272821-746137067-682003330-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7348440 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-1229272821-746137067-682003330-1003\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [746376 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-1229272821-746137067-682003330-1003\...\Run: [Zoom] => [X]
HKU\S-1-5-21-1229272821-746137067-682003330-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-01-31] (Google Inc.)
HKU\S-1-5-21-1229272821-746137067-682003330-1003\...\MountPoints2: {d6194be2-1d09-11e1-a195-00038a000015} - G:\RunClubSanDisk.exe
HKU\S-1-5-21-1229272821-746137067-682003330-1003\...\MountPoints2: {f4833c76-e11a-11de-be85-0016d459f640} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
HKU\S-1-5-18\...\RunOnce: [nlhr] => RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-03] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2009-03-30]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\Av\avgrsx.exe /sync /restart
GroupPolicy: Restriction ? <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{4DA64124-0CB9-48B8-809C-B2595AC3F275}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{9F1ECAC8-4AF9-463F-92D3-E86F12974604}: [DhcpNameServer] 209.18.47.62 209.18.47.61
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1229272821-746137067-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-1229272821-746137067-682003330-1003 -> Default = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
SearchScopes: HKU\.DEFAULT -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1229272821-746137067-682003330-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1229272821-746137067-682003330-1003 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-22] (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> c:\program files\google\googletoolbar1.dll [2009-01-31] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-10-22] (Oracle Corporation)
BHO: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-01] (Google Inc.)
Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll [2009-01-31] (Google Inc.)
Toolbar: HKU\.DEFAULT -> &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll [2009-01-31] (Google Inc.)
Toolbar: HKU\S-1-5-21-1229272821-746137067-682003330-1003 -> &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll [2009-01-31] (Google Inc.)
DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} hxxp://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} hxxp://mypoints.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3D3DBC64-0D21-4EA4-94EE-86D6D9B31C0C} hxxp://www.worldwinner.com/games/v45/moneylist/moneylist.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} hxxp://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab
DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} hxxp://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab
DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} hxxp://www.worldwinner.com/games/v43/paint/paint.cab
DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-01] (Google Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Judy\Application Data\Mozilla\Firefox\Profiles\tinlslip.default [2017-04-05]
FF DefaultSearchEngine.US: C:\Documents and Settings\Judy\Application Data\Mozilla\Firefox\Profiles\tinlslip.default -> Google
FF Homepage: C:\Documents and Settings\Judy\Application Data\Mozilla\Firefox\Profiles\tinlslip.default -> about:home
FF Extension: (AVG Web TuneUp) - C:\Documents and Settings\Judy\Application Data\Mozilla\Firefox\Profiles\tinlslip.default\Extensions\avg@toolbar.xpi [2016-07-18]
FF Extension: (Microsoft .NET Framework Assistant) - C:\Documents and Settings\Judy\Application Data\Mozilla\Firefox\Profiles\tinlslip.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-10-23] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-05-31] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1212152.dll [2014-05-30] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 -> C:\WINDOWS\ [] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1229272821-746137067-682003330-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1229272821-746137067-682003330-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1229272821-746137067-682003330-1003: @zoom.us/ZoomVideoPlugin -> C:\Documents and Settings\Judy\Application Data\Zoom\bin\npzoomplugin.dll [2015-11-30] (Zoom Video Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2009-12-04] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2009-12-04] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2009-12-04] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2009-12-04] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2009-12-04] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2009-12-04] (Apple Computer, Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> mysearch.avg.com/?rvt=1
CHR StartupUrls: Default -> "hxxps://www.google.com/?gws_rd=ssl"
CHR Profile: C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-04-05]
CHR Extension: (Google Drive) - C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (ColorZilla) - C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2016-12-25]
CHR Extension: (YouTube) - C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-21]
CHR Extension: (Google Search) - C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-03-31]
CHR Extension: (TinEye Reverse Image Search) - C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2016-08-27]
CHR Extension: (Munchee Auto Game Bonus Collector) - C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hoejkmpidaklcngdmkfflceeppncmhko [2015-12-03]
CHR Extension: (Do Not Disturb!) - C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ilnddakjdkpofoablibghfikpeknhbia [2014-11-24]
CHR Extension: (Cisco WebEx Extension) - C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-03-28]
CHR Extension: (Grammarly for Chrome) - C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-03-31]
CHR Extension: (FV Extender 4 beta) - C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kcllnphghagindkpdjodfjghgcinabik [2011-11-03]
CHR Extension: (Google Dictionary (by Google)) - C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-04-20]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Personal Blocklist (by Google)) - C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef [2015-08-21]
CHR Extension: (Gmail) - C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
StartMenuInternet: chrome.exe - C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
StartMenuInternet: Google Chrome - C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [10328 2004-10-20] (America Online)
R2 AOL TopSpeedMonitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [100016 2004-10-15] (America Online, Inc)
R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [4153408 2017-03-23] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [935184 2016-12-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [606360 2017-03-23] (AVG Technologies CZ, s.r.o.)
S2 CrossLoopService; C:\Documents and Settings\Judy\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [569072 2012-01-06] (CrossLoop)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-22] (Oracle Corporation)
S2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2004-09-29] (HP) [File not signed]
S3 tvnserver; C:\Documents and Settings\Judy\Local Settings\Application Data\CrossLoop\tvnserver.exe [814080 2010-07-21] (GlavSoft LLC.) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2009-12-04] (Windows ® 2000 DDK provider) [File not signed]
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [134912 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [247552 2017-02-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [207616 2016-10-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [244992 2016-11-30] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [287008 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [197376 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [47360 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [231680 2016-07-27] (AVG Technologies CZ, s.r.o.)
R0 Avgunivx; C:\WINDOWS\System32\DRIVERS\avgunivx.sys [65280 2016-06-20] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 EMSCR; C:\WINDOWS\System32\DRIVERS\EMS7SK.sys [61056 2006-03-22] (ENE Technology Inc.)
R3 ESDCR; C:\WINDOWS\System32\DRIVERS\ESD7SK.sys [37888 2006-03-22] (ENE Technology Inc.)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51120 2005-03-08] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-03-08] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2005-03-08] (HP)
R3 Ktp; C:\WINDOWS\System32\DRIVERS\Ktp.sys [27904 2006-06-19] (ELANTECH Devices Corp.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NETw3x32; C:\WINDOWS\System32\DRIVERS\NETw3x32.sys [1711104 2006-10-17] (Intel® Corporation)
S3 SNP2STD; C:\WINDOWS\System32\DRIVERS\snp2sxp.sys [10446592 2005-10-17] ()
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S4 IntelIde; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-05 06:46 - 2017-04-05 06:46 - 00004011 _____ C:\Documents and Settings\Judy\Desktop\JRT.txt
2017-04-05 06:36 - 2017-04-05 06:36 - 01663904 _____ (Malwarebytes) C:\Documents and Settings\Judy\Desktop\JRT.exe
2017-04-05 06:25 - 2017-04-05 06:25 - 00000036 _____ C:\Documents and Settings\Judy\My Documents\Answers_ajax call.txt
2017-04-04 17:27 - 2017-04-04 17:27 - 00090112 _____ C:\WINDOWS\Minidump\Mini040417-01.dmp
2017-04-04 15:37 - 2017-04-04 15:37 - 00000093 _____ C:\Documents and Settings\Judy\My Documents\NT_define_opprobrium.txt
2017-04-04 15:36 - 2017-04-04 16:31 - 00000092 _____ C:\Documents and Settings\Judy\My Documents\AnsWA_misspellings fixed_April 2017.txt
2017-04-04 14:15 - 2017-04-04 14:20 - 00050338 _____ C:\Documents and Settings\Judy\Desktop\Addition.txt
2017-04-04 14:12 - 2017-04-05 06:56 - 00024255 _____ C:\Documents and Settings\Judy\Desktop\FRST.txt
2017-04-04 14:11 - 2017-04-04 14:11 - 01766912 _____ (Farbar) C:\Documents and Settings\Judy\Desktop\FRST.exe
2017-04-04 11:51 - 2017-04-04 11:51 - 04089296 _____ C:\Documents and Settings\Judy\Desktop\AdwCleaner.exe
2017-04-04 11:41 - 2017-04-04 13:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2017-04-04 11:38 - 2017-04-04 11:38 - 00000000 ____D C:\Documents and Settings\Judy\My Documents\Malawarebytes_antiroot-exractor
2017-04-04 10:51 - 2017-04-04 11:10 - 00000000 ____D C:\Documents and Settings\Judy\My Documents\_A_A_A_A_backup of Desktop_2017-April
2017-04-04 10:25 - 2017-04-04 10:37 - 00003206 _____ C:\Documents and Settings\Judy\My Documents\bleeping computer.txt
2017-04-04 10:25 - 2017-04-04 10:25 - 16563352 _____ (Malwarebytes Corp.) C:\Documents and Settings\Judy\Desktop\mbar-1.09.3.1001.exe
2017-04-04 10:18 - 2017-04-04 10:18 - 00852798 _____ C:\Documents and Settings\Judy\Desktop\SecurityCheck (1).exe
2017-04-04 10:17 - 2017-04-04 10:17 - 00852798 _____ C:\Documents and Settings\Judy\My Documents\SecurityCheck.exe
2017-04-02 04:34 - 2017-04-02 04:34 - 00000072 _____ C:\Documents and Settings\Judy\My Documents\AnsWA_searches to continue.txt
2017-03-28 21:48 - 2017-03-28 23:12 - 00002406 _____ C:\Documents and Settings\Judy\My Documents\AnsWA_heroin vs heroine.txt
2017-03-28 08:19 - 2017-03-28 08:19 - 00781953 _____ C:\Documents and Settings\Judy\My Documents\tomnod_avi_1-s2.0-S0747563216305295-main.pdf
2017-03-27 02:56 - 2017-03-27 02:56 - 00001135 _____ C:\Documents and Settings\Judy\My Documents\red-robe_steph-birth.txt
2017-03-26 08:40 - 2017-03-26 08:40 - 00000134 _____ C:\Documents and Settings\Judy\My Documents\WA_searches topics to delete.txt
2017-03-26 04:39 - 2017-03-26 04:41 - 00000000 ____D C:\Documents and Settings\Judy\My Documents\__A_Accts_pws_2017 March
2017-03-25 15:19 - 2017-03-25 15:19 - 00154181 _____ C:\Documents and Settings\Judy\My Documents\WA_delete_Spirit of Reform_Reading 1.pdf
2017-03-25 08:15 - 2017-03-25 08:15 - 00578406 _____ C:\Documents and Settings\Judy\My Documents\WA_delete_energy_transfer.pdf
2017-03-24 07:10 - 2017-03-24 07:10 - 03100137 _____ C:\Documents and Settings\Judy\My Documents\AlleghenyCountyDMAfp.pdf
2017-03-24 03:55 - 2017-03-24 03:55 - 00000161 _____ C:\Documents and Settings\Judy\My Documents\teach-Philosophy.txt
2017-03-22 21:17 - 2017-03-23 02:58 - 00000183 _____ C:\Documents and Settings\Judy\My Documents\friend_moucha__3306230215.txt
2017-03-21 22:46 - 2017-03-21 22:46 - 00000122 _____ C:\Documents and Settings\Judy\My Documents\datadump_march 21 2017.txt
2017-03-21 22:39 - 2017-03-21 22:38 - 00090112 _____ C:\WINDOWS\Minidump\Mini032117-01.dmp
2017-03-21 02:48 - 2017-03-21 02:48 - 00000045 _____ C:\Documents and Settings\Judy\My Documents\Florian_writing_phrases to use.txt
2017-03-20 23:52 - 2017-03-30 01:33 - 00000965 _____ C:\Documents and Settings\Judy\My Documents\Ans_WA_March 2017_new search.txt
2017-03-20 22:16 - 2017-03-20 22:17 - 00506799 _____ C:\Documents and Settings\Judy\My Documents\trump-jail-photo.htm
2017-03-19 08:18 - 2017-03-19 08:18 - 00000120 _____ C:\Documents and Settings\Judy\My Documents\data dump march 19th.txt
2017-03-19 08:13 - 2017-03-19 08:13 - 00090112 _____ C:\WINDOWS\Minidump\Mini031917-01.dmp
2017-03-19 01:40 - 2017-03-19 01:40 - 00000405 _____ C:\Documents and Settings\Judy\My Documents\WA_other wrongly trashed.txt
2017-03-18 19:47 - 2017-03-18 19:47 - 12217155 _____ C:\Documents and Settings\Judy\My Documents\SurvivalGuide08.pdf
2017-03-18 19:46 - 2017-03-18 19:47 - 04071363 _____ C:\Documents and Settings\Judy\My Documents\Emergency Medicine MCQs - De Alwis, Waruna [SRG].pdf
2017-03-18 05:58 - 2017-03-18 05:59 - 00000000 ____D C:\Documents and Settings\Judy\My Documents\WA_Answers_Profile_MASTER FILES
2017-03-18 05:51 - 2017-03-18 05:51 - 00000000 ____D C:\Documents and Settings\Judy\My Documents\_A_A_A_A_backup of Desktop_2017-March
2017-03-16 09:37 - 2017-03-16 09:46 - 00000000 ____D C:\Documents and Settings\Judy\My Documents\Answers_WA_pictures
2017-03-16 07:44 - 2017-03-16 07:44 - 00006706 _____ C:\Documents and Settings\Judy\My Documents\TWC_chat.txt
2017-03-16 07:32 - 2017-03-16 07:45 - 00006254 _____ C:\Documents and Settings\Judy\My Documents\lactic acid my symptoms.txt
2017-03-16 02:40 - 2017-03-16 02:40 - 00000254 _____ C:\Documents and Settings\Judy\My Documents\urls.txt
2017-03-15 15:29 - 2017-03-15 15:29 - 00139386 _____ C:\Documents and Settings\Judy\My Documents\nurse=as-patient_CEA16501-0001.pdf
2017-03-15 05:53 - 2017-03-18 01:41 - 00010474 _____ C:\Documents and Settings\Judy\My Documents\note to St E's.txt
2017-03-14 23:53 - 2017-03-14 23:53 - 00000025 _____ C:\Documents and Settings\Judy\My Documents\janet smart_email address.txt
2017-03-14 18:14 - 2017-03-14 18:14 - 00000278 _____ C:\Documents and Settings\Judy\My Documents\verizon_korleen.txt
2017-03-14 16:24 - 2017-03-14 18:05 - 00049664 ____H C:\Documents and Settings\Judy\My Documents\~WRL1418.tmp
2017-03-14 06:38 - 2017-03-18 15:01 - 00002102 _____ C:\Documents and Settings\Judy\My Documents\WA_SabeAstrology_trashing problems.txt
2017-03-13 21:35 - 2017-03-13 21:35 - 00518728 _____ C:\Documents and Settings\Judy\My Documents\Lactic-acidosis_Parrish-September-15.pdf
2017-03-13 21:23 - 2017-03-16 07:44 - 00004969 _____ C:\Documents and Settings\Judy\My Documents\appendix_citations.txt
2017-03-13 18:34 - 2017-03-13 18:35 - 00000531 _____ C:\Documents and Settings\Judy\My Documents\var notes.txt
2017-03-13 07:46 - 2017-03-13 07:47 - 00088685 _____ C:\Documents and Settings\Judy\My Documents\Stigma_Ignorance_prejudice_or_discrimination.pdf
2017-03-13 04:33 - 2017-03-19 01:37 - 00012266 _____ C:\Documents and Settings\Judy\My Documents\WA_HQTD_Jponbac_over-trashing.txt
2017-03-11 04:52 - 2017-03-11 04:53 - 00000000 ____D C:\Documents and Settings\Judy\My Documents\Purchase_Amazon_2015 July 14
2017-03-11 04:51 - 2017-03-11 04:51 - 00000000 ____D C:\Documents and Settings\Judy\My Documents\Purchase_Amazon_2017 Jan
2017-03-09 15:06 - 2017-03-09 15:06 - 00090112 _____ C:\WINDOWS\Minidump\Mini030917-01.dmp
2017-03-08 03:47 - 2017-03-08 03:47 - 00000392 _____ C:\Documents and Settings\Judy\My Documents\zelboraf.txt
2017-03-07 02:42 - 2017-03-07 02:42 - 00000126 _____ C:\Documents and Settings\Judy\My Documents\dump file_march 7 2017.txt
2017-03-07 02:01 - 2017-03-07 02:01 - 00090112 _____ C:\WINDOWS\Minidump\Mini030717-01.dmp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-05 06:57 - 2015-02-09 02:23 - 00000000 ____D C:\Documents and Settings\Judy\Local Settings\Temp
2017-04-05 06:56 - 2015-02-04 18:33 - 00000000 ____D C:\FRST
2017-04-05 06:53 - 2009-12-25 18:32 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-04-05 06:53 - 2009-01-30 23:52 - 00032544 _____ C:\WINDOWS\SchedLgU.Txt
2017-04-05 06:52 - 2012-07-29 10:20 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-04-05 06:43 - 2016-09-20 18:20 - 00000314 ____H C:\WINDOWS\Tasks\AVG EUpdate Task.job
2017-04-05 06:30 - 2002-08-29 08:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2017-04-05 06:29 - 2016-03-10 18:57 - 00000650 _____ C:\WINDOWS\Tasks\AVG_SYS_TASK_0316av.job
2017-04-05 06:29 - 2016-03-10 18:55 - 00000502 _____ C:\WINDOWS\Tasks\AVG_SYS_TASK_0316av_DELETE.job
2017-04-05 06:29 - 2014-04-26 16:14 - 00000532 _____ C:\WINDOWS\Tasks\Amazon Music Helper.job
2017-04-05 06:29 - 2014-04-01 13:30 - 00000220 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2017-04-05 06:29 - 2009-12-25 18:32 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-04-05 06:29 - 2009-01-30 23:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-05 06:28 - 2009-01-30 23:53 - 00000178 ___SH C:\Documents and Settings\Judy\ntuser.ini
2017-04-05 06:27 - 2015-02-04 18:01 - 00000000 ____D C:\AdwCleaner
2017-04-05 06:25 - 2009-01-30 23:53 - 00000000 ___RD C:\Documents and Settings\Judy\My Documents
2017-04-05 06:08 - 2010-05-09 09:48 - 00000974 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-746137067-682003330-1003UA.job
2017-04-05 03:15 - 2015-10-27 11:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2017-04-04 19:08 - 2010-05-09 09:48 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-746137067-682003330-1003Core.job
2017-04-04 17:27 - 2012-05-28 17:04 - 00000000 ____D C:\WINDOWS\Minidump
2017-04-04 17:27 - 2011-11-06 20:49 - 00000000 __SHD C:\WINDOWS\CSC
2017-04-04 13:26 - 2012-05-02 11:49 - 00000000 ____D C:\Documents and Settings\Judy\Desktop\Exes_Current
2017-04-04 11:41 - 2015-02-10 17:38 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-04-04 11:39 - 2015-02-10 17:38 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-04-03 19:48 - 2012-02-28 10:16 - 00000000 ___RD C:\Documents and Settings\Judy\My Documents\My Pictures
2017-03-30 23:06 - 2015-10-27 11:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2017-03-25 18:37 - 2009-01-30 18:29 - 00000000 ___HD C:\WINDOWS\inf
2017-03-19 05:46 - 2014-04-24 05:09 - 00000342 _____ C:\Documents and Settings\Judy\Desktop\Acc_pw_gmail.txt
2017-03-18 08:18 - 2009-03-30 15:54 - 00002455 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft FrontPage.lnk
2017-03-16 09:55 - 2016-12-04 07:58 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2017-03-14 08:19 - 2014-12-04 17:12 - 00003395 _____ C:\Documents and Settings\Judy\Desktop\accts_verizon phone.txt
2017-03-12 17:12 - 2009-01-30 18:36 - 00604526 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-11 05:10 - 2016-06-18 04:30 - 00000000 ____D C:\Documents and Settings\Judy\My Documents\_A_A_A_A_backup of Desktop_2016-June
2017-03-11 05:10 - 2014-09-08 03:44 - 00000000 ____D C:\Documents and Settings\Judy\My Documents\_A_A_A_A_backup of Desktop_2014-Sept
2017-03-08 16:00 - 2014-04-01 13:30 - 00000214 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
 
==================== Files in the root of some directories =======
 
2010-01-12 23:18 - 2010-01-12 23:18 - 0033902 _____ () C:\Documents and Settings\Judy\Application Data\Update_HP_RedboxHprblog_HPSU.log
2009-12-04 17:49 - 2013-08-16 21:12 - 0009728 _____ () C:\Documents and Settings\Judy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-05 14:50 - 2012-07-05 14:50 - 0033758 _____ () C:\Documents and Settings\Judy\Local Settings\Application Data\dt.dat
2011-11-04 19:48 - 2011-11-04 19:48 - 0000127 _____ () C:\Documents and Settings\Judy\Local Settings\Application Data\fusioncache.dat
2015-11-04 20:06 - 2015-11-04 20:06 - 0000057 _____ () C:\Documents and Settings\All Users\Application Data\Ament.ini
2009-03-30 15:04 - 2015-11-04 19:53 - 0008237 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
 
Some files in TEMP:
====================
2015-10-24 15:15 - 2015-10-24 15:15 - 2892128 _____ (AVG Technologies) C:\Documents and Settings\Judy\Local Settings\Temp\avg-c883b319-5983-482d-9b60-5f2a5cb0b957.exe
2016-01-05 16:03 - 2015-11-12 17:54 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Judy\Local Settings\Temp\avguirn_081173632627.exe
2016-05-31 20:31 - 2016-04-22 10:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Judy\Local Settings\Temp\avguirn_08122444151.exe
2016-04-08 21:24 - 2016-02-18 13:09 - 0179624 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Judy\Local Settings\Temp\avguirn_081413803436.exe
2016-04-18 21:48 - 2016-03-23 16:57 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Judy\Local Settings\Temp\avguirn_08161675735.exe
2016-01-16 00:44 - 2015-12-08 08:23 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Judy\Local Settings\Temp\avguirn_081796835594.exe
2016-02-23 18:38 - 2016-01-12 17:23 - 0179624 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Judy\Local Settings\Temp\avguirn_081831263480.exe
2016-07-27 20:22 - 2016-06-21 18:49 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Judy\Local Settings\Temp\avguirn_08240308534.exe
2015-11-18 08:42 - 2015-10-16 13:30 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Judy\Local Settings\Temp\avguirn_08319065798.exe
2016-06-24 03:07 - 2016-05-18 13:03 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Judy\Local Settings\Temp\avguirn_08343920394.exe
2016-08-22 19:39 - 2016-07-20 14:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\Judy\Local Settings\Temp\avguirn_08938376130.exe
2015-11-04 19:31 - 2005-04-27 15:01 - 1130496 ____N (Hewlett-Packard) C:\Documents and Settings\Judy\Local Settings\Temp\hpzmsi01.exe
2015-11-04 19:31 - 2005-04-27 15:05 - 0790528 ____N (Hewlett-Packard) C:\Documents and Settings\Judy\Local Settings\Temp\hpzscr01.exe
2015-03-09 12:25 - 2015-03-09 12:25 - 0561576 _____ (Oracle Corporation) C:\Documents and Settings\Judy\Local Settings\Temp\jre-8u40-windows-au.exe
2015-06-12 18:21 - 2015-06-12 18:21 - 0563808 _____ (Oracle Corporation) C:\Documents and Settings\Judy\Local Settings\Temp\jre-8u51-windows-au.exe
2015-06-12 05:11 - 2015-06-12 05:13 - 28849904 _____ () C:\Documents and Settings\Judy\Local Settings\Temp\vlc-2.2.1-win32.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by Judy (05-04-2017 06:57:33)
Running from C:\Documents and Settings\Judy\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2009-01-31 03:51:13)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1229272821-746137067-682003330-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1229272821-746137067-682003330-1004 - Limited - Enabled)
Guest (S-1-5-21-1229272821-746137067-682003330-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1229272821-746137067-682003330-1000 - Limited - Disabled)
Judy (S-1-5-21-1229272821-746137067-682003330-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Judy
SUPPORT_388945a0 (S-1-5-21-1229272821-746137067-682003330-1002 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AbiWord 2.8.6 (HKLM\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Digital Editions 3.0 (HKLM\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Photoshop 5.5 (HKLM\...\Adobe Photoshop 5.5) (Version: 5.5 - Adobe Systems, Inc.)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - )
Amazon Cloud Player (HKU\S-1-5-21-1229272821-746137067-682003330-1003\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC)
America Online (Choose which version to remove) (HKLM\...\America Online us) (Version:  - )
Ancestry World Archives Project - Keying Tool (HKLM\...\{11E9DB47-6A91-43ED-8B8D-C3260456C3BB}) (Version: 1.1.0103 - Ancestry.com)
AOL Coach Version 2.0(Build:20041026.5 en) (HKLM\...\AolCoach2_en) (Version:  - )
AOL Connectivity Services (HKLM\...\AOL Connectivity Services) (Version:  - )
ATLAS.ti (HKLM\...\{56DFC92C-71EF-4947-978A-E88C9D38FA68}) (Version: 7.1.04.0 - ATLAS.ti Scientific Software Development GmbH)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version:  - )
Audacity 1.3.14 (Unicode) (HKLM\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
AVG (Version: 16.151.8012 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4769 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.151.8012 - AVG Technologies)
AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 4.3.1.831 - AVG Technologies)
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CP_Package_Variety1 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CP_Package_Variety2 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CP_Package_Variety3 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CrossLoop 2.82 (HKLM\...\CrossLoop_is1) (Version: 2.82 - CrossLoop, Inc.)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
Easy Thumbnails (Remove only) (HKLM\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
EXMARaLDA 1.9 (HKLM\...\EXMARaLDA_is1) (Version:  - Thomas Schmidt, Kai Woerner, Timm Lehmberg, Hanna Hedeland)
FamilySearch Indexing 3.12.1 (HKLM\...\0591-8077-9297-0833) (Version: 3.12.1 - FamilySearch)
FastStone Image Viewer 4.0 (HKLM\...\FastStone Image Viewer) (Version: 4.0 - FastStone Soft)
FileZilla Client 3.8.0 (HKLM\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden
Free Opener (HKLM\...\{A1F2C608-32D6-467D-B035-BBEF509042BA}_is1) (Version: 1.4 - EZ Freeware)
GenoPro 2.5.3.9 (HKLM\...\GenoPro) (Version:  - GenoPro Inc.)
Google Chrome (HKU\S-1-5-21-1229272821-746137067-682003330-1003\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Chrome Frame (HKLM\...\Google Chrome Frame) (Version: 32.0.1700.107 - Google Inc.)
Google Earth (HKLM\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - )
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
Graph 4.4.2 (HKLM\...\Graph_is1) (Version:  - Ivan Johansen)
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
HP Officejet 4620 series Basic Device Software (HKLM\...\{C4E2A2F2-2A53-42C7-920A-169713776631}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
InfoRapid Search & Replace (HKLM\...\InfoRapid Search & Replace) (Version: 3.1f - Ingo Straub Softwareentwicklung)
Integrated Camera (HKLM\...\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}) (Version: 5.4.16.2 - )
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4543 - )
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
KTP Ware PS/2-WDM 5.0.3.8 (HKLM\...\Elantech) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
Malwarebytes' Anti-Malware (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mendeley Desktop 1.11 (HKLM\...\Mendeley Desktop) (Version: 1.11 - Mendeley Ltd.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Download Manager (HKLM\...\{654977DB-0001-0002-0001-EABD228DDE8B}) (Version: 1.2.1 - Microsoft Corporation)
Microsoft FrontPage 2000 (HKLM\...\{00120409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works 2003 Setup Launcher (HKLM\...\Works2003Setup) (Version:  - )
Microsoft Works 7.0 (HKLM\...\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}) (Version: 07.02.0710.1 - Microsoft Corporation)
Microsoft Works Suite Add-in for Microsoft Word (HKLM\...\{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}) (Version: 2.0.0.0000 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.1 - Mozilla)
Mozilla Thunderbird 16.0.2 (x86 en-US) (HKLM\...\Mozilla Thunderbird 16.0.2 (x86 en-US)) (Version: 16.0.2 - Mozilla)
MP3 Rocket (HKLM\...\MP3 Rocket) (Version: 7.2.1 - MP3 Rocket Inc) <==== ATTENTION
MSN (HKLM\...\MSNINST) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NoteTab Light 7 (Remove only) (HKLM\...\NoteTab Light 7_is1) (Version: 7.2 - Fookes Holding Ltd)
Pure Networks Port Magic (HKLM\...\Port Magic) (Version: 1.2.1393.0 - Pure Networks)
QuickTime (HKLM\...\QuickTime) (Version:  - )
RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version:  - )
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Screen Calipers (HKLM\...\Screen Calipers) (Version: 4.0 - Iconico)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Sidewalker (HKLM\...\InstallShield_{BE114DB8-D43B-4C88-842E-573E8EFB1613}) (Version: 1.43.0.3 - COMPAL)
Sidewalker (Version: 1.43.0.3 - COMPAL) Hidden
SketchUp 8 (HKLM\...\{779D8CA1-03DD-4AD4-B21F-3E20BFE7BEDE}) (Version: 3.0.15158 - Trimble Navigation Limited)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TranscriberAG (HKLM\...\TranscriberAG) (Version:  - )
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.11.0 - Tweaking.com)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
waterMark V2 (HKLM\...\waterMark V2) (Version:  - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WFMJ Live Online (HKLM\...\WFMJ Live Online) (Version:  - )
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinMerge 2.12.4 (HKLM\...\WinMerge_is1) (Version: 2.12.4 - Thingamahoochie Software)
Works Suite OS Pack (Version: 3.0.0.0000 - Microsoft Corporation) Hidden
Workshare Compare (HKLM\...\{8686AEEA-4B4F-49C2-9092-464F8379A1C0}) (Version: 7.0.10000.1900 - Workshare)
Workshare PDF Converter (HKLM\...\{D8E0BC34-B11A-498E-BA01-C23B99E52287}) (Version: 7.0.1285.1 - Workshare)
Xenu's Link Sleuth (HKLM\...\Xenu's Link Sleuth) (Version: 1.3.8 - Tilman Hausherr)
XY Family Tree 6.5 (HKLM\...\XY Family Tree_is1) (Version:  - Brian Jones)
Zoom (HKU\S-1-5-21-1229272821-746137067-682003330-1003\...\ZoomUMX) (Version: 3.5 - Zoom Video Communications, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.21.135\psuser.dll = (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.21.99\psuser.dll => (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.21.57\psuser.dll => (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.25.5\psuser.dll =>  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.27.5\psuser.dll =>  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.21.69\psuser.dll => (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.2.183.39\goopdate.dll (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.21.79\psuser.dll => (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dll =>  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.30.3\psuser.dll =>  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.31.5\psuser.dll =>  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.28.1\psuser.dll =>  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.21.145\psuser.dll = (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.21.123\psuser.dll = (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.21.153\psuser.dll = (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.28.13\psuser.dll => (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.29.5\psuser.dll =>  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll => (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.21.149\psuser.dll = (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll =>  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dll = (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.26.9\psuser.dll =>  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.21.115\psuser.dll = (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.32.7\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.29.1\psuser.dll =>  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll => (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.28.15\psuser.dll => (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.21.65\psuser.dll => (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.32.7\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dll =>  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.21.111\psuser.dll = (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-746137067-682003330-1003_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.3.24.7\psuser.dll =>  (the data entry has 7 more characters).
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Amazon Music Helper.job => C:\Documents and Settings\Judy\Local Settings\Application Data\Amazon Cloud Player\Amazon Music Helper.exe
Task: C:\WINDOWS\Tasks\AVG EUpdate Task.job => C:\Program Files\AVG\Setup AVG Technologies      0 ߡ   !           0ߡ   !           
Task: C:\WINDOWS\Tasks\AVG_SYS_TASK_0316av.job => C:\Documents and Settings\All Users\Application Data\Avg_Update_0316av\AVG-Secure-Search-Update_0316av.exe
Task: C:\WINDOWS\Tasks\AVG_SYS_TASK_0316av_DELETE.job => C:\Documents and Settings\All Users\Application Data\Avg_Update_0316av\AVG-Secure-Search-Update_0316av.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-746137067-682003330-1003Core.job => C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-746137067-682003330-1003UA.job => C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Documents and Settings\Judy\NetHood\parentalalienation.uploadmysite.com\target.lnk -> hxxp://parentalalienation.uploadmysite.co
Shortcut: C:\Documents and Settings\Judy\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
 
ShortcutWithArgument: C:\Documents and Settings\Judy\Start Menu\Programs\CrossLoop\CrossLoop.lnk -> C:\Documents and Settings\Judy\Local Settings\Application Data\CrossLoop\CrossLoopConnect.exe (CrossLoop) -> -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server 
ShortcutWithArgument: C:\Documents and Settings\Judy\My Documents\_A_A_A_A_backup of Desktop_2016-June\Unused Desktop Shortcuts\CrossLoop call Bruce 330-502-6853.lnk -> C:\Documents and Settings\Judy\Local Settings\Application Data\CrossLoop\CrossLoopConnect.exe (CrossLoop) -> -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server 
ShortcutWithArgument: C:\Documents and Settings\Judy\My Documents\Downloads\PC_cleaner Programs for viruses\Unused Desktop Shortcuts\CrossLoop call Bruce 330-502-6853.lnk -> C:\Documents and Settings\Judy\Local Settings\Application Data\CrossLoop\CrossLoopConnect.exe (CrossLoop) -> -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server 
ShortcutWithArgument: C:\Documents and Settings\Judy\Application Data\Microsoft\Internet Explorer\Quick Launch\CrossLoop.lnk -> C:\Documents and Settings\Judy\Local Settings\Application Data\CrossLoop\CrossLoopConnect.exe (CrossLoop) -> -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server 
 
==================== Loaded Modules (Whitelisted) ==============
 
2009-12-06 15:38 - 2009-11-05 09:39 - 00087552 _____ () C:\WINDOWS\system32\cpwmon2k.dll
2014-03-28 05:35 - 2014-03-28 05:35 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2004-08-04 00:56 - 2008-04-14 06:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-04 00:56 - 2008-04-14 06:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2016-11-29 00:02 - 2016-11-29 00:01 - 48920064 _____ () C:\Program Files\AVG\UiDll\2623\libcef.dll
2016-09-06 19:02 - 2016-09-06 12:00 - 05197312 _____ () C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-09-06 19:02 - 2016-09-06 12:00 - 00147456 _____ () C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Documents and Settings\Judy\My Documents\r017-Map3383-WhitesideWashington (88-41) (1).pdf:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1229272821-746137067-682003330-1003\...\ancestry.com -> ancestry.com
IE trusted site: HKU\S-1-5-21-1229272821-746137067-682003330-1003\...\aolnews.com -> www.aolnews.com
IE trusted site: HKU\S-1-5-21-1229272821-746137067-682003330-1003\...\eharmony.com -> hxxp://www.eharmony.com
IE restricted site: HKU\S-1-5-21-1229272821-746137067-682003330-1003\...\google-analytics.com -> google-analytics.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2002-08-29 08:00 - 2015-02-15 21:01 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1229272821-746137067-682003330-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Judy\My Documents\desk_wallppr\Internet Explorer Wallpaper.bmp
DNS Servers: 8.8.8.8 - 8.8.4.4
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^Documents and Settings^Judy^Start Menu^Programs^Startup^WFMJ Live Online.lnk => C:\WINDOWS\pss\WFMJ Live Online.lnkStartup
MSCONFIG\startupreg: AvgUi => "C:\Program Files\AVG\Framework\Common\avguirnx.exe" /lps=fmw
MSCONFIG\startupreg: AVG_UI => "C:\Program Files\AVG\Av\avuirunnerx.exe" C:\Program Files\AVG\Av\avgui.exe
MSCONFIG\startupreg: HF_G_Jul => "C:\Program Files\AVG Secure Search\HF_G_Jul.exe"  /DoAction
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: ROC_ROC_JULY_P1 => "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
MSCONFIG\startupreg: ROC_ROC_NT => "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Judy\Local Settings\Temp\usmt\migwiz.exe] => Enabled:Files and Settings Transfer Wizard
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\Loader\aolload.exe] => Enabled:AOL Application Loader
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe] => Enabled:AOL
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe] => Enabled:AOL
StandardProfile\AuthorizedApplications: [C:\Program Files\America Online 9.0\waol.exe] => Enabled:AOL
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe] => Enabled:AOLTsMon
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe] => Enabled:AOLTopSpeed
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\1259979935\EE\AOLServiceHost.exe] => Enabled:AOL
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\System Information\sinf.exe] => Enabled:AOL
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe] => Enabled:AOL
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe] => Enabled:AOL
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe] => Enabled:AOL
StandardProfile\AuthorizedApplications: [C:\Program Files\CrossLoop\CrossLoopConnect.exe] => Enabled:CrossLoop - Simple Secure Screen Sharing
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office\FRONTPG.EXE] => Enabled:Microsoft FrontPage
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Google Earth\client\googleearth.exe] => Enabled:Google Earth
StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Internet Explorer\iexplore.exe] => Enabled:Internet Explorer
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Google Earth\plugin\geplugin.exe] => Enabled:Google Earth
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe] => Enabled:hpqtra08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe] => Enabled:hpqste08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe] => Enabled:hpofxm08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe] => Enabled:hposfx08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe] => Enabled:hposid01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe] => Enabled:hpqscnvw.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe] => Enabled:hpqcopy.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe] => Enabled:hpfccopy.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe] => Enabled:hpzwiz01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe] => Enabled:hpqphunl.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe] => Enabled:hpqdia.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe] => Enabled:hpoews01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Real\RealPlayer\realplay.exe] => Enabled:RealPlayer
StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre6\bin\javaw.exe] => Disabled:Java™ Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Judy\Local Settings\Application Data\CrossLoop\CrossLoopConnect.exe] => Enabled:CrossLoop - Simple Secure Screen Sharing
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Judy\Local Settings\Application Data\CrossLoop\vncviewer.exe] => Enabled:vncviewer.exe
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Judy\Local Settings\Application Data\CrossLoop\tvnserver.exe] => Enabled:tvnserver.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2012\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dpvsetup.exe] => Enabled:Microsoft DirectPlay Voice Test
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\rundll32.exe] => Enabled:Run a DLL as an App
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Google Talk\googletalk.exe] => Enabled:Google Talk
StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre7\bin\javaw.exe] => Enabled:Java™ Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Program Files\Xenu\Xenu.exe] => Enabled:XENU
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2014\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Judy\Application Data\Zoom\bin\Zoom.exe] => Enabled:Zoom
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 4620 series\Bin\FaxApplications.exe] => :LocalSubNet:Enabled:HP Officejet 4620 series FaxApplications
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 4620 series\Bin\DigitalWizards.exe] => :LocalSubNet:Enabled:HP Officejet 4620 series DigitalWizards
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 4620 series\Bin\SendAFax.exe] => :LocalSubNet:Enabled:HP Officejet 4620 series SendFaxAppExe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 4620 series\Bin\DeviceSetup.exe] => :LocalSubNet:Enabled:HP Device Setup (HP Officejet 4620 series)
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicator.exe] => :LocalSubNet:Enabled:HP Network Communicator (HP Officejet 4620 series)
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicatorCom.exe] => :LocalSubNet:Enabled:HP Network Communicator COM (HP Officejet 4620 series)
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgnsx.exe] => Enabled:Online Shield
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgemcx.exe] => Enabled:Personal Email Scanner
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [5910:TCP] => Enabled:vnc5910
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
==================== Restore Points =========================
 
05-01-2017 13:29:08 System Checkpoint
06-01-2017 14:02:09 System Checkpoint
07-01-2017 14:25:21 System Checkpoint
08-01-2017 14:56:50 System Checkpoint
09-01-2017 15:50:28 System Checkpoint
10-01-2017 16:24:00 System Checkpoint
11-01-2017 16:51:44 System Checkpoint
12-01-2017 19:43:21 System Checkpoint
13-01-2017 20:02:14 System Checkpoint
14-01-2017 04:01:39 Software Distribution Service 3.0
15-01-2017 04:54:36 System Checkpoint
16-01-2017 05:03:31 System Checkpoint
17-01-2017 05:49:40 System Checkpoint
18-01-2017 09:06:56 System Checkpoint
19-01-2017 10:37:22 System Checkpoint
20-01-2017 11:26:28 System Checkpoint
22-01-2017 09:45:30 System Checkpoint
23-01-2017 09:57:14 System Checkpoint
24-01-2017 17:08:55 System Checkpoint
25-01-2017 17:41:00 System Checkpoint
28-01-2017 09:15:19 System Checkpoint
29-01-2017 11:29:01 System Checkpoint
30-01-2017 21:50:30 System Checkpoint
01-02-2017 07:45:24 System Checkpoint
02-02-2017 08:28:28 System Checkpoint
03-02-2017 08:49:30 System Checkpoint
04-02-2017 10:25:57 System Checkpoint
05-02-2017 10:38:31 System Checkpoint
06-02-2017 11:12:03 System Checkpoint
07-02-2017 16:06:14 System Checkpoint
08-02-2017 16:12:03 System Checkpoint
10-02-2017 09:51:43 System Checkpoint
11-02-2017 10:50:34 System Checkpoint
12-02-2017 11:19:49 System Checkpoint
13-02-2017 12:57:01 System Checkpoint
14-02-2017 13:53:03 System Checkpoint
16-02-2017 15:51:35 System Checkpoint
18-02-2017 06:58:03 System Checkpoint
19-02-2017 17:41:41 System Checkpoint
20-02-2017 20:54:03 System Checkpoint
22-02-2017 04:26:48 System Checkpoint
23-02-2017 05:11:38 System Checkpoint
25-02-2017 10:50:53 System Checkpoint
26-02-2017 11:07:59 System Checkpoint
27-02-2017 12:08:00 System Checkpoint
01-03-2017 11:40:11 System Checkpoint
02-03-2017 12:34:24 System Checkpoint
03-03-2017 15:01:39 System Checkpoint
05-03-2017 05:36:27 System Checkpoint
06-03-2017 09:10:46 System Checkpoint
07-03-2017 18:08:33 System Checkpoint
08-03-2017 18:28:49 System Checkpoint
09-03-2017 19:45:07 System Checkpoint
10-03-2017 19:54:23 System Checkpoint
12-03-2017 00:46:01 System Checkpoint
13-03-2017 10:16:33 System Checkpoint
14-03-2017 13:31:34 System Checkpoint
15-03-2017 13:35:36 System Checkpoint
16-03-2017 13:36:44 System Checkpoint
17-03-2017 14:07:34 System Checkpoint
18-03-2017 03:03:58 Software Distribution Service 3.0
19-03-2017 03:18:43 System Checkpoint
21-03-2017 10:28:04 System Checkpoint
22-03-2017 11:03:36 System Checkpoint
23-03-2017 11:42:51 System Checkpoint
24-03-2017 17:11:16 System Checkpoint
25-03-2017 17:13:17 System Checkpoint
27-03-2017 09:38:29 System Checkpoint
29-03-2017 18:46:42 System Checkpoint
30-03-2017 19:41:19 System Checkpoint
01-04-2017 02:53:55 System Checkpoint
02-04-2017 10:28:27 System Checkpoint
03-04-2017 11:44:47 System Checkpoint
04-04-2017 16:47:46 System Checkpoint
05-04-2017 06:43:03 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/25/2017 02:15:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]
 
Error: (03/25/2017 02:14:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00029f07.
Processing media-specific event for [explorer.exe!ws!]
 
Error: (03/18/2017 06:00:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module shell32.dll, version 6.0.2900.6242, fault address 0x0002b2b4.
Processing media-specific event for [explorer.exe!ws!]
 
Error: (02/04/2017 09:48:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application Photoshop.exe, version 7.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (10/30/2016 10:52:56 AM) (Source: JavaQuickStarterService) (EventID: 1) (User: )
Description: Could not register service with the service manager: StartServiceCtrlDispatcher failed (error 1063)
 
Error: (10/22/2016 04:47:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (10/22/2016 04:46:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]
 
Error: (10/22/2016 04:46:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00029f07.
Processing media-specific event for [explorer.exe!ws!]
 
 
System errors:
=============
Error: (04/05/2017 06:43:14 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Pml Driver HPZ12 service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/05/2017 06:43:13 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/05/2017 06:43:10 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The AVG WatchDog service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (04/05/2017 06:43:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CrossLoop Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/05/2017 06:43:10 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The AVG Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (04/05/2017 06:43:10 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The AOL TopSpeed Monitor service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (04/05/2017 06:43:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AOL Connectivity Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/05/2017 06:31:42 AM) (Source: System Error) (EventID: 1003) (User: )
Description: Error code 000000fe, parameter1 00000004, parameter2 8a360008, parameter3 8a4604cc, parameter4 00000000.
 
Error: (04/05/2017 06:30:17 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
Access is denied.
 
Error: (04/05/2017 06:30:16 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
Access is denied.
 
 
 
 = = = = = = = = = = = = = = = = = = = =   M e m o r y   i n f o   = = = = = = = = = = = = = = = = = = = = = = = = = = =   
 
 
 
 P r o c e s s o r :   G e n u i n e   I n t e l ( R )   C P U   T 2 0 5 0   @   1 . 6 0 G H z 
 
 P e r c e n t a g e   o f   m e m o r y   i n   u s e :   6 4 % 
 
 T o t a l   p h y s i c a l   R A M :   2 0 3 8 . 0 4   M B 
 
 A v a i l a b l e   p h y s i c a l   R A M :   7 3 1 . 4 9   M B 
 
 T o t a l   V i r t u a l :   3 4 1 1 . 8 3   M B 
 
 A v a i l a b l e   V i r t u a l :   2 0 7 7 . 5 8   M B 
 
 
 
 = = = = = = = = = = = = = = = = = = = =   D r i v e s   = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = 
 
 
 
 D r i v e   c :   ( )   ( F i x e d )   ( T o t a l : 7 4 . 5 2   G B )   ( F r e e : 3 3 . 1 2   G B )   N T F S   = = > [ d r i v e   w i t h   b o o t   c o m p o n e n t s   ( W i n d o w s   X P ) ] 
 
 
 
 = = = = = = = = = = = = = = = = = = = =   M B R   &   P a r t i t i o n   T a b l e   = = = = = = = = = = = = = = = = = = 
 
 
 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = 
 
 D i s k :   0   ( M B R   C o d e :   W i n d o w s   X P )   ( S i z e :   7 4 . 5   G B )   ( D i s k   I D :   6 4 7 E 6 4 7 E ) 
 
 P a r t i t i o n   1 :   ( A c t i v e )   -   ( S i z e = 7 4 . 5   G B )   -   ( T y p e = 0 7   N T F S ) 
 
 = = = = = = = = = = = = = = = = = = = =   E n d   o f   A d d i t i o n . t x t   = = = = = = = = = = = = = = = = = = = = = = = = = = = =


#13 Jo*

Jo*

  • Malware Response Team
  • 3,293 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:37 PM

Posted 05 April 2017 - 06:57 AM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt


 
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1229272821-746137067-682003330-1003\...\Run: [Zoom] => [X]
GroupPolicy: Restriction ? <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1229272821-746137067-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1229272821-746137067-682003330-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
S4 IntelIde; no ImagePath
EmptyTemp:
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST / FSRT64 again as Administrator like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.


How the computer is running now?

Edited by Jo*, 06 April 2017 - 02:05 AM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#14 StuPedMe

StuPedMe
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 05 April 2017 - 11:53 PM

hmmm

 

AlternateDataStreams: C:\Documents and Settings\Judy\My Documents\r017-Map3383-WhitesideWashington (88-41) (1).pdf:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

 
Whiteside maps are historical maps.  Sure hope you did not remove any of those maps in previous steps??  
 
Please remove the Whiteside maps items in the Washington folder, so I can run the fix.  OR please let me know this item will not be removed. 

Edited by StuPedMe, 06 April 2017 - 12:05 AM.


#15 Jo*

Jo*

  • Malware Response Team
  • 3,293 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:37 PM

Posted 06 April 2017 - 02:06 AM

Please remove the Whiteside maps items in the Washington folder, so I can run the fix.  OR please let me know this item will not be removed.

Removed.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users